December 17, 2012
Credit: Photo Credit: Elbit Systems
David Fulghum Natanya, Israel
With virtually every cybernetwork in the world in jeopardy of attack, Elbit Systems has positioned itself over the last three years to cash in on the escalating need to be prepared for digital disaster.
A program here is training teams of cyberwarriors for companies, government agencies and military organizations that want an in-house defense capability. That can be done at Elbit's facilities, or the company can provide a customer with the system, build the facilities and provide trainers for those that want a turnkey, in-house facility.
The key institution is a cyber-range that combines a training facility with a cyberlaboratory. The range is used both to training cyberworkforces to cope with different types of known attacks. At the same time, it can be used by Elbit to test and evaluate new technical solutions to both defense and attack.
“It is an isolated environment, so that you can inject new attacks into it without fear of risking the production environment,” says Eran Barak, a product manager for Elbit's intelligence and cybersolutions group. “It was a prototype and now it is a mini-system. We have an infrastructure that simulates customer networks and we have the tools to train Blue Team defenders.”
There are hints that offensive skills are not completely ignored. Scouting of other people's networks is not part of the business, he says but the difference between scouting and trying to penetrate a network is not very great. Similar principles are used for both, so trainers concentrate on defending against scouting and penetration using known attacks that can be found in open literature.
Bucking the trend of teaching cyberwarfare theoretically, the company's objective is to search out customers that want hands-on training. It then provides the White Team trainers and the Red Team attacker, although the latter is a human-free capability.
Elbit teamed with the U.S.-based Breaking Point cyber-security company, which developed a new traffic generator engine that has been integrated into the cyber-range, Barak says. It operates automatically to inject attacks into the simulation structure. The training network was designed as an open, generic and modular system that accepts off-the-shelf products.