Battlegrounds today are increasingly becoming a virtual one.
Global cyber threats now impact every aspect of our activities.
Businesses and consumers face commercial frauds and crimes that cause billions in financial losses; nations are threatened with malware that disrupts its systems and functions.
It is shocking to learn that in December 2015 Ukraine’s power grid network were reportedly hacked and planted with malware, which knocked out part of its power line operations. The resulting power outage affected more than 200,000 residents.
In early 2016, the central bank of Bangladesh reportedly lost US$81 million through a sophisticated cyber-heist.
The incident jolted the world’s banking community and is a timely reminder for all of us that cyber-attacks are imminent and can strike at every corner of the world.
The ordeal seems endless. Every time new defences against cyber-attacks are designed, resourceful cyber criminals will seek new ways to penetrate them. It is no longer whether it will happen, but when it will happen or worse – it may already happened without your knowledge.
Cyber-attacks on e-commerce, vital businesses and government agencies are real. No one is spared from cyber threats. We find ourselves constantly trying to stay one step ahead.
This calls for us to be cyber-resilient. Unfortunately, most companies in Malaysia do not have robust cyber response plans or the opportunity to conduct realistic drills. This lack of cyber preparedness is further aggravated by the severe global shortfall of trained cyber security experts.
Just over a week ago in early September 2016, I officiated the opening of the new Cyber Range Malaysia (CRM) facility at the International Islamic University Malaysia in Gombak, Kuala Lumpur. An initative of Cyber Security Malaysia, it is the first-of-its-kind high-tech cyber security centre of excellence in the country.
It is established to help organisations in Malaysia test and validate their systems to ensure greater resiliency in their network infrastructure and operations. We can be proud that CRM deploys technologies similar to some of the largest cyber ranges around the world, such as the U.S. Defence Advanced Research Projects Agency National Range.
This new state-of-the-art facility is part of a broader effort of the Malaysian National Cyber Security Policy to improve the resiliency of the said government systems, or Critical National Information Infrastructure (CNII), against cybercrime, terrorism, and information warfare. CRM will also contribute towards reducing the number of information security incidents through improved awareness and skill-building.
Visualising Cyber Range
To understand the term “range”, we can think of a military firing range where the army carries out live-fire exercise to become expert in the use of a weapon. But rather than a physical environment comprising cardboard soldiers and dummy targets, cyber range is one is virtualised and hosted by a network of high-powered super-computers.
A cyber range is akin to having the entire Internet in a bottle – a virtual environment on a massive scale.
The mammoth scale in a cyber range offers the capacity to emulate any host domain and an infinite variety of endpoints.
Those virtual elements can then be subjected to countless simulated external or internal cyber exploits.
Users can easily create and tear-down entire network environments to test the performance of new hardware and software.
A cyber range offers organisations a practical and controlled setting where cyber-attack scenarios and security responses can be evaluated in real-world conditions, recorded and analysed to improve the overall resilience of target networks.
It essentially allows an organisation to test very large-scale cyber security solutions without impacting operations.
A Hub for “Ethical Hacking”
In fact, one of the most effective ways to fully understand the weakness present in a network is to attack a network, known as “ethical hacking”. However, these types of tests are potentially destructive and could compromise network stability and even cause service failure. Cyber Range removes such paradox by providing a unique testing environment that allows large and small scale networks to be simulated using a combination of virtual and physical devices.
The advantage of Cyber Range is that, once a network has been placed onto it, the network can be attacked and defended without having to place the organisation’s actual networks at risk. The Cyber Range’s simulations can also be used to test hardware, software and to help prepare for any large network upgrades or to diagnose network problems.
Cyber Range’s interactive environment is also an ideal place to train and educate network responders and infrastructure design teams to be more secure and efficient.
CRM plays a key role in identifying and plugging gaps in our organisations’ IT security, especially in the area of network resiliency through a service offering called Testing as a service (TaaS), which can optimise IT investments in security while minimizing test investments. When testing security devices needs to be done quickly and accurately, TaaS provides a fast, accurate, and reliable means of validating them.
Up-skilling Our Cyber Warriors
We also see the opportunity to provide an education and training platform for Malaysia through CRM by introducing Certified Cyber Defender Associate courses for network administrators, information security officers and C-level IT professionals. Security practitioners need to sharpen and upgrade their skills to deal with cyber threats of growing sophistication. These certified courses will equip our future cyber warriors to defend their organisation and formulate defence strategies against sophisticated cyber-attacks.
The Ministry of Science, Technology and Innovation (MOSTI) through Cyber Security Malaysia aims to achieve at least 10,000 cyber security professionals by 2020. In preparing to face the new economy, we acknowledge the need for a strong pool of cyber security talent to build a dynamic cyber security ecosystem that can support Malaysia’s transformation into a high income digital economy.
With CRM, we hope to encourage more to join the profession as well as encouraging cyber security professionals to hone their skills to stay a step ahead in the ever-evolving cyber security landscape.
This article was also published in the Daily Express Sabah on Sunday 25th September 2016.