Cyber Range: Educating CyberwarriorsTraining IT Security Pros to Walk the Walk
"We have a responsibility to put out people who master the skill and not just talk about the skills," says Alan Paller, research director at the SANS Institute, an IT security education organization.
And, he says, one of the more effective ways of assuring that those being trained in IT security have those hard skills is through programs that simulate the dark world of cyber and the threats that bedevil organizations.
In the military, having confidence is those doing the job is vital to safeguard the systems designed to safeguard a nation.
The Air Force Force's 39th Information Operations Squadron is such an organization. Located at Hurlburt Field, Fla., the squadron is the Air Force's principal cybersecurity training unit, conducting intermediate and advanced training to provide mission-ready cyberwarriors.
SANS on Friday awarded the squadron the 2011 U.S. National Cybersecurity Innovation Award for its innovative use of a realistic cyber range woven into in the training of military personnel in cybersecurity.
According to SANS, the Air Force made a breakthrough when it moved its program away from the common overreliance on classroom training and instead deployed a cyber range where students can fight in cyberspace every day, testing and honing their new skills and improving their impact. "It's mastery; it's not answering a question in quiz," Paller says. "Can I take over the machine; can I defend the machine?"
Each student conducts defensive cyber operations against real-time network attacks in controlled training scenarios. In the simulations, students use a graduated set of hands-on skills to find hidden flags, analyze security flaws, remotely access other computers within the network, analyze evidence to determine attacker activities and defend their networks as they move to the next level of exercise
The cyber range also measures advances students make in their IT security education.
Many of the Air Force personnel trained at the cyber range have IT and telecom know-how but not necessarily cybersecurity experience. So, as soon as they begin the program, they're tested on the cyber range so their progress can be measured. Having such a metric is essential to the commanders charged with securing critical military and warfighting systems. That's because in the military, having confidence is those doing the job is vital to safeguard the systems designed to safeguard a nation.