The Importance of Government-Grade Cybersecurity in the Face of State-Based Threats

A seismic shift has shaken the foundations of the global cybersecurity threat landscape in the last year. Russian cyber aggression against Eastern Bloc infrastructure has given rise to increasingly sophisticated adversary techniques. Cybersecurity giant Mandiant said Russian cyber operations since the start of the Ukraine war have greatly increased in frequency, with nation state-backed cyber-attacks against critical infrastructure doubling in the past 12 months.

The Russian war in Ukraine has underlined the importance of robust cybersecurity measures in a digitalised world almost wholly reliant on the internet and macro networking processes. The state has been accused of using cyber warfare as a tool to disrupt and destabilize the region and in 2023, nation state attack paths of the last 12 months will now be targeting businesses, as political gain morphs into financial opportunities for adversaries the world over.

The Changing Threat Landscape

One of the most significant developments in the shifting geopolitical landscape over the last year has been the increased use of cyber-attacks as a tool of statecraft. Hostile states are now using their cyber capabilities to shift global power dynamics to achieve their strategic objectives. In this context, businesses in critical sectors such as infrastructure, finance, and manufacturing have become a priority target for state-based cybercriminals.

One of the main reasons for this is that Russia has sought to disrupt supply chains to Ukraine, as well as inflict costs on European countries that have provided material support to Ukraine. This has included the use of ransomware attacks to target businesses in these sectors, with the aim of causing disruption and financial loss.

The Need to Act

The intensified cyber threat means that businesses that previously considered themselves safe from ransomware attacks from independent actors may not be prepared for more complex and larger-scale threats. These attacks are often highly sophisticated and well-funded, and can have far-reaching consequences for businesses and the society that relies on them.

In light of these developments, it is imperative that European businesses in critical sectors look towards more robust cybersecurity methods. It will also help businesses to have contingency plans in place in the event of a cyber-attack, including backup systems and procedures for responding to and recovering from an attack.

However, all this may not be enough if the root cause of the breach is not known. Exposing vulnerabilities before they can be exploited should be the primary goal of a best practice cybersecurity program.

The Development of a Solution

The MIT Lincoln Laboratory, a research center of the US Department of Defense helped develop the first virtual testing environments known as cyber ranges. They were developed as a solution to the shortfalls of typical red teaming and blue teaming approaches, namely that testing against cyber-attacks was limited by testing with the inability to be rigorous.

In avoiding permanent damage to the networks that are supposed to be protected, the attacking team could not utilize the full scope of their capabilities and therefore all attack vectors could not be tested for vulnerabilities.

The US Department of Defense recognized this and determined that, to be effective at testing for network vulnerabilities against sophisticated adversaries, a simulated network would be needed. That simulated network would become the cyber range, and would act in a similar way to a live-fire rifle range. The user could implement attacks as they would be done in the real world without concerns about causing permanent damage.

In other words, MIT Lincoln Lab had developed systems that allowed for cyber live fire exercises on an industrial scale for the first time, with near unlimited potential for experimenting with offensive and defensive techniques. Additionally, the high-fidelity nature of cyber ranges and non-scripted attack scenarios, conducting three years of cyber-attacks within a space of 24 hours, meant it was possible to rigorously test and expose human vulnerabilities.

These efforts paid off, as the lab was able to deploy its cyber range capabilities to over 80 labs, primarily supporting classified development projects for the military and intelligence agencies. In addition to providing a safe and secure environment for testing and training, these cyber ranges also allowed the US government to gain a preview into the latest cyber warfare capabilities being developed by the US, giving them a significant advantage in the constantly evolving field of cybersecurity.

A Defensive Overhaul

The development of cyber ranges at MIT Lincoln Laboratory has been a key part of the US government's efforts to stay ahead of emerging cyber threats as it seeks to maintain its leadership in the field of cyber warfare. These cyber ranges have allowed for the development and testing of new tools and technologies, as well as the training of personnel, all of which have helped to keep the US safe and secure in the face of a mercurial threat landscape.

Today, these same capabilities are now being made available to those critical private industries that are under threat. Expanding the availability of high-fidelity cyber ranges to the private sector is largely a response to current threats, with the understanding that the security of private industries such as finance, communications and energy infrastructure goes hand in hand with national security.

As cyber threats transcend geographical borders, businesses around the world are embracing cyber ranges as a means to appropriately safeguard against the sophisticated threats of the future. Across Europe, government departments and critical infrastructure organizations have been testing their cybersecurity infrastructure in light of a cyber threat that has reached critical mass.

The Benefit to Businesses

There are several reasons why businesses and critical infrastructure organizations are embracing the use of military-grade cyber ranges. They provide a secure and controlled environment for training and testing, meaning that companies can safely practice responding to cyber threats without the risk of damaging their actual systems or data. Additionally, cyber ranges are equipped with advanced tools and technologies that allow organizations to test and evaluate their cyber defenses in a more realistic and comprehensive manner.

Another reason why businesses and critical infrastructure companies are using military-grade cyber ranges is that they can be customized to meet the specific needs of an organization. For example, a company may want to simulate a cyber-attack that targets a particular part of a network, or one that uses a specific type of malware. Military-grade cyber ranges can be configured to mimic these types of threats, allowing companies to test their defenses and identify any weaknesses that need to be addressed.

Finally, it helps them to stay ahead of emerging cyber threats. As cyber-attackers become more sophisticated, it is important for organizations to continuously improve their cyber defense capabilities. By using a cyber range, companies can stay up to date on the latest tactics and techniques used by cyber criminals, and develop strategies to effectively defend against them.

Consequently, what is particularly attractive to companies about cyber ranges is the ability to safely practice and improve their cyber defense skills, customize training and testing to meet their specific needs, and stay ahead of emerging cyber threats. All the while, the range can be continually run to reveal and remove all possible vulnerabilities. This can provide businesses and shareholders the peace of mind not possible using exclusively anti-viral software.

It is important that businesses understand the real implications of state-based cyber threats, as well as their unpredictable nature. Cyber-attacks require vulnerabilities to succeed. Though some may rely on antiviral software, the efficacy of finding vulnerabilities will never substitute that of an actual cyber-attack with real world conditions, and cannot account for human vulnerabilities. A higher fidelity simulated network makes it possible to model a greater number of sophisticated attacks, ultimately translating to a more resilient network.