Defence against independent and state-funded hacker groups has been added to the Cyber Range testbed in Kista, an enclosed cyber battlefield behind steel walls and access control doors. In the state-of-the-art facility, RISE will hone Swedish expertise in cybersecurity and test the resilience of our IT systems.
Technologies such as IoT, 5G and cloud services continue to drive forward digitalisation at a high pace. Large volumes of data are generated and used in various industries and sections of society. The dependence on continuously functioning information technology poses an increased risk when security does not keep up.
– “On the one hand, digitalisation is of enormous benefit to society as a whole,” says Shahid Raza, Unit Manager at RISE and the person leading the work being done at Cyber Range. “On the other hand, it makes us more exposed and vulnerable to malicious cyberattacks.”
Several notable cyberattacks have been carried out against Swedish targets in recent years, including the ransomware attacks against Coop and the listed companies Addtech, Gunnebo and Mekonomen. Sweden may be a global leader in digitalisation, but its overall level of cybersecurity does not have quite the same standard.
Cyber Range is now open for education and training. Here, customers’ IT systems, networks and new products and digital services are placed in the firing line of simulated cyberattacks. In addition to access to leading research expertise and training facilitators, there is also a team of ethical hackers* (approved by RISE) who can be tasked with searching for bugs.
– “When you come here for training, you can openly discuss your problems,” says Raza. “That is one of the facility’s features, being able to confidentially share your problems with trusted experts and not have 50 others listening in.”
If you manage to successfully defend your networks and your organisation in this virtual world, well then you are probably ready to defend yourself in the event of a real cyberattack
Raza equates the training structure with a military exercise, where real soldiers train with live weapon systems under real-world conditions, but where no one gets hurt:
– “In the same way, we use real offensive and defensive tools in our cyber environment, but without attacking the real infrastructure. We use a virtual copy, a digital replica, of the customer’s system. If you manage to successfully defend your networks and your organisation in this virtual world, well then you are probably ready to defend yourself in the event of a real cyberattack.”
For a customer wanting to train their IT staff, several options exist. One option is to build sector-specific verticals in, for example, a transport or hospital system with many IoT devices, and then carry out training in that environment. Customers can also set up their systems themselves. In the facility is an enclosed inner room (constructed as Faraday cage) for running simulations at a detailed level without the risk of configuration leakage, for example.
– “We are also looking at how we can apply an AI environment in the cyber range,” says Raza. “For example, imagine setting up a digital twin of a self-driving system that you then let an AI control. You can test this inside the range before moving out to the public road network.”
• Cybersecurity training and evaluation in a security-rated environment
• Security testing of products and services
• Testing of digital twins in a specific sector
• Research projects in cybersecurity
• Certification of products in accordance with the EU Cybersecurity Act
* Ethical hackers are used today by many established actors in order to strengthen security and privacy protection, including states and government agencies (Switzerland, Pentagon, etc.), financial companies (Goldman Sachs and MasterCard) and manufacturers of autonomous vehicles (GM, Tesla, Fiat Chrysler).