I’d like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012. But before I do, I’d like you to reflect on a few questions that we have been thinking long and hard about in Michigan over the past eighteen months.
With the “bad guys” getting better and America probably outgunned in cyber, where can business and government cybersecurity teams go to learn how to defend against complex cyber attacks?
Knowing that over 80% of critical infrastructure is owned and operated by the private sector, who is working to answer important cyberdefense questions across all layers of government, business and academia?
How do private sector utilities apply best practices to prevent critical infrastructure like our new smart grid from being manipulated inappropriately?
What test & research facilities are quipped and available to simulate different advanced malware attack scenarios – without impacting operational networks? Is there a way to bring together world-class training, virtual connectivity, public/private partnerships, available expertise and computer software/hardware reuse into a state-of-the-art cyber lab in order to allow all sectors of the economy to work together and achieve common security goals?
Can these stories about major security breaches lead to new career opportunities for our young people regarding cyberdefense in a wide variety of industries? Assuming yes, how can we make it happen?
What skills and real-world experience is needed for future cyber jobs? How can we assist our K-12 schools, community colleges, universities and continuing education programs in building these competencies?
Many of the roads that lead to the answers to the above questions converge at our Michigan Cyber Range that is being run by Merit Network, Inc. in Ann Arbor. To get a sense for the concept, check out this video that we highlighted at the beginning of the cyber range launch on Friday.
What is a Cyber Range?
Almost everyone has heard of a gun range, where people can practice shooting targets under a variety of conditions. Similarly, a “proving ground” has long been established to test and train on military equipment. One example is Aberdeen Proving Ground.
In the same way, a cyber range is a facility that can be used to test and train as individuals and teams on a variety of computer security equipment. A National Cyber Range was set up by the Defense Advanced Research Projects Agency (DARPA) as a national defense testbed for critical security research. But these facilities are classified and used for military personnel at classified levels. What about the businesses and governments around the country that must defend their networks from attack without secret networks?
As stated by the Governor, DTMB Director John Nixon, CIO David Behen and others at our launch, the Michigan Cyber Range enables individuals and organizations to develop detection and reaction skills through simulations and exercises. The program offers students and Internet technology professionals a full curriculum of meetings and workshops as well as critical cybersecurity training and awareness tools.
Critical areas that will benefit from the creation of the Michigan Cyber Range include: Infrastructure defense, Homeland Security, criminal justice and law enforcement, academic and educational programs, and small and medium businesses.
Michigan Cyber Range Development
In the late spring and summer of 2011, Michigan Governor Rick Snyder brought together a diverse group of technology, security and business experts from across multiple sectors in Michigan to answer the questions listed above as a part of a formal Michigan Cyber Initiative. The answers to the opening questions started to take shape last October at our 2011 Michigan Cyber Summit. At the same time we launched a new consolidated security team that brought together physical and cybersecurity within Michigan State Government.
Side note: many details of these broader Michigan security efforts are chronicled in this National Association of Chief Information Officers (NASCIO) award submission under the category of security and privacy. As a follow-up to the Cyber Summit last year, we also completed our statewide 2012 Cyber Breakfast Series this past week. For these security leadership efforts, Governor Snyder was recently recognized by Symantec with this national award.
Meanwhile, much more was going on behind the scenes. While we alluded to the benefits of a cyber range as well as a need for these new cybersecurity resources at a variety of events over the past year, we were quietly working behind the scenes to build the Michigan Cyber Range with support from the public and private sector. We were encouraged by our meetings in Washington D.C. with representatives from the National Institute of Standards & Technology (NIST), the U.S. Department of Homeland Security (DHS), the U.S. Department of Energy and others. We worked with others as we examined the case for a new enterprise cyber range.
Teams of technology leaders from within government, the private sector and academia met with companies from around the state and country over the past year to encourage support of these cybersecurity efforts, and the response was very positive.
The State of Michigan issued a Request for Proposal through the Michigan Economic and Development Corporation (MEDC) to determine who should run this critical public/private effort, and Merit Network, Inc. was chosen. Merit is a nonprofit, member-owned organization formed in 1966 to design and implement a computer network between public universities in Michigan.
The founding members of the Michigan Cyber Range, along with many other companies that hope to support the range in the near future, are excited that the necessary support was achieved in about one year.
What Happened at the Launch?
Friday’s launch event in Ann Arbor, which was attended by government, business and academic leaders from all over Michigan, included speeches from Governor Snyder, Merit President & CEO Don Welch and U.S. Department of Homeland Security Acting Director of Acting Director Critical Infrastructure Cyber Protection & Awareness, Carlos Kizzee. Introductions and recognition of key sponsors were offered by DTMB Director John Nixon and State CIO David Behen. Also attending, but not speaking, was U.S. Department of Energy CISO, Gil Vega.
After the opening comments and ceremonies, the Governor cut the ribbon on the cyber range, with the sponsors participating in photos and short presentations by students and experts on the cyber range plans and capabilities.
The launch of our new Michigan Cyber Range was covered by numerous media outlets around the Great lakes region and the country. Here is a small sampling of the media coverage we received on the cyber range launch:
Detroit TV 20 video: Protecting Our Networks
Emergency Management Magazine: Michigan Launches 'Cyber Range' to Enhance Cybersecurity
Ann Arbor Journal: Gov. Rick Snyder attends opening of Michigan Cyber Range
Oklahoma News: Gov. launches cyber security training facility
The Republic, Columbus, Indiana: Mich. governor launches opening of Michigan Cyber Range to detect, prevent electronic threats
Wish TV.com: Gov. launches cyber security training facility
So What’s Next?
The reality is that this is just the beginning of a long cyber journey. This new capability and resource will enable an entirely new set of answers and more questions regarding cyberdefense. While we believe that this cyber range is unique and essential to fight and win current and future cybersecurity battles, we plan to partner with other cyber ranges such as the DETER Project. Could this become the “Great Lakes” Cyber Range? Only time will tell.
But for now, it is enough to say: “Welcome, come in and explore the new Michigan Cyber Range.” Students will interact on the range through classes and programs at many Michigan Universities. Companies and government teams will connect through virtual private networks (VPNs) that will connect to the range and by visiting range facilities in person.
If you’d like more information or want to know how get involved, please contact Merit Networks at: http://www.merit.edu/cyberrange/contact.php.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.