HADERA, Israel – A collection of small stone houses that once sheltered seasonal orange pickers now serves as a real-world training ground for cyber defenders to learn what it takes to keep a growing army of hackers out of networks operated by multinational corporations, government and security organizations worldwide.
CyberGym, created in 2013, is not a simulation center like the Michigan Cyber Range run by Merit Networks in Ann Arbor, MI. Rather the Israeli facility works closely with other CyberGym centers in Europe and Asia – and soon the United States – in the real-world where “everything that happens, it really happens in real time,” CEO Ofir Hason told a group of about 20 journalists on June 25 who were in Israel to cover Cyber Week. CyberGym is a joint venture of Israel Electric Corporation and CyberControl, an Israeli cybersecurity company.
CyberGym charges its clients from $100,000 to $300,000 a week for custom training that replicates the principles of the company’s unique technological environment. Training can last from one week to several. CyberGym’s brochure describes its offerings as a “unique hands-on training concept and a holistic approach to cyber warfare.” Training is not only provided to techies, but also to their non-technical counterparts.
In one part of the CyberGym Training Arena, the Blue Team – aka the paying clients – face real cyber-attacks from the in-house Red Team, composed of cyber experts from the Israel Defense Forces’ elite 8200 cyber intelligence unit, as well as US National Security Agency hackers, plus veterans of other cyber defense organizations. A White Team, composed of the same cyber battle-hardened pros, serves as both supervisors and umpires. Some 40 people work at the Israeli center.
When the training sessions conclude, CyberGym conducts a thorough analysis of what happened and a review of how cyber defenders dealt with the attacks. The end result, CyberGym hopes, will be its trainees can determine how the breach occurred, better understand their responsibilities and roles during an attack, plus gain valuable insight into the mind of black hat hackers, nation state actors and organized crime all bent on stealing data and causing digital mayhem.
“The goal is to punch the companies in the face before they have to face a real fight,” Hason said. “In general they do not like what happens because companies realize how vulnerable they are.”
CyberGym’s training centers include the same infrastructure hardware that typically will be under attack – from Servers, to Programmable Logic Controllers (PLCs), to Supervisory Control and Data Acquisition (SCADA) devices and even Automated Teller Machines. Hason uses an ATM machine as an example of the kind of target favored by criminal hackers.
“There are 50,000 (machines) like this installed in Asia,” he said, as he slides the electronic internal components out for the journalists to inspect. Inside is a computer running Windows NT 4.0 (from 1996), which hasn’t had its software updated in many years. As a result, Hason said these money-dispensing machines are almost ridiculously easy to hack.
“We warned them and asked why they did not update them,” he said. “They replied that they worked; updates cost too much money.”
Back at the Michigan Cyber Range, Joe Adams, Merit Networks Vice President of Research and Cybersecurity, said he visited CyberGym a few years ago and was impressed by the cyber-physical aspects, “which involves very visual infrastructure and real PLCs and SCADA equipment, such as pumps.”
But Adams said Merit and the Michigan Cyber Range differ from CyberGym because Cyber Range focuses on scalability: “We can offer multiple exercises at one time and allow participants access to the exercise environment for longer durations. We are also network accessible, which means that our range, exercises and classes can be connected to from anywhere remotely.”
Adams added: “I like what they are going. However implementing features similar to CyberGym’s comes with the expense of scaling and accessibility, which are two cornerstones of the Michigan Cyber Range.”