Red and Blue teaming is a commonly used technique for honing the skills of information security teams. But setting them up and ensuring you have access to enough appropriately skilled participants can be a challenge for many businesses. Cisco has worked to allay some of those challenges through the establishment of Cyber Range - an environment that simulates over 50 real world threat scenarios. And, last year, they let teams of high school students loose in Cyber Range during a Cyber Games competition held at La Trobe University.
Seven schools, ranging from public schools to selective entry private schools participated in the games. There was a training session held in August with the competition following a few weeks later.Among the participants of the Cyber Games was a small team of students from Northcote High School from the northern suburbs of Melbourne.
Erik Koopmans, a teacher at Northcote High School lead a team of three students to victory. The students were all in Year 11 with two 17-year olds and one who was aged just 15. Interestingly, the school is in the process of introducing computing subjects into their VCE curriculum and the students' involvement in computing at school is through extra-curricular activities.
"When they got in front of a computer - there was one computer for the team - they were given a piece of paper with a bunch of scenarios such as your network has been compromised and you're losing a bunch of data. Your job is to find where it is being compromised, where the data is going, where it's coming from and what can you do to stop it," said Koopmans.
Other than the training session, held by Cisco, Koopmans said the students did no other preparation. They were shown how to use the tools but then it was up to the students to problem solve.
The competition was a race with each school trying to solve their challenge before the others. So, while the schools were competing, they weren't trying to hack each other.
"The team used a package of tools called Cyber Range. It's a suite of three pieces of software. There's Splunk that gives a view of everything going on in the network. It lets you start with a broad focus and then drill down to more detail. There was Sourcefire - the firewall interface that let you see all the traffic going into and coming out of the network. The last one was Stealthwatch. it listens to all that information and has a programmed intelligence that lets you find anything unusual on the network in real time," added Koopmans.
Cisco's Anthony Stitt says the Cyber Range toolkit wasn't new but the company saw a need to establish a way to train staff in more effective use of the tools. This led to the establishment of the environment for replaying incidents and then practicing their reaction. The focus of Cyber Range, he said, is about giving operators what they need in terms of tools and practice so they can get experience in finding data, pivoting between different tools and correlating what they see in order to solve real problems.
"We're really talking about parts of the problem space that can't be automated," said Stitt. "How do you teach the operators what to do when they see various signals. Typically, we are talking about weak signals coming from multiple places that need to be put together. This is about making those people more efficient".
With all three applications and the training, the students were equipped to look for different types of intrusions or malware. They were able to use data from one application and then connect it to information from the other to solve the problems they faced.
Koopmans said the hands-on access to industry stand software and the competition has given students a taste of what being a cybersecurity professional is really like, removing some of the mystery around the field.
The benefit of engaging schools, says Stitt, is to take a long term view in addressing the skills gap in cybersecurity. By working with La Trobe Univeristy and other educational institutions it's hoped to create a feeder system to identify talent and encourage participation in cybersecurity. Stitt added that Cisco is looking at expanding the program to other institutions.