Points of View

Cyber ranges: Pick a provider to wargame your cybersecurity—it’s unlikely that doing it in-house is wise

Jan 2, 2020 Josh Matthews Callum Moore

There are plenty of parallels between physical security and cybersecurity, and wargaming is one of them. Cyber rangesmanaged cybersecurity testing facilitiesare a prime way of trialing, developing, and deploying cyber-defenses.

 

Cyber ranges act as controlled, interactive, and realistic testing grounds; in combination with providers’ capability and partnership ecosystems, they can also aid in co-developing new and improved solutions that allow clients to feed off best practices. Accenture has just opened three cyber ranges, but it’s entering a strongly contested space that includes Palo Alto and IBM. Enterprise security leaders face a choice between service providers’ cyber ranges or going down a similar route in-house. Microsoft is a leading example of an enterprise going it alone, but it’s rare that an enterprise will have the required skills and practices to make this resource-intensive process a good idea. It’s better, in most cases, to go with an established provider’s cyber range and reap the benefits of their expertise and ecosystem for innovation.  

 

Accenture’s new cyber ranges give industrial firms the controlled environment they need for cybersecurity testing and deployment 

 

Accenture is again making waves in the cybersecurity sector. After its acquisitions of BCT and Déjà vuit recently announced the opening of three cyber ranges in Texas, Washington, DC, and Germany, where industrial companies (oil and gas, utilities, and manufacturing firms, among others) can wargame their cybersecurity defenses in a controlled, interactive, realistic, and live environmentTraining, tailored co-developed solutions and software, and vulnerability assessments are also at their clients fingertips. 

 

Rapid prototyping, testing, and learning is a hallmark of the hallowed agile project management approach. However, many of these hallmarks are troublesome for industrial firms. Capital-intensive projects and ultra-competitive margins are just two of the reasons why the “fail fast” approach can make alarm bells ring for leaders who traditionally decide to play it safer via the waterfall approach, which involves structured stage-gates (handing over points between departments or teams) 

 

Earlier in the year, we called on process manufacturers (such as oil refineries, cement producers, and paper makers) to change the conversation between their enterprise leaders, providers, and project teams to find the style of agile that works for themThe same is true for industrial cybersecurity. Industrial sectors are inherently resistant to change, but also inherently exposed to attack. Their increasingly complex networks encompass legacy and new digitally-native devices that must all talk to each other; without fully mapping these networks and testing cyber-defenses, the financial and safety risks soar. Testing these vulnerabilities can allow enterprises to plug these vulnerabilities before they’re exploited.   

 

Just as industrial project management must find its brand of agile project management, it must also find a way to rapidly test and deploy cybersecurity solutions. Accenture’s cyber ranges are the perfect example of where to do this.  

 

But it’s not just Accenture offering these environmentsthe cybersecurity sphere is littered with examples of service providers and vendors offering similar solutions, covering all verticals, alongside examples of enterprises taking matters into their own hands in-house 

 

Palo Alto and IBM are but two examples of the competition facing Accenture’s new cyber ranges 

 

Palo Alto has made its mark in this arena, opening up cyber range testing environments across the globe, including in locations such as Australia, the Netherlands, and two in the United States.  

 

IBM has also seen the benefits of cyber-wargaming in a safe environment. It has invested in what one employee at IBM’s recent Think event in London called “The Battle Bus.” Essentially, The Battle Bus is a mobile cyber range that has been built into a lorry.  

 

Despite a variety of leading providers offering cyber range environments, some equally leading enterprises are conducting tests in-house—but it’s tough 

 

Microsoft is one organization that regularly conducts cyber-wargames internally, with the thought process being that if someone is going to find a breach point, then it should be a Microsoft employee. The key decision for enterprise security leaders is whether to look to a provider such as Accenture, Palo Alto, or IBM, to help in their wargaming efforts or whether to follow Microsoft’s in-house examplethe latter option is easier said than done 

 

The difficulties surrounding the in-house route stems from the availability of timetalent, and infrastructure. Justin Clarke-Salt, managing director and co-founder of Gotham Digital Sciencesaid: “Its resource-intensive [in-house cybersecurity wargaming] with few large organizations having the capability to truly test their systems. To conduct safe exercises, organizations must acquire and retain extremely highly skilled individuals… Some of them [enterprises] do, but most only have what I would term mature penetration testing or a more compliance-focused security testing capability internally. 

 

In addition to the resource intensiveness of going it alone, most enterprises don’t have the environments to safely test their defenses and therefore risk doing more harm than good by shutting down their own systems. 

 

The Bottom Line: It all boils down to in-house capability: Does the enterprise have the expertise and systems to assess its own cybersecurity? Can it afford to miss out on the wider benefits of a provider’s cyber range?  

 

If the answer to the question we pose in our Bottom Line is yes, then delve into the idea of in-house cybersecurity testing. The more likely scenario, however, is that it’s a hard no. And you need a service provider and the ecosystem they can offer through cyber ranges, expertise, and partnership networks. The latter is probably the best outcome for most enterprises, as the benefits of both the cyber range facilities and co-creating and deploying new and improved solutions exceed the simple benefits of an internal (resource-intensive) “check in the box” test run of your current defenses. 

Sign in or register an account to access HFS' Content

Sign In

Create an account

Enter a phone number
Select the newsletter(s) to which you wish to subscribe.