michigan cyber range don welch merit network. agenda l problem l merit’s contribution to the...
TRANSCRIPT
Michigan Cyber Range
Don WelchMerit Network
Agenda Problem Merit’s
Contribution to the Solution
Opportunities to Participate
Critical InfrastructureAgriculture and Food Banking and Finance Chemical
Commercial Facilities
Communications Critical Manufacturing
Dams Defense Industrial Base
Energy
Healthcare and Public Health
Information Technology
Nuclear Reactors, Materials and Waste
Postal and Shipping Transportation Systems
Water
Defense Industrial Base
Emergency Services Government Facilities
National Monuments and Icons
Dams Nuclear Reactors, Materials and Waste
Risk Confidentially
l 2011 Sony 101,000,000 through two attacks one lawsuit $1 Billion CD
l 2012 Tricare $4.9 Billion USDl 2012 Utah Medicaid 78,000 accounts l Aug 2012 University of South Carolina
34,000 peoplel Aug 2012 Oxford and Cambridge
Integrityl 2010 Stuxnet destroyed Iranian
centrifuges Availability
l 2009 Twitter denial of service attackl 2012 WikiLeaksl Aug 2012 AT&T DNS l Aug 2012 RasGas
Risk
Industrial-Control Systems (ICS)
l Supervisor Control and Data Acquisition (SCADA)
Cyber-Attack Threat “Cyber-Attacks Are the Biggest
National Security Threat.”l Leon Panetta
“My greatest fear is that, rather than having a cyber –Pearl Harbor event, we will instead have this death of a thousand cuts.”
l Richard Clarke “Catastrophic Cyber Attack
Possible”l Hon. Mike Rogers
“The worst part of my job is what I know.”
l Mike Macedonia
Militia?Colonial Era: Militia supplemented the provincial
Forces to provide defense and public safety
Developing an Effective Militia
Marksmanship Fieldcraft Organization
Cyber Defense - Crawl Technical Skills
l Understand communication links
l Operating systemsl Applicationsl Security fundamentals
Cyber Defense - Walk Understand
attacksl Vulnerabilitiesl Types of attacksl How to attack
Understand Defense - Walk
Cyber Defense - Run Learn how to
defendl Understand system
vulnerabilitiesl Assess the riskl Mitigate the riskl Adapt – outthink the
adversary Work as a team
Experience – OJT?
Experience Safe environment Live opponent As a team Properly
structured exercise
High quality feedback
Mission The mission of the Michigan Cyber
Range is to provide a state-of-the-art unclassified facility and program for world-class cybersecurity training and education.
The Michigan Cyber Range will be a center of excellence in how to best prepare people to defend our Nation’s critical infrastructure.
The Michigan Cyber Range will also be a center of excellence in cybersecurity.
Description An unclassified physical facility that is overlaid on
the Merit Network with safe access facilities Initially 2 sites, each with the ability to support 1000
nodes each, but scalable to much larger configurations
Using virtualization, and actual systems the Range will be capable of modeling very complex networks
Nodes are servers, PCs, network security systems and other network enabled devices
A cybersecurity program that serves education, private industry, the national guard and government individuals and organizations
NIST NICE National Institute of
Standards and Technology
National Initiate for Cybersecurity Education
l Knowledge, Skills and Abilities (KSA) and tasks for IT staff functions
l Translates nicely to learning objectives
Build lessons, courses and training from these KSAs
Users Education
l Higher Education uses the Range as a regular component of course work
l Research platforml Special K-12 programs, and
competitions Commercial
l Operators l Ex: Utilities, Manufacturing,
Finance, Health Carel Vendors
l Hardware, Software and Security
Governmentl Federal, State, Locall National Guard
Architecture Runs over the Merit Network
l Separate from the production network Initially 2, scalable to 10 sites with each site composed of
l Management Rack and 1-10 Range Racks per sitel Test Rack for non-standard equipmentl Each Range Rack can host up to 1000 virtual machinesl Virtual machines are: virtual servers, workstations, devices, switches, routers, etc.
Openflow switchesl Uses layers to create specified network
configurationsl Allows for simultaneous usel Out of band control layer and
monitoring layer Traffic
l Packet generationl Replayl Mirrored traffic
Architecture Scenario Builder:
CyberSMART – Utah State
l Research, Organize, Create and Edit an exercise scenario
l Matched with specific objectives
l Guided and collaborative planning process
Exercise Engine SAIC: CyberNEXS
l More than keeping score: what really happened?
Range Map
Initial Site and Access Classroom Eastern Michigan University
Initial Site and Access Classroom Kellogg ANG Base
Additional Site/Classroom Camp Grayling
Additional Site/Classroom Ferris State University
Initial Access Classroom Merit Network
Use Cases Platform as a Service
l Secure sandboxl Toolsl Libraries
Turnkeyl A complete course/exercise
ready for execution Training
l Crawl, Walk and Run level training
l Complete training experience – with a Red Team
l Structured and instrumented to achieve specific learning objectives
Access Residential
l Access from a secure facility Blended
l Access from remote facilities with constraints Distance
l Unrestricted secure access
Partnerships Federal
l NIST, DHS, DoE, State
l Governor, Michigan State Police, Department of Technology Management and Budget, Michigan National Guard
Educationl Universities, Community
Colleges, K-12 Industry
l Users: Utilities, IT Service Providers, Financial, Health Care
l Vendors: Security, Hardware, Software
Time Line 2012
l Initial fundingl Executive Director hiredl Construction startedl Staff hiringl Curriculum developed
2013l First training sessionl Used by EMUl Expanded trainingl Event programl Additional educational institutions
2014l New training facilityl Add educational institutions, capacity
and training events 2015
l Full training portfoliol Self-sustaining
Summary Cybersecurity is one of the major security
challenges facing the nation The majority of these challenges will be met
by civilians working for private companies Effective preparation demands
l Exercises against live adversaries in a safe but realistic environment
l Working as a team, preferably the company teaml Continually building upon knowledge and experience
Based on a public-private partnerships Operational January 2013 May become a NET+ Service
Questions?