To many, living in the online world means being free – free to work, study or play in the way they want, when they want, how they like it. However, take a closer look and you’ll realise that this idyllic, online utopia isn’t as free, clean and sparkly as it appears to be. While netizens go about their business, a secret battle rages on behind the scenes. As you’re reading this, hackers are scouring the internet for potential targets. These aren’t just your typical credit card scammers – there are real, organised groups out there who are experts at their craft, seeking to perpetuate their own agendas, be it hacktivism, denial of service (bringing down websites or service providers), and stealing personal information, company data – or even state secrets. What is being done to fight against these new enemies?
Well, good news is that many entities from the private and public sectors are working together to combat this new threat – it has become really common to hear governments and cybersecurity agencies team up and figure out how to fight these Black Hats (Hackers) together. The bad news? White Hats (the good cybersecurity guys) are barely keeping up with the Black Hats in terms of pace – just as one security exploit is patched, another is discovered and taken advantage of by hackers. There’s a shortage of White Hats too – and the current cohort of cyber defenders need to undergo constant, serious training to keep up to date with the latest threats.
Thankfully, many entities such as KPMG, CISCO, Red Hat – and closer to home – Govtech and Singtel – are investing heavily in effective, true-to-life practical training that goes beyond just the theory. Here, White Hats are often put through “Cyber Ranges” – a simulated, realistic cyber hacking battlefield where they face-off against real threats in a safe environment. One of the many security vendors leading the development of these Cyber Ranges is Ixia, a cybersecurity equipment manufacturer based in the United States.
While Cyber Ranges are commonplace amongst most security companies, they are often privately held – Ixia’s Cyber Ranges are open to all, and up the ante. Through the ‘Cyber Combat Asia’ competitions, Ixia and its partners gather the latest and greatest White Hat talents in each country, split them into teams of two, and pit eighteen duos against each other in a free-for-all, no-holds-barred fight to the digital death. The winners from each region – Hong Kong, Japan, Thailand and so on – get a ticket to Singapore to face off the best in the best in Ixia’s Cyber Combat 2018 Grand Finals.
Looks like a scene straight out of Tron – Fancy.
But why all the fanfare? According to Naveen V. Bhat, Managing Director of IXIA Asia Pacific, it’s all meant to raise awareness on impending cybersecurity threats and to get participants to engage in training which is true-to-life, in a realistic networking environment. “It’s just like how armies train themselves today – training needs to be in a realistic environment where soldiers fight against real threats. Likewise, our Cyber Combat ranges put participants in realistic training scenarios that don’t just make use of realistic equipment setups in the environment – they make use of threats which are realistic, relevant and challenging.”
While other Cyber Ranges are used to train individuals and occasionally promote specific vendor equipment, Ixia claims to use equipment setups which more accurately simulate how companies realistically deploy assets in the field – a mix of components and software from a variety of vendors. Inside this complex, blinking hulk of a server nicknamed “The Beast”, the organisers pit these teams against each other in a “Capture-the-flag” scenario. Teams must hack their opponents to steal their flags – titled “CyBlocks”, while protecting their own from prying hands and eyes. Capturing these Cyblocks requires practical knowledge of Cryptocurrencies and other bleeding edge technologies – thus encouraging participants to go all-out in ensuring that they are up-to-date in their cybersecurity knowhow.
Every successful attack and defensive manoeuvre rewards teams with points – and the team with the most points at the end of the 12-hour competition wins the grand prize of $10,000 Singapore Dollars. To add a little challenging ‘bonus round’ to the Grand Finals, Ixia even placed a Cyblock on a flagship mobile device, which would be gifted to the team ingenious enough to hack the device and capture the Cyblock.
The greater the challenge, the greater the challengers – and present at Cyber Combat 2018’s Grand Finals were 18 international teams across Asia – including challengers from Thailand, Hong Kong, and Singapore across the public and private sectors. While most of the White Hats at the event consisted of talented teams representing big names in the public and private sector, the team that caught our eye the most came from Japan.
It’s pretty clear why 😛 Meet one of the top White Hats teams of Japan – Team Sagittarius!
While they may look demure and unassuming amongst the crowd of predominantly male White Hats, Serika Tadano and Yuka Tamura, both full-time cybersecurity professionals, beat all the participants in Cyber Combat Japan and were flown to Singapore by Ixia to take part in the grand finals. Although the two young Cyber Warrior Women experienced some challenging setbacks during the initial hours of the competition, they easily overcame the competition in the second half of the day – rising from the fifteenth place to the top five within a matter of hours.
What’s even more impressive than their meteoric rise is their relatively new background in the industry. Both were relatively new to Cybersecurity – having transitioned from different careers several years back. “How I got started as a White Hat? Well, I saw an article in the news about Cybersecurity incident and got really interested. I decided to find out more about the industry after that – and I guess the rest is history!”, said Serika. Team Sagittarius ended up clinching third place in Cyber Combat 2018. When asked what gave them the edge over the competition, both simply replied: “Good training and courses!”.
As cool as they are, Ixia Cyber Combat and Cyber Ranges worldwide are great events that encourage good cybersecurity training – but more importantly, they highlight the current, precarious state of the digital world; where battles are being fought every day, new forms of cyber warfare are devised in mere days, and more and more White Hats required urgently to join the fight.
We hope you enjoyed this little piece on Cyber ranges! Next up, we’ll be speaking to David Holmes, Principal Threat Research Evangelist for F5 Labs, on the state of cybersecurity in Singapore and what we can do to balance convenience and security in this age where anyone and everyone can be a victim of a hack. Stay tuned!