by Scott Flower
When it comes to your cyber defense readiness, have you defined where you want to get to? The “destination” of a cyber defense readiness program is likely to be ever-moving, and just when you think you are about to get there, something new will come along to extend the journey. So knowing that the end will likely never be reached, we should instead set a goal as a waypoint, we have to have something to aim for after all, otherwise, you would just be going on a mystery tour that would never end.
A good place to start when looking for a goal is one of the accepted cybersecurity standards, such as MITRE D3FEND. Also known as D3FEND, this is a framework developed by MITRE Corporation that focuses on active cyber defense techniques. D3FEND stands for "Design, Develop, and Deploy for Decentralized Defense," and it aims to provide guidance and strategies for organizations to proactively defend against cyber threats and improve cybersecurity posture.
Now that we have decided that our way-point on the journey is aligned with the MITRE D3FEND framework, we know where we are heading. But where do we start?
Planning a route typically requires knowing the starting point or current location in order to determine the optimal path to the desired destination. Without knowing where you are, it would be difficult to plan an accurate and efficient route to your destination.
You could start with the idea that you do not really know where you are, and so decide to begin at the farthest possible point away from your destination. This would be like wanting to go to Los Angeles when you are already in Omaha—but as you didn’t know you were in Omaha, you start in New York. While that ensures you won’t miss anything, you would spend half of the journey getting back to where you started (Omaha) before carrying on to Los Angeles. Let's not even think of the paradox of how we get to New York without knowing where we are.
In cybersecurity, we can find our current location via some kind of assessment. This assessment could be in the form of an exam to check knowledge, but this wouldn’t confirm skills. A better option would be a practical assessment of skills, such as a cyber range exercise.
What are cyber range exercises?
A cyber range is a simulated environment that replicates real-world cybersecurity scenarios for training and practice purposes. Cyber range exercises are designed to provide hands-on experience in dealing with cybersecurity threats and challenges in a controlled and safe environment. These exercises can be conducted through virtual platforms, allowing participants to practice and develop cybersecurity skills without the risk of causing harm to actual systems or data.
Cyber range exercises typically involve realistic scenarios, such as simulated cyber attacks, network intrusions, malware infections, and other cybersecurity incidents. Participants, such as cybersecurity professionals, IT personnel, and other stakeholders, are tasked with identifying and mitigating these threats, analyzing the impact, and implementing appropriate response measures. Cyber range exercises can be conducted individually or as part of team-based exercises, simulating real-world collaboration and coordination among cybersecurity professionals.
Now that we have a starting point, and a destination, we can start to plan our journey.
It’s a good idea to break the journey into smaller sections, with interim goals along the way. You wouldn’t drive from New York to LA in one go. These waypoints give you manageable targets and allow you to detour if needed, as business needs change and the threat landscape evolves.
So there you have it: You have set your destination, identified your starting point, and planned a route which, like all good road trips, has stops along the way should plans change.
As you progress to your goal of cyber defense readiness, RangeForce can be your sat nav for the journey.