Florida’s Cyber Range: A Proactive Approach to Incident Response Training for Public-Sector Employees
Experience in cybersecurity can often come with hefty consequences, something that affects everyone from Chief Information Security Officers (CISOs) to Tier 1 analysts who have grappled with major security breaches. However, Florida is taking a novel approach to train public-sector employees in a safe and effective manner by offering realistic, hands-on experience in incident response through a state-funded cyber range. This initiative allows thousands of public-sector employees to engage in dynamic threat simulations that mirror their actual IT environments, helping them prepare for real-life incidents in a controlled environment.
Bruce Caulkins, the director of cyber solutions and technology at Cyber Florida— the organization responsible for the cyber range— emphasizes the importance of practice in cybersecurity training. Drawing a parallel with aviation, Caulkins notes that pilots spend countless hours in flight simulators to prepare for various scenarios before taking to the skies. This analogy highlights the significance of preparedness in a field where the stakes are incredibly high.
In 2021, Cyber Florida identified the need to shift public-sector organizations from a compliance-driven mindset towards a more proactive approach to cybersecurity, characterized by cyber-resilience and readiness. According to Caulkins, resilience in a cybersecurity context means being able to carry out essential functions even when facing degraded or compromised systems. Recognizing the limitations of traditional sandbox training environments, which often provide a simplified version of real-world scenarios, Cyber Florida was motivated to develop a cyber range that closely resembles actual organizational networks and the complex challenges therein.
To assess the feasibility of such an initiative, Cyber Florida brought on board Caulkins, a retired U.S. Army colonel with expertise in cybersecurity modeling and simulations. This step was crucial in understanding how to effectively tailor the cyber range for state, county, and municipal use.
The Decision-Making Process: Buy vs. Build
Following the feasibility study, Cyber Florida concluded that developing an in-house solution was not practical due to the upfront costs and ongoing operational challenges associated with managing data centers. Instead, they opted for a third-party, cloud-based solution that would allow them to focus on their core competencies. Ernie Ferraresso, senior director at Cyber Florida, noted that the organization excelled at identifying which agencies should participate in the range and what types of challenges they might face. However, managing a data center wasn’t where their strengths lay.
After careful consideration of around a dozen cyber range vendors, Cyber Florida formed a partnership with Boston-based SimSpace. Caulkins and Ferraresso were particularly impressed with SimSpace’s responsiveness and their understanding of the public sector’s mission. They feared that they might become just another account at a larger provider, but SimSpace’s flexibility and customer-centric approach assuaged those concerns.
Results: Engaging Live-Fire Exercises
Florida’s state cyber range became operational in early 2023. It now offers both on-demand modules for individual users and scheduled live-fire exercises that present small teams of tech practitioners with realistic incident response scenarios. According to Caulkins, participants face situations designed to mimic real incidents, requiring them to identify problems, mitigate issues, and even interface with law enforcement if necessary, such as contacting the FBI.
Advanced exercises are designed to stress-test incident response communication strategies by simultaneously engaging technical teams and executive managers. This ensures that both sides understand each other’s roles and responsibilities better. Essentially, the goal is to foster improved communication and collaboration between tech professionals and management to enhance overall effectiveness during a crisis.
Furthermore, the cyber range can be tailored to showcase tools that teams use in their daily operations, such as CrowdStrike and ReliaQuest. This adaptability allows Cyber Florida’s range to reflect emerging and evolving threats. For instance, discussions with federal partners led to the immediate implementation of a simulated “Volt Typhoon” type of incident, showcasing the rapid responsiveness of the cyber range to the changing threat landscape.
Future Directions: Expanding Focus to Cyber-Physical Attack Simulations
As the cyber range continues to grow, its current user base primarily consists of state and local government employees. However, given the rising number of attacks on critical infrastructure, Cyber Florida plans to expand its services to include public-private sectors, particularly utility providers. Ferraresso highlighted the importance of incorporating cyber-physical challenges into training programs, recognizing that the integration of these elements could greatly enhance their effectiveness.
He urged organizations to look beyond the basic training and annual evaluations that cyber ranges typically offer. For Florida, the development of this cyber range has become an operational necessity, aimed at ensuring that employees are not just trained, but genuinely prepared for the complexities of modern cybersecurity threats.
In summary, Florida’s cyber range represents a groundbreaking step in preparing public-sector employees for the challenges of cybersecurity. By providing hands-on, realistic training in a controlled environment, Cyber Florida is enabling a more effective and proactive approach to incident response, ultimately enhancing the overall resilience of the state’s cybersecurity posture.