Keysight’s BreakingPoint Equips US Army National Guard's Cyber Shield 2020 Cyber Training For Defending Nation's Information Infrastructure

Case Studies

Cyber range exercises are the most realistic way for warfighters to ‘train as they fight’. These are live exercises where cyber attackers (red teams) attempt to disrupt information flow within defended environments. The network defenders (blue teams) are tasked with keeping their networks up and running by detecting and mitigating the red team’s attacks

 

The US Army National Guard’s largest yearly event is called ‘Cyber Shield’. The 2020 event was run under the command of COL Teri Williams, of the National Guard’s 91st Cyber Brigade. More than 800 National Guard soldiers and airmen from more than 40 states signed in for the virtual training to sharpen their skills as network defenders. The exercise was conceived in cooperation with industry network owners and law enforcement partners to ensure it met the demands of defending the nation’s at-risk information infrastructures

 

As in previous years, Keysight Technologies volunteered its support to Cyber Shield. Keysight’s BreakingPoint traffic generators were used in the exercise to provide realistic and random background traffic generation meant to obfuscate cyberattacks

 

Traffic realism is one of the most important requirements for cyber range traffic generation. It is not enough for defending teams to observe and mitigate cyber threats. As in the real world, they must ‘hunt’ the nefarious actors, understand hacker tactics, techniques, and procedures (TTPs), and then mitigate their attacks. These attacks will be part of the normal network traffic landscape and that landscape can be an enormous haystack of traffic. Before trying to mitigate an attack, a blue team must find that attacker, or needle, in this haystack of normal network traffic

 

Identifying the threat is as important as mitigating it. Without appropriate background traffic, the red team is easily identified. Nearly as ineffective as no background traffic is bad background traffic. When blue teams start their hunting, they will analyze the traffic for clues to find the attackers. The quality and realism of the traffic is a very important aspect of any cyber range as synthetic traffic can be misleading. Keysight traffic generators provide random and realistic traffic that cannot be easily identified. Red teams now have the cover traffic to perform their operations and blue teams must hunt for their needles in a haystack of random and realistic traffic, just as they must do in the real world

 

Organization:

US Army National Guard

 

Challenges:

• Generate realistic legitimate internet-like network traffic

• Obfuscate malicious actions to challenge analysts in finding cyberattacks

 

Solutions:

Keysight’s BreakingPoint application and security test platform

 

Results:

Brought “immeasurable realism, context, and value to this year’s exercise”