Michigan Cyber Range

Don WelchMerit Network

Agenda Problem Merit’s

Contribution to the Solution

Opportunities to Participate

Critical InfrastructureAgriculture and Food Banking and Finance Chemical

Commercial Facilities

Communications Critical Manufacturing

Dams Defense Industrial Base

Energy

Healthcare and Public Health

Information Technology

Nuclear Reactors, Materials and Waste

Postal and Shipping Transportation Systems

Water

Defense Industrial Base

Emergency Services Government Facilities

National Monuments and Icons

Dams Nuclear Reactors, Materials and Waste

Risk Confidentially

l 2011 Sony 101,000,000 through two attacks one lawsuit $1 Billion CD

l 2012 Tricare $4.9 Billion USDl 2012 Utah Medicaid 78,000 accounts l Aug 2012 University of South Carolina

34,000 peoplel Aug 2012 Oxford and Cambridge

Integrityl 2010 Stuxnet destroyed Iranian

centrifuges Availability

l 2009 Twitter denial of service attackl 2012 WikiLeaksl Aug 2012 AT&T DNS l Aug 2012 RasGas

Risk

Industrial-Control Systems (ICS)

l Supervisor Control and Data Acquisition (SCADA)

Cyber-Attack Threat “Cyber-Attacks Are the Biggest

National Security Threat.”l Leon Panetta

“My greatest fear is that, rather than having a cyber –Pearl Harbor event, we will instead have this death of a thousand cuts.”

l Richard Clarke “Catastrophic Cyber Attack

Possible”l Hon. Mike Rogers

“The worst part of my job is what I know.”

l Mike Macedonia

Militia?Colonial Era: Militia supplemented the provincial

Forces to provide defense and public safety

Developing an Effective Militia

Marksmanship Fieldcraft Organization

Cyber Defense - Crawl Technical Skills

l Understand communication links

l Operating systemsl Applicationsl Security fundamentals

Cyber Defense - Walk Understand

attacksl Vulnerabilitiesl Types of attacksl How to attack

Understand Defense - Walk

Cyber Defense - Run Learn how to

defendl Understand system

vulnerabilitiesl Assess the riskl Mitigate the riskl Adapt – outthink the

adversary Work as a team

Experience – OJT?

Experience Safe environment Live opponent As a team Properly

structured exercise

High quality feedback

Mission The mission of the Michigan Cyber

Range is to provide a state-of-the-art unclassified facility and program for world-class cybersecurity training and education.

The Michigan Cyber Range will be a center of excellence in how to best prepare people to defend our Nation’s critical infrastructure.

The Michigan Cyber Range will also be a center of excellence in cybersecurity.

Description An unclassified physical facility that is overlaid on

the Merit Network with safe access facilities Initially 2 sites, each with the ability to support 1000

nodes each, but scalable to much larger configurations

Using virtualization, and actual systems the Range will be capable of modeling very complex networks

Nodes are servers, PCs, network security systems and other network enabled devices

A cybersecurity program that serves education, private industry, the national guard and government individuals and organizations

NIST NICE National Institute of

Standards and Technology

National Initiate for Cybersecurity Education

l Knowledge, Skills and Abilities (KSA) and tasks for IT staff functions

l Translates nicely to learning objectives

Build lessons, courses and training from these KSAs

Users Education

l Higher Education uses the Range as a regular component of course work

l Research platforml Special K-12 programs, and

competitions Commercial

l Operators l Ex: Utilities, Manufacturing,

Finance, Health Carel Vendors

l Hardware, Software and Security

Governmentl Federal, State, Locall National Guard

Architecture Runs over the Merit Network

l Separate from the production network Initially 2, scalable to 10 sites with each site composed of

l Management Rack and 1-10 Range Racks per sitel Test Rack for non-standard equipmentl Each Range Rack can host up to 1000 virtual machinesl Virtual machines are: virtual servers, workstations, devices, switches, routers, etc.

Openflow switchesl Uses layers to create specified network

configurationsl Allows for simultaneous usel Out of band control layer and

monitoring layer Traffic

l Packet generationl Replayl Mirrored traffic

Architecture Scenario Builder:

CyberSMART – Utah State

l Research, Organize, Create and Edit an exercise scenario

l Matched with specific objectives

l Guided and collaborative planning process

Exercise Engine SAIC: CyberNEXS

l More than keeping score: what really happened?

Range Map

Initial Site and Access Classroom Eastern Michigan University

Initial Site and Access Classroom Kellogg ANG Base

Additional Site/Classroom Camp Grayling

Additional Site/Classroom Ferris State University

Initial Access Classroom Merit Network

Use Cases Platform as a Service

l Secure sandboxl Toolsl Libraries

Turnkeyl A complete course/exercise

ready for execution Training

l Crawl, Walk and Run level training

l Complete training experience – with a Red Team

l Structured and instrumented to achieve specific learning objectives

Access Residential

l Access from a secure facility Blended

l Access from remote facilities with constraints Distance

l Unrestricted secure access

Partnerships Federal

l NIST, DHS, DoE, State

l Governor, Michigan State Police, Department of Technology Management and Budget, Michigan National Guard

Educationl Universities, Community

Colleges, K-12 Industry

l Users: Utilities, IT Service Providers, Financial, Health Care

l Vendors: Security, Hardware, Software

Time Line 2012

l Initial fundingl Executive Director hiredl Construction startedl Staff hiringl Curriculum developed

2013l First training sessionl Used by EMUl Expanded trainingl Event programl Additional educational institutions

2014l New training facilityl Add educational institutions, capacity

and training events 2015

l Full training portfoliol Self-sustaining

Summary Cybersecurity is one of the major security

challenges facing the nation The majority of these challenges will be met

by civilians working for private companies Effective preparation demands

l Exercises against live adversaries in a safe but realistic environment

l Working as a team, preferably the company teaml Continually building upon knowledge and experience

Based on a public-private partnerships Operational January 2013 May become a NET+ Service

Questions?