The Case for Cyber Ranges – Part 1
I am a kind of unique nerd. I’m a nerd at heart but I also LOVE golf! I know, golf is not your typical nerd game. I have never played a video game before in my life, I have never watched an entire episode of Star Trek, and I have never seen an entire Star Wars movie. OK, maybe I’m more of a security nerd.
I have been involved in security for more than a couple of decades, first when I served in the Air Force using mainframes and punch cards. OK, kids, punch cards are these things… never mind! I witnessed the security and intrusion detection market take off and trained on all related security technologies: IDS, firewalls, VPN. But today it just occurred to me – it feels like that organizations are trying to buy security. Just like golfers try to buy a game. Let me explain.
If you want to see an industry where technology has changed it, just look at golf. When I started playing golf, we used small, wooden-headed drivers and irons that had the sweet spot of a dime. Now, golf clubs practically swing themselves! The driver heads are large and metal – how can you not hit that small ball hundreds of yards? And some club companies come out with new equipment every couple of months, tempting golfers into the latest and greatest equipment in hopes of lowering that score. However, even with new and better equipment why has the average handicap of the golfer remained the same for the past 30 years? Because it’s NOT the arrow – it’s the Archer! (Old golf saying)
And I say this is the same thing going on in the security industry. We keep seeing new and innovative technologies for us to use to better our security. And yet, compromises still happen. Day after day, month after month, year after year. We hear and see headlines every day about some sort of compromise – small to large. While technology is great and is absolutely needed, it’s time to invest where the problem sits – on PEOPLE!
People have been and will continue to be the problem. It’s why we hear all the time that people are the weakest link. Why do phishing attacks still work? Because it takes an unwitting person. Why does it take an average of over 200 days to detect an attack? Is it because of technology? No, our technology “sees” what is going on, but it takes a person, someone who has been through the fray to put the pieces together to detect, respond, and mitigate. We need to prepare people in the most realistic way possible, using cyber ranges with realistic application traffic, mixed with real security threats. People that know what a command-and-control botnet looks like, people who have dealt with denial of service before. We need prepared people.
What we need are people who Train Like They Fight!