September 26, 2014
THE CANADIAN PRESS/HOSymantec's Cyber Readiness Challenge is an offshoot of the company's internal CyberWar Games. It has been offered over 60 times, in 21 countries and online, since its genesis two years ago.
When a company is under cyber attack, it may be the first time its security personnel have a chance to do anything that even resembles real-world investigation, or to see what the bad guys are actually up to. That may handicap them in their investigations.
Yet cyber security is an awkward field to train for, said Michael Garvin, senior manager of product management at security vendor Symantec Corporation. “Attackers use us to hone their skills,” he pointed out. “But security doesn’t have that option.”
That’s why Symantec developed the Cyber Readiness Challenge. An offshoot of the company’s internal CyberWar Games, the Cyber Readiness Challenge has been offered over 60 times, in 21 countries and online, since its genesis two years ago. The most recent round was at the High Technology Crime Investigation Association (HTCIA) conference in Halifax last week.
HTCIA is an international organization that allows law enforcement and the private sector to interact to investigate cyber crimes. Founded in 1986 by a group of California law enforcement officers, it has grown to over 5000 members globally, with chapters on almost every continent, including five in Canada. Its mission: “Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.”
The Cyber Readiness Challenge creates a safe virtual environment in which investigators of all skill levels can hunt down a cyber crook in an interactive simulation. Gamers will recognize the technique as a “Capture the Flag” situation. Symantec designs each challenge to echo what’s happening in the real world; as attackers come up with new ways to break in and steal data, those methods find their way into a challenge so investigators can learn to combat them.
First the player is presented with a scenario — in the case of the Halifax challenge, that he or she is an IT person who arrives in the office to find that a co-worker has been fired after having botched a forensic investigation, uploading the evidence to a cloud service and a social network, then deleting the original files. The CIO’s instruction: do whatever it takes to track down and recover the data.
From there, the player is presented with a number of challenges, known as flags. Each involves a bit of ethical hacking that helps the player follow the culprit’s trail — and also teaches him or her techniques used by cyber criminals in their activities, providing valuable insight into how attacks are constructed. For example, an early challenge gets the player into the crook’s social networking account, which leads, a couple of flags later, to access to the cloud service the stolen data was uploaded to. The player progresses from level to level in the simulation by capturing all of the flags in each level.
Until now, Mr. Garvin said, “we’re practicing when we have an incident.” But, he said, it has been shown in the military that soldiers who don’t train under live fire freeze up when someone shoots at them in combat. The same stress reaction can handicap forensic investigators who haven’t had live experience. The realistic timed challenge gives them that training. He said that one student told him that the modeled attack in a challenge mirrored one that later hit his company. Because of the simulation, he was able to identify and respond to the attack.
The simulation is designed so even IT people with fairly basic skills can participate and learn. There are hints attached to each flag, and at the HTCIA conference, Symantec also offered a pre-challenge tutorial on the necessary tools which was standing room only.
No comments:
Post a Comment