[David Strom's Web Informant] Why you might need live cybersecurity exercises

David Strom david at strom.com
Thu Feb 4 10:35:40 EST 2016

Web Informant, February 4, 2016: Why you might need live cybersecurity

When it comes to preparing for cyber attacks, there are a variety of tools
and techniques that you should employ: firewalls and intrusion detection
devices for sure. But some tools are less obvious, and involve more of the
human organizational element. This is where a company called CyberGym comes
into play.

In one of my favorite scenes from Jerzy Kosinski’s Cockpit, the secret
agent protagonist is applying to become a spy. He is sitting in a room with
his fellow recruits, waiting for the testing period to begin. What he and
his compatriots don't realize that is that the waiting room is actually
under observation and part of the testing process to see how well the
newbies will collaborate with each other. The recruits are subjected to a
variety of temperature extremes and every so often an employee will come in
to tell them that there will be additional delays before the tests will
begin. The goal is figure out which of the recruits will get annoyed with
the forced wait and how each one will endure these hardships. This is a lot
like the CyberGym live fire exercise: you want to see how people do under
pressure and how they will create allies. Who is going to crack and make
things difficult with others? Who is going to demonstrate leadership?

CyberGym was co-founded by managers from the Israel Electric Corporation
and has some specific facilities that relate to SCADA controls and power
conditioning equipment that are found in the typical power plant. It has
been used by global corporations from many different industries. The
average engagement last several days as they run through a series of
attacks and other malware intrusions.

I visited CyberGym <http://www.cybergym.co.il/>'s offices in Israel last
month as part of a trip that was partially sponsored by the America-Israel
Friendship League
the Israeli Foreign Ministry. Their operation is contained in a series of
huts that are scattered around a historic eucalyptus grove about a half
hour north of Tel Aviv. The notion is that nothing prepares a group of IT
security workers better than having to be part of a live fire-fight
exercise. One hut contains the attack team, a second contains the defending
team, and a third is for judges and observers. Each team contains both
security staff, IT and corporate management, and others from a specific

The idea is to replay a particular attack and see how the teams respond.
Since its inception, CyberGym has conducted hundreds of these exercises,
and they now have facilities in Portugal and the Czech Republic in addition
to Israel. They look to see what the defenders do first, how they work
together, and what things they fall down on. When I visited, the company’s
founder Ofir Hason said that often the right response wasn’t anything
technical, but coordinating what the team was going to do and how they
actually worked together.

Fighting cyberthreats is a team effort, and involves a combination of
technical and non-technical skills. Often convincing your management that
you have to do something relies more on your power of persuasion that
knowing how to block a remote shell executable or neutralize some malware.
I like the name CyberGym too, because it implies that you need to condition
your response “muscles” with real exercises, not just doing some academic
threat management scenarios. Like a physical gym, you need to bulk up and
do some resistance training to build your strength and add to your

Sure, there are other teamwork-building exercises that can be done less
expensively (everyone falling backwards or trying to climb through a ropes
course) – but these aren’t specific to the cybersecurity realm and don’t
really address this specific realm. If you want to see how your cyber team
handles the next attack, you might want to book some time at the gym – the
CyberGym that is.

Comments always welcome here: http://blog.strom.com/wp/?p=5182
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.webinformant.tv/pipermail/webinformant_list.webinformant.tv/attachments/20160204/eb06a616/attachment-0002.html>

More information about the WebInformant mailing list