Practice what you preach in cybersecurity

Universities' "Cyber Ranges" are the latest trend in the field

University education is all about acquiring not only a broader knowledge about a discipline but also gaining practical experience that you can later apply in the real world. The latest trend in cybersecurity is precisely focused on that: “cyber ranges” are gradually emerging in the academic world, and American universities are leading the way.

British Universities Prime Target for Hackers

Cyber ranges are essentially a virtual environment where students and researchers can practice hacker attack scenarios and learn how they unfold and how to build a proper defence against them. The cyber range is of course a controlled environment, where any attacks launched are by benevolent actors and where cybersecurity students in particular can practice these scenarios over and over until they have refined their practical skills – much like a chemistry or physics lab. However, establishing a cyber range is a bold move, as it means that universities willingly expose their infrastructure to (controlled) attacks for the benefit of those training in response strategies – but it could result in significant advantages for the universities participating.

As the BBC reported on September 5, 2017, UK universities are increasingly targeted by hackers. Just in 2016-2017, over 1,152 security breaches into British university networks were recorded, with victims including the University of Oxford, University College London, and Warwick. In some instances, the institutions were hit more than 1,000 times within a single month. Having a cyber range on campus also increases awareness of the importance of cybersecurity and data protection among students as well as employees.

US Institutions Lead the Way with Cyber Ranges

As most universities store and handle a tremendous amount of personal data (including students, employees and teaching staff), taking steps to improve their record in data security also helps them comply with privacy regulations and builds a reputation of investment in data protection and cybersecurity. This in turn draws in more cybersecurity students, as well as researchers and privacy professionals who could use the university’s resources (as a large-scale organisation processing a volume and variety of data that is hard to come by) to improve their craft. This could even result in strategic partnerships between universities and cybersecurity hubs and firms, increasing publicity and putting institutions at the forefront of related research in the field.

UK universities seem to be lagging behind, as more and more of their American counterparts open up to the idea of having a cyber range on campus, including Arizona’s Regent University, Wayne State, Western Washington University, and Grand Canyon University. Recently, the University of South Florida launched a comprehensive cyber hub that includes a cyber range – the second in the state, after the one established on the University of West Florida campus. Students can access the cyber range safely from any online device, while the hub also includes a community forum where participants can exchange information and solutions, as well as a “secure sandbox” where they can examine and experiment with malware without risking infecting the whole network.

With malware attacks and security threats on the rise globally, UK universities need to turn to bolder and more effective solutions, not only in order to enhance their defences, but also to show the way to the rest of us, by training future cybersecurity professionals in a hands-on way.