CyberCity has all the makings of a regular town. There’s a bank, a hospital and a power plant. A train station operates near a water tower. The coffee shop offers free WiFi.
But only certain people can get in: government hackers preparing for battles in cyberspace.
The town is a virtual place that exists only on computer networks run by a New Jersey-based security firm working under contract with the U.S. Air Force. Computers simulate communications and operations, including e-mail, heating systems, a railroad and an online social networking site, dubbed FaceSpace.
Think of it as something like the mock desert towns that were constructed at military facilities to help American soldiers train for the war in Iraq. But here, the soldier-hackers from the Air Force and other branches of the military will practice attacking and defending the computers and networks that run the theoretical town. In one scenario, they will attempt to take control of a speeding train containing weapons of mass destruction.
To those who participate in the practice missions, the digital activity will look and feel real. The “city” will have more than 15,000 “people” who have e-mail accounts, work passwords and bank deposits. The power plant has employees. The hospital has patients. The coffeeshop customers will come and go, using the insecure WiFi system, just as in real life.
To reinforce the real-world consequences of cyberattacks, CyberCity will have a tabletop scale model of the town, including an electric train, a water tower and a miniature traffic light that will show when they have been attacked.
“It might look to some people like a toy or game,” Ed Skoudis, founder of Counter Hack, the security firm in central New Jersey that is developing the project, said recently while giving a reporter a tour of the fledgling system. “But cyberwarriors will learn from it.”
CyberCity provides insight into some of the Pentagon’s closely guarded plans for cyber war. It also reflects the government’s growing fears about the vulnerabilities of the computers that run the nation’s critical infrastructure. Last month, Defense Secretary Leon E. Panetta said that digital attacks “could be as destructive as the terrorist attack on 9/11” and virtually paralyze the country.
“If a crippling cyberattack were launched against our nation, the American people must be protected,” he said. “And if the commander in chief orders a response, the Defense Department must be ready to obey that order and to act.”
Behind those fears is an unsettling reality: Networks in the United States will remain vulnerable to attacks for the foreseeable future because no one understands cyberspace well enough to ensure security.
In the four decades since the Internet began, most cybersecurity research was conducted on the fly or as an afterthought, according to interviews with security specialists and computer scientists. Now, with the world linking up its communications, infrastructure, military, banking, medical and other systems at a lightning pace, the dynamic of cyberspace has grown too complex. Rigorous scientific experimentation that might lead to security breakthroughs is only beginning.
In the meantime, attackers hold a huge advantage. They can choose the time, place and method of strikes. Defenders almost always have to settle for reacting, making fixes after the damage has been done.
CyberCity aims to prepare government hackers to hold their own until long-term solutions can be found.
“The problem is the bad guys are getting better much faster than we are,” Skoudis said. “We don’t want to fall further behind on this.”
Realistic virtual environments
CyberCity is one of hundreds of virtual environments — often known as cyber ranges or test beds — launched in recent years by military, corporate and academic researchers to confront the mind-bending security challenges posed by cyberspace, where millions of attacks or intrusions occur every day.
Some small ranges study the effects of malicious software and viruses. Some hope to emulate the Internet itself and become scientific instruments of sorts, akin to mountaintop telescopes or particle accelerators, that will enable researchers to seek out the elusive fundamentals of cyberspace. The most ambitious of these, the National Cyber Range, was developed by the Defense Advanced Research Projects Agency. It has cost about $130 million since 2008. The agency said seven large-scale experiments have been conducted by Pentagon researchers.
Creating realistic virtual environments is extraordinarily challenging. In cyberspace, a global network of networks, more than 2 billion people interact with at least 12 billion computers and devices, including global positioning systems, mobile phones, satellites, data routers, ordinary desktop computers, and industrial control computers that run power plants, water systems and more.
Loading...
Comments