November 12, 2012 By Dan Lohrmann
I’d like to introduce our new Michigan Cyber Range which was formally launched on Friday, November 9, 2012. But before I do, I’d like you to reflect on a few questions that we have been thinking long and hard about in Michigan over the past eighteen months.
With the “bad guys” getting better and America probably outgunned in cyber, where can business and government cybersecurity teams go to learn how to defend against complex cyber attacks?
Knowing that over 80% of critical infrastructure is owned and operated by the private sector, who is working to answer important cyberdefense questions across all layers of government, business and academia?
How do private sector utilities apply best practices to prevent critical infrastructure like our new smart grid from being manipulated inappropriately?
What test & research facilities are quipped and available to simulate different advanced malware attack scenarios – without impacting operational networks? Is there a way to bring together world-class training, virtual connectivity, public/private partnerships, available expertise and computer software/hardware reuse into a state-of-the-art cyber lab in order to allow all sectors of the economy to work together and achieve common security goals?
Can these stories about major security breaches lead to new career opportunities for our young people regarding cyberdefense in a wide variety of industries? Assuming yes, how can we make it happen?
What skills and real-world experience is needed for future cyber jobs? How can we assist our K-12 schools, community colleges, universities and continuing education programs in building these competencies?
Many of the roads that lead to the answers to the above questions converge at our Michigan Cyber Range that is being run by Merit Network, Inc. in Ann Arbor. To get a sense for the concept, check out this video that we highlighted at the beginning of the cyber range launch on Friday.
What is a Cyber Range?
Almost everyone has heard of a gun range, where people can practice shooting targets under a variety of conditions. Similarly, a “proving ground” has long been established to test and train on military equipment. One example is Aberdeen Proving Ground.
In the same way, a cyber range is a facility that can be used to test and train as individuals and teams on a variety of computer security equipment. A National Cyber Range was set up by the Defense Advanced Research Projects Agency (DARPA) as a national defense testbed for critical security research. But these facilities are classified and used for military personnel at classified levels. What about the businesses and governments around the country that must defend their networks from attack without secret networks?
As stated by the Governor, DTMB Director John Nixon, CIO David Behen and others at our launch, the Michigan Cyber Range enables individuals and organizations to develop detection and reaction skills through simulations and exercises. The program offers students and Internet technology professionals a full curriculum of meetings and workshops as well as critical cybersecurity training and awareness tools.
Critical areas that will benefit from the creation of the Michigan Cyber Range include: Infrastructure defense, Homeland Security, criminal justice and law enforcement, academic and educational programs, and small and medium businesses.
Michigan Cyber Range Development
In the late spring and summer of 2011, Michigan Governor Rick Snyder brought together a diverse group of technology, security and business experts from across multiple sectors in Michigan to answer the questions listed above as a part of a formal Michigan Cyber Initiative. The answers to the opening questions started to take shape last October at our 2011 Michigan Cyber Summit. At the same time we launched a new consolidated security team that brought together physical and cybersecurity within Michigan State Government.
Side note: many details of these broader Michigan security efforts are chronicled in this National Association of Chief Information Officers (NASCIO) award submission under the category of security and privacy. As a follow-up to the Cyber Summit last year, we also completed our statewide 2012 Cyber Breakfast Series this past week. For these security leadership efforts, Governor Snyder was recently recognized by Symantec with this national award.
Meanwhile, much more was going on behind the scenes. While we alluded to the benefits of a cyber range as well as a need for these new cybersecurity resources at a variety of events over the past year, we were quietly working behind the scenes to build the Michigan Cyber Range with support from the public and private sector. We were encouraged by our meetings in Washington D.C. with representatives from the National Institute of Standards & Technology (NIST), the U.S. Department of Homeland Security (DHS), the U.S. Department of Energy and others. We worked with others as we examined the case for a new enterprise cyber range.
Teams of technology leaders from within government, the private sector and academia met with companies from around the state and country over the past year to encourage support of these cybersecurity efforts, and the response was very positive.
The State of Michigan issued a Request for Proposal through the Michigan Economic and Development Corporation (MEDC) to determine who should run this critical public/private effort, and Merit Network, Inc. was chosen. Merit is a nonprofit, member-owned organization formed in 1966 to design and implement a computer network between public universities in Michigan.
The founding members of the Michigan Cyber Range, along with many other companies that hope to support the range in the near future, are excited that the necessary support was achieved in about one year.
What Happened at the Launch?
Friday’s launch event in Ann Arbor, which was attended by government, business and academic leaders from all over Michigan, included speeches from Governor Snyder, Merit President & CEO Don Welch and U.S. Department of Homeland Security Acting Director of Acting Director Critical Infrastructure Cyber Protection & Awareness, Carlos Kizzee. Introductions and recognition of key sponsors were offered by DTMB Director John Nixon and State CIO David Behen. Also attending, but not speaking, was U.S. Department of Energy CISO, Gil Vega.
After the opening comments and ceremonies, the Governor cut the ribbon on the cyber range, with the sponsors participating in photos and short presentations by students and experts on the cyber range plans and capabilities.
The launch of our new Michigan Cyber Range was covered by numerous media outlets around the Great lakes region and the country. Here is a small sampling of the media coverage we received on the cyber range launch:
Detroit TV 20 video: Protecting Our Networks
Emergency Management Magazine: Michigan Launches 'Cyber Range' to Enhance Cybersecurity
Ann Arbor Journal: Gov. Rick Snyder attends opening of Michigan Cyber Range
Oklahoma News: Gov. launches cyber security training facility
The Republic, Columbus, Indiana: Mich. governor launches opening of Michigan Cyber Range to detect, prevent electronic threats
Wish TV.com: Gov. launches cyber security training facility
So What’s Next?
The reality is that this is just the beginning of a long cyber journey. This new capability and resource will enable an entirely new set of answers and more questions regarding cyberdefense. While we believe that this cyber range is unique and essential to fight and win current and future cybersecurity battles, we plan to partner with other cyber ranges such as the DETER Project. Could this become the “Great Lakes” Cyber Range? Only time will tell.
But for now, it is enough to say: “Welcome, come in and explore the new Michigan Cyber Range.” Students will interact on the range through classes and programs at many Michigan Universities. Companies and government teams will connect through virtual private networks (VPNs) that will connect to the range and by visiting range facilities in person.
If you’d like more information or want to know how get involved, please contact Merit Networks at: http://www.merit.edu/cyberrange/contact.php.
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.