When he opened the email, Gunny Smith thought it was just junk mail and inadvertently activated the embedded malware that attacked his computer, as well as the entire office’s cyber defenses.
Three system engineers discovered that the new Department of Defense (DoD) standard desktop operating system generated false intruder alerts.
An employee using his DoD computer accidentally downloaded a zero-day exploit by clicking on a sports website URL, while surfing the Internet during his lunch break.
A military service member clicked on a URL embedded in an email from an unfamiliar source and unknowingly downloaded the Conficker worm remote-access Trojan virus onto the DoD network.
Could any of these scenarios occur in your organization? How do you defend against security risks? What other threats keep you up at night? Unfortunately, these are not just scenarios, they are real-world, real-time threats that occur regularly on DoD networks. The bad guys are smart and computer savvy — and they are scheming to bring down DoD cyber defenses even as you read this article.
To defend and combat against potential threats to DoD networks, the DoD Cyber Information Assurance Range (Cyber Range) was developed to test, train and educate the DoD workforce.
We Train as We Fight
The DoD Cyber (IA) Range is a realistic network environment that is a simulation of operational networks and is used to safely test capabilities and train DoD personnel on how to prevent and defend against network intrusions. The Cyber Range, which replicates Global Information Grid (GIG)
characteristics, supports IA, computer network defense (CND), and other DoD cyber requirements derived from the strategy for net-centricity and the Comprehensive National Cybersecurity Initiative (CNCI) of 2008, which mandated the creation of a dedicated test bed to increase the security of DoD networks and expand cyber education within the department.
The Cyber Range allows testing for the full range of network operations, as well as CND, IA, exploitation and attack cyber events. The Cyber Range supports the testing and evaluation of new capabilities; immersive training; tactics, techniques and procedures development and validation;
system interoperability and integration testing; operational and developmental testing; and certification and accreditation processes.
This Cyber Range, which is managed and operated by the United States Marine Corps as the executive agent, has been operating in Stafford, Va., since October 2009.
Supporting the DoD Environment
The Cyber Range removes the risk to operational networks by allowing the affects of cyber training and testing to be fully realized in a closed, realistic, network environment identical to the cyber work environment.
The Cyber Range is a persistent environment that is maintained by network professionals and is available to DoD customers at little to no cost. DoD customers who require a realistic network environment do not have to fund, design, purchase and build an environment for a single purpose.
Access to the Cyber Range can be obtained by several secure transport methods from the customer’s base station; thereby, reducing or eliminating the travel costs associated with traditional test, train and exercise events.
Additionally, there are no direct costs to customers, unless they define a specific requirement that is not currently incorporated into the Cyber Range. In that case, customers can provide a hardware device or software application for the Cyber Range staff to integrate into the Cyber Range
construct. Customers can also provide funds for the Cyber Range to purchase a device on their behalf.
DoD Cyber (IA) Range Mission Support
The Cyber Range supports test, train and exercise requirements for on-site and remote connectivity training courses. It provides the capability to test and evaluate new vendor products, programs of record (PORs) and Host Based Security Systems (HBSS). It hosts technology emonstrations and experimentation; training events for students supporting Defense Information Systems Agency enterprise and service specific training; and informal, hands-on, rapid experience
training, allowing cyber defenders more time on their tools. Customers can also conduct a pre-deployment exercise or a limited cyber exercise supported and hosted on the range. See Table 1 for a record of the missions completed by the Cyber Range as of April 13, 2012. Although Cyber Range
staff is extremely busy supporting customers from across the DoD, they are eager to support more customers because they understand the need for the robust testing and training environment that the Cyber Range provides.
The Cyber Range staff does not perform testing, conduct the training or guide the exercises. Rather, they provide the environment for the testers, instructors and exercise coordinators to conduct their events in a realistic environment. Figure 1 lists the services and logical and
physical attributes of the Cyber Range.
As evidenced in Figure 1, the capabilities, tools and support that the Cyber Range provides, and the growing awareness in the DoD and intelligence community of the range and its successful mission accomplishments, make it a ready-made solution for the Navy’s cyber program.
Using the Cyber Range is a viable solution for any program because it ensures responsible fiscal stewardship and avoids duplicating existing capabilities. The DON Chief Information Officer released a memo, Feb. 1, “Department of the Navy Cyber Range Policy Guidance,” which states that
it is the DON CIO’s intent to consolidate and conduct the Navy’s and Marine Corps’ cyber training, exercises, and test and evaluation events by leveraging the capabilities of the DoD Cyber (IA) Range. The policy is located on the DON CIO website at: www.doncio.navy.mil/PolicyView.aspx?ID=3744.
Cyber Range Kudos
Marine Corps Intelligence Activity (MCIA) Technical Surveillance Team (TSCM) (July 2011): (Exercise Objective: Provide a summary of the use of the DISA information assurance (IA) test ranges for the purpose of testing TSCM platforms and the training of new and existing TSCM personnel.)
"The design of the range environment allowed our team to adequately train on our gear in a non-mission environment that looked believable."
"New Product" Evaluation (May 2011): (Exercise Objective: This product was evaluated to assess the IA posture of the system; assess operational effectiveness based on how it might be used; evaluate network performance, scalability and resiliency; and to assess the computer network defense (CND) effectiveness of its architecture and mechanisms.)
"This is the most cost-effective way of doing business. Tier One environment without the shortcomings of operational factors like scheduling, testing and illusive separations between testing and production environments that normally handicap many day-to-day business missions and operations."
(March 2012) The DoD Cyber Range was recently recognized by DoD program managers as instrumental in the success of a recent Joint Capability Technology Demonstration of emerging
computer security technology. The customer chose the Cyber Range for its ability to customize a particular defensive tool used for specific types of computer malware, which can be tested on a non-operational network. The Cyber Range provided a realistic Internet environment with both friendly
and adversarial actors to demonstrate the latest capabilities to protect computers against a variety of Internet-based attacks.
For more information on how the DoD Cyber Range can support DoD testing, training and
exercise requirements, email the customer management team at IARangeCMT@itsfac.com.
Neil Gaudreau is the engineering & compliance branch head, Headquarters Marine Corps C4 Department, Cybersecurity Division. Jeffrey Combs is the Navy/Marine Corps, DoD Cyber (IA) Range program manager.