News Stay informed about the latest enterprise technology news and product updates.

NetWars CyberCity missions to improve critical infrastructure protection

The SANS Institute NetWars CyberCity aims to boost critical infrastructure protection and incident response in a unique training environment.

Whether or not you subscribe to the notion that a potentially cataclysmic cyberwar is just around the corner, the need to train people to defend systems that control our nation's critical infrastructure is inarguable.

We hear about breaches and espionage a lot, which focus on data theft … While that's certainly a concern, controlling computer systems can have even larger stakes.

Ed Skoudis,
director, NetWars CyberCity

To that end, the SANS Institute has announced the debut of NetWars CyberCity, a hands-on training program designed to instruct today's cyber-warriors on providing critical infrastructure protection. It is designed as a series of drills to improve the skills required to defend critical networks and secure the physical infrastructure against attacks.

The SANS Institute originally initiated NetWars about two years ago with the intent to develop a pool of thousands of highly skilled cybersecurity practitioners by providing advanced training opportunities for high school and college students. The Department of Defense, recognizing that cyber permeates every aspect of a modern military, soon took an interest in the initiative, and now both the Air Force and Army have implemented aspects of the program.

"A few years ago, the U.S. military defined 'cyber' as a domain for war fighting, sitting alongside land, sea, air and space," said Ed Skoudis a SANS Instructor and NetWars CyberCity director, in an interview with SearchSecurity. "The cyber-domain is quite special, in that if you don't control the cyber-domain today, you will not long control the other domains. Without controlling your computers, you lose command and control over your kinetic assets and forces. Cyber is really one domain to rule them all. CyberCity is built to illustrate that concept."

The addition of the CyberCity trainings gives NetWars participants the opportunity to put theory into practice and objectively test their network defense skills in a real-world style simulation similar to that of a functioning municipality.

"The physical city itself is 6 feet by 8 feet in size, and is zoned into four quadrants: residential (with houses), commercial (with a coffee shop, hospital and bank), industrial (with a power company and chemical plant), and military (with a landing strip, barracks and rocket launchers)," Skoudis explained.

Skoudis said the NetWars CyberCity was specifically designed by SANS to illustrate the concept that cyber-actions can have a kinetic impact. When most people think about computer attacks they dwell on unauthorized access to systems and the sensitive data they hold, but CyberCity was designed with something bigger in mind.

"We hear about breaches and espionage a lot, which focus on data theft," Skoudis said. "While that's certainly a concern, controlling computer systems can have even larger stakes."

In the CyberCity exercises, warriors engage in a series of missions, each with a specific set of goals that they must achieve by remotely compromising computer systems. The training facility includes five streaming video cameras so that participants and spectators can see the action in real time, and each mission is designed to result in a visible kinetic change in the city's operations.

"The missions illustrate scenarios drawn from real-world concerns of military, government, utility company and commercial organizations. For example, one mission involves terrorists taking over the computers of the power company, shutting down the power to cause a blackout, and reconfiguring the computers so that utility company personnel cannot get back in to turn the lights on. Cyber-warriors in this mission need to hack into the power company with the goal of turning on the lights," Skoudis explained. "Another mission involves stopping bad guys from contaminating the CyberCity water reservoir."

Other aspects of the CyberCity setup include an Internet service provider (ISP) complete with routers and switches, a traffic system with Web-controlled stop lights, and a train that can be caused to derail in some of the training missions. The entire network for CyberCity is broken into three primary parts, according to Skoudis.

"Our architecture includes the kinetic city itself along with a group of computers we call 'Little Iron' [that] are the machines that directly control the kinetic components, as well as the so-called 'Big Iron', which are the larger virtualization servers on the back-end, which interface with Little Iron and run the servers of the bank, the hospital, the power company and more," Skoudis said.

While the notion of a miniature model of a city for cyber-warriors may appear somewhat ludicrous at first glance, creating a simulated city infrastructure for training purposes is anything but a bad idea, according to Richard Stiennon, chief research analyst for Birmingham, Mich.-based IT Harvest and author of Surviving Cyberwar.

"Most real-world security practitioners learn cyber-defense on the job or have grown up poking around in cyberspace. So who needs a model when the vast Internet is available?" Stiennon quipped. "But training neophytes in a contained environment is a great start before releasing them into government networks. I highly recommend that the military academies adopt this type of hands-on training as part of their core curriculum."

The first CyberCity training sessions will commence in December, and additional training missions will be made available as they are completed. The NetWars CyberCity program is expected to be completed by March of next year. The trainings are available for organizations in the government, military and private sector. For more information about the opportunity to participate in the NetWars trainings, interested parties can contact the SANS Institute at or visit the NetWars website.

About the author:
Anthony M. Freed is an information security journalist and editor. You can find him tweeting about security topics on Twitter @anthonymfreed.

Dig Deeper on Information Security Incident Response-Information

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.