Cyber Security Test Range Opens In Hampshire

Businesses, banks and utilities now have somewhere where they can test their own networks and infrastructure against a co-ordinated cyber attack, but in a safe and controlled manner.

The idea behind the ‘first commercially available federated cyber test range in the UK’, which has now been formally opened by defence contractor Northrop Grumman Corp at its Fareham, Hampshire facility, is that organisations and management can use it to evaluate their resilience to cyber attacks.

Attending the launch ceremony was Gerald Howarth MP, Minister for International Security Strategy at the Ministry of Defence. However other guests included Jean Valentine, one of the first operators of the bombe decryption device at Bletchley Park during the Second World War.

Infrastructure Survivability

“The cyber range will be used for emulating large complex networks and for conducting cyber experiments and assessments of infrastructure survivability and assurance within a safe and controlled experimental environment to evaluate their resilience to cyber attacks,” said Northrop Grumman.

Indeed, the UK cyber range has been designed to work with other cyber ranges anywhere in the world, so that large-scale experiments can be carried out “beyond the scope of a single facility.” To this end, the UK range will be federated with the existing US cyber range and Internet research laboratory located in Northrop Grumman’s Cyberspace Solutions Centre (CSSC) in Maryland.

“One of the challenges for research into computer network operations and cyber security is experimentation and testing under controlled conditions,” said Dr Robert Brammer, vice president and chief technology officer for Northrop Grumman’s Information Systems Sector. “We need a test platform that is large enough to provide realistic environments and flexible enough to create many scenarios without creating risk for Internet users.”

Safe Experiments

“Because our cyber range is federated we are able to address this challenge on a larger scale than previously possible, creating a robust, safe experimental environment for emulating, attacking and evaluating large network operations and cyber security defence,” he added. “A wide variety of host domains can be built and subjected to many types of both external and internal cyber exploits and the results recorded and analysed.”

The UK cyber range will initially be used by Northrop Grumman in collaboration with BT, Oxford University (Said Business School), Warwick University (School of Engineering) and Imperial College (Electrical and Electronic Engineering) to conduct a series of experiments under the SATURN (Self-organising Adaptive Technology Under Resilient Networks) network defence research programme – a research project that aims to improve the resilience of the UK critical national infrastructure.

Government Recognition

The dangers posed by cyber attacks are now being officially recognised by UK authorities. For example the coalition government announced this week that £650 million has been earmarked for a cyber security initiative.

“This money will significantly enhance our ability to detect and defend against cyber attacks and fix shortfalls in the critical cyber infrastructure on which the whole country now depends,” said Prime Minister David Cameron.

And earlier this month the boss of GCHQ, the UK agency responsible for gathering intelligence, eavesdropping and breaking codes, warned that the UK is facing ‘real and credible’ threats from cyber attacks on its critical infrastructure. GCHQ director Ian Lobban said that government systems are targeted 1,000 times each month.

He said that such attacks threatened Britain’s economic future and added some countries were already using cyber assaults to put pressure on other nations.

“Cyberspace is contested every day, every hour, every minute, every second,” he said. The Internet lowered “the bar for entry to the espionage game,” he was quoted as saying by Reuters.

One such example came recently from Symantec, when it said that early versions of Stuxnet were targeting industrial control systems.

And in the UK, events like the Cyber Security Challenge, have been created to help create the necessary skills to fight cyber attacks. So far, this challenge has seen almost 4,000 people registering to take part.