According to the office of Governor Rick Snyder, Michigan is a national leader in cyber security. State officials say they have long emphasized protecting the state’s computer systems and networks, and they’ve established something called the Michigan Information Sharing and Analysis Center (MI-ISAC) to address the state’s digital infrastructure coordination and cyber security readiness.
Thanks to a partnership between the state and the nonprofit Merit Network—which is owned and operated by Michigan’s public universities— there’s another weapon in the state’s cyber security arsenal called the Michigan Cyber Range. Like a test track or a firing range, the cyber range is a place where IT professionals and organizations can conduct “live fire” exercises: computer simulations that test participants’ detection and reaction skills in a variety of situations.
“Governor Snyder’s intent is for Michigan’s workforce to be more cyber aware,” says retired U.S. Army colonel Joe Adams, Merit Network’s vice president of research and cyber security and the director of the Michigan Cyber Range. “We want to make the cyber range accessible and hands-on to show the benefits of this type of training.”
The Cyber Range has three physical sites, at Eastern Michigan University in Ypsilanti, Ferris State University in Big Rapids, and Northern Michigan University in Marquette. But Adams says the cyber range will lease out its infrastructure, called the Merit Secure Sandbox, to organizations that want to test their cyber security. The Michigan Cyber Range also offers 14 different training certificates online and through various two-year colleges around the state.
For example, Adams says the cyber range’s most popular offering is the Certified Information Systems Security Officer class. The five-day, 40-hour course is a beginning class for IT managers and costs $3,000. (There are discounts for groups and Merit Network members.)
The Michigan Cyber Range also hosts group exercises to test participants’ skills. In Capture the Flag, participants find and submit reports on vulnerabilities scattered across a network. Another, Red on Blue, allows an organization to try to defend its network from “hackers” made up of Merit Network staff and volunteers from local community colleges.
There’s also a “training environment” called Alphaville, which is a virtual town with a library, school, and city hall—all with different networks and operating systems with multiple security levels. On Oct. 25, the Michigan Cyber Range will debut a new training environment called Alphaville Power & Electric at the Michigan Cyber Summit. According to Adams, Alphaville Power & Electric will have components typically found in smart grid deployment and is designed as a training ground for people already employed by the power industry, as well as those who are interested in working in it.
At the Michigan Cyber Summit, the Michigan Cyber Range will also debut its new supervisory control and data acquisition (SCADA) component for Alphaville. SCADA systems are found at places like hospitals, water treatment facilities, and energy plants, and, in recent months, have become a growing area of concern nationally as reports have emerged that they may be vulnerable to certain types of malware.
Adams says in the current era of budget cuts and lack of funding, cyber security can be challenging. “An undermanned IT staff trying to keep up with changes really hampers an organization,” he notes. “The IT staff is too busy putting out fires to install updates and patches.”
Adams says the Michigan Cyber Range can also help small businesses, which often have only one person handling IT services. “They’re especially vulnerable, so we’re reaching out and letting them know that they can take advantage of our training without disrupting their business,” he adds.