Cyberwar demands more teamwork and less theory
With virtually every cybernetwork in the world in jeopardy of attack, has positioned itself over the last three years to cash in on the escalating need to be prepared for digital disaster.
A program here is training teams of cyberwarriors for companies, government agencies and military organizations that want an in-house defense capability. That can be done at Elbit's facilities, or the company can provide a customer with the system, build the facilities and provide trainers for those that want a turnkey, in-house facility.
The key institution is a cyber-range that combines a training facility with a cyberlaboratory. The range is used both to training cyberworkforces to cope with different types of known attacks. At the same time, it can be used by Elbit to test and evaluate new technical solutions to both defense and attack.
“It is an isolated environment, so that you can inject new attacks into it without fear of risking the production environment,” says Eran Barak, a product manager for Elbit's intelligence and cybersolutions group. “It was a prototype and now it is a mini-system. We have an infrastructure that simulates customer networks and we have the tools to train Blue Team defenders.”
There are hints that offensive skills are not completely ignored. Scouting of other people's networks is not part of the business, he says but the difference between scouting and trying to penetrate a network is not very great. Similar principles are used for both, so trainers concentrate on defending against scouting and penetration using known attacks that can be found in open literature.
Bucking the trend of teaching cyberwarfare theoretically, the company's objective is to search out customers that want hands-on training. It then provides the White Team trainers and the Red Team attacker, although the latter is a human-free capability.
Elbit teamed with the U.S.-based Breaking Point cyber-security company, which developed a new traffic generator engine that has been integrated into the cyber-range, Barak says. It operates automatically to inject attacks into the simulation structure. The training network was designed as an open, generic and modular system that accepts off-the-shelf products.
The company only offers courses for cyberdefense Blue forces, but those teams can train and re-train in several areas, including advanced courses for cyberattack. Once the students cope with an attack, they are debriefed to check skill levels. The trainers then develop a new plan—using a Network Management System—to inject customized scenarios that reflect individual training needs.
“It's a scalable process,” Barak says. “A scenario can take 1-2 hours or a day. It depends on the skill levels that customers bring with them. We recommend teams of four people with a commander and a person each responsible for the database, the active directory of emails and network administration because we want to check the teamwork.”
Elbit embraces the philosophy that the best hacking and network defense is conducted by closely knit groups of specialists, not the lone-wolf cyberwhiz.
“You have to find people who can work together because teamwork is more difficult in the cyberenvironment than on the battlefield. Attacks are dynamic and you never know where they are going to come from,” Barak says. “The main threats [today] are coming more from a national level, so you need to build an infrastructure [of cooperating teams] for cyberwarfare.
“A team can have a mix of experience, but usually you work with people who are at the basic level of training,” Barak continues. “We are seeing teams coming back for more sophisticated training. We can provide the capability as training or as a service.”
The training system can generate traffic immediately with many kinds of protocols and then inject the scenario into the simulation network. Trainees can put new rules into the firewall so they cannot be attacked again from the same IP address. They can jump between events, see all the recorded data and compress time between events.
Elbit uses two business models: professional services for training people at its facilities on a generic network, or a turnkey project for which it creates the system, builds the facility and trains the trainers.