Joint Cyber Training Lab
In order to enhance security of cyber networks and minimize the risks of Critical Infrastructure/Key Resources (CIKR) Industrial Control Systems (ICS) and private sector networks, SDMI, in partnership with the Louisiana National Guard and the LSU Transformational Technology and Cyber Research Center (TTCRC), has constructed a Joint Cyber Training Lab (JCTL). The cornerstone of the JCTL is a Tier III Cyber Range which is a closed system comprised of a balance of both hardware and virtualized computer systems and network devices that can replicate and/or simulate any large scale networked computer system.
This state-of-the-art Cyber Range was designed to incorporate State and Federal cyber response frameworks and programs with a focus on critical infrastructure industries and private sector training. Training with the Louisiana National Guard has already begun and SDMI is working with other private and university-based experts in cyber security at LSU and other universities to create a cyber-research and incident response capability. In addition to cyber incident response training, SDMI intends to leverage the range for CIKR industry and private sector representatives to use as a test and evaluation center for their ICS and internal networks.
SDMI Cyber Lab Objectives
The SDMI Cyber Lab Initiative has the following three primary objectives:
- Objective 1 – Establish a Cyber Lab that replicates specific Industrial Control Systems, DoD and Non-DoD Networks.
- Objective 2 – Conduct Cyber Attack and Incident Response Exercises
- Objective 3 – Offer Industry Specific Cybersecurity and Standards and Certification Coursework
Objective 1 – Establish a Cyber Lab that replicates specific Industrial Control Systems, DoD and Non-DoD Networks.
SDMI partnered with TTCRC, and the Louisiana National Guard to develop the Cyber Lab. The lab has the necessary equipment to configure a network environment with servers and workstations in a closed loop network configuration. This closed loop is required so that network attacks and malware do not escape into any type of production environment.
This will provide private and public sector IT personnel with a fully functioning, mobile network capable of simulating an organization’s production network.
Objective 2 – Conduct Cyber Attack and Incident Response Exercises
Decisions made with insufficient information will not always be incorrect, but the likelihood of these decisions being the most appropriate are significantly less than if the decision makers have a more complete information set. As noted in the National Cyber Leap Year Summit 2009 Participants’ Ideas Report, “Notwithstanding recent progress in the economics of cybersecurity, we still lack empirical and theoretical tools –reliable and exhaustive data and rigorous metrics on cybersecurity incidents, attacks, and infection rates – to make the right decisions. This greatly limits the types of security economic analyses that can be performed at the policy, corporate, and individual levels.”
Conducting simulated cyber-attack exercises helps gather the information and data to establish the correct answers. Participating organizations are able to validate their IR plans against fundamental security questions and determine the correct answers. The exercises help identify areas that are sufficiently secured against cyber-attacks and allow participants to stress their systems to identify areas needing improvement. Processes and procedures will be substantiated as being either sufficient or not and After Action Review will help establish action plans for corrective measures.
SDMI and TTCRC are able to significantly enhance incident response capabilities through the conduct of simulated attacks customized to specific threats faced by industry and private sector partners.
Objective 3 – Offer Industry Specific Cybersecurity and Standards and Certification Coursework
Using documents such as the National Cyber Leap Year Summit 2009 Participants’ Ideas Report, Guide to Industrial Control Systems (ICS) Security, and Computer Security Incident Handling Guide, SDMI and TTCRC take the information gathered in Objective 2 and create Industry Specific Cybersecurity Standards and Certification Coursework. Recommended actions and guidelines from these documents help direct and formulate the steps for creating the necessary criteria. Refined with information from the simulated cyber-attack exercises for CI/KR industry and private sector partners, these Federal guides will be reconstructed with a focus on the needs of individual industry specific environments.
SDMI, TTCRC and LANG seek to improve resiliency and cybersecurity for CIKR infrastructure and private sector networks by focusing on current network infrastructure being used throughout our CIKR industries and private sector partners. SDMI and its partners created a Cyber Lab that ensures that Federal standards from multiple publications are infused into each participant’s incident response plans. This virtual lab facilitates the execution of incident response exercises and the incorporation of sector and industry specific data into the refinement of incident response plans. The desired end product will be an industry tailored training and certification coursework wherein personnel will be able to attend training and earn certifications for compliance with Federal standards and guidelines for Cybersecurity.