The Illinois office uses a cloud-based Cyber Range platform to create such live-fire scenarios to give security teams hands-on training to prepare them for real events. The training is critical because the number of attacks on the office has increased by 800% since 2019. The training came about as a way for the office to ensure the protection of the $52 billion in assets.
One of the challenges that I found is making sure that your teams who have to respond to this are trained and ready to go. We were looking for a platform that allowed our security folks to actually simulate being under attack. It’s super important because if you don’t train that way, you’re not going to be able to defend in the real world.
– Joe Daniels, CIO, Treasurer’s Office
Cyber Range serves as a cyber playground. At the centre is a virtual enterprise-grade network. That means when someone comes to train on the platform, they enter a live network, which consists of databases and servers and desktops and. The second component is a sophisticated attack machine. The research team detects real malware and reverse engineers it to use on the network. When they enter the playground, they are using their own tools in order to try to defend the network, meaning to detect the attack before they know what kind of attack it is, and then mitigate that. They are doing that in a real virtual environment.
Treasurer’s Office staff have trained on the platform weekly for the past 18 months, and the office also helps train local units of government involved in a round-the-clock full-service electronic program through twice-monthly sessions using another module of the platform. Using the labs, trainees experience the fundamentals of hands-on cybersecurity, while the CyYber Range provides a realistic live-fire exercise in which they must solve a complete attack vector.
The tools that they use in the lab, they’re real-world tools that most agencies have in place already. The lab-based training has a waitlist of six months. That shows you the need or the desire for people to understand and learn about this environment. I think the pandemic showed everyone how reliant on technology we really are,” Daniels said.
The onset of the COVID-19 crisis is when cyberthreats took off, especially because agencies’ technology footprint grew as employees worked from home. It is very different trying to protect assets with a remote workforce.
The approach to security focuses on people rather than technology because a shortage of cyber professionals is one of the biggest challenges the industry faces. As of November 17, there were almost 600,000 cybersecurity job openings in the United States – about 40,000 of them in the public sector. The team uses the platform to spot skills gaps and trains the existing workers to fill them.
The goal is to create a centre of excellence for cybersecurity around financial transactions, although there are plans to expand beyond that area starting in January 2022. Cybersecurity is going to continue to be critical.
As reported by OpenGov Asia, A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) has warned that an infamous ransomware group has targeted multiple organisations deemed critical infrastructure, including two organisations in the U.S. food and agriculture sector. The advisory includes technical details, analysis, and assessment of this cyber threat, as well as several mitigation actions that can be taken to reduce the risk to this ransomware.
CISA, FBI and NSA are unified in emphasising the value and importance for organisations to apply best practices to protect their networks, systems and data, such as (1) implement and enforce backup procedures; (2) Use strong, unique passwords; (3) Use multi-factor authentication; and (4) implement network segmentation and traversal monitoring. All organisations striving to protect their networks from a ransomware attack and ensure their systems are resilient should read the joint advisory for the full spectrum of recommended mitigations.