New DOD test range serves as cyber training ground
'Sandbox' simulates Global Information Grid
The Defense Department has a new cyberspace sandbox for training exercises and for testing the limits of software applications.
The Defense Department Information Assurance Range is designed to provide an operationally realistic simulation of the Global Information Grid, its network services and information assurance/network defense capabilities in a closed environment. It also serves as a virtual training ground for DOD cyber personnel and a testing and evaluation space for new information assurance and network defense technologies, tactics and policies.
Now in its initial operational capability, the DOD IA Range (IAR) can operate as a stand-alone simulator or it can interface and interoperate with other rangesrun by the combatant commands, services and agencies. According to a recent solicitation by the Defense Information Systems Agency, the range operates on a closed network and does not affect operational networks.
Many of the range’s capabilities emulate those of the National Cyber Range, a program managed by the Defense Advanced Research Projects Agency that will provide a national-level virtual facility for testing software and running network simulations. However, with a six- to eight-year development timeline, many government agencies, especially the DOD, were becoming impatient and began establishing their own testing ranges, Wired Magazines’s Danger Room blog reported.
IAR is not part of the National Cyber Range program, according to DARPA officials.
The IAR provides a generic DOD Tier I through Tier III environment for simulation and modeling. Among other things, the range offers a virtual Internet capability consisting of both malicious and friendly websites. According to DISA, scripted threats and live red team attacks can be launched from the virtual Internet into the IAR’s Global Information Grid environment.
Based on an open architecture design, the range can be configured to support the needs of individual exercises and events. This flexibility includes details such as traffic generation, threat injection, operating system types, patch levels, enclave machines and network services. The environment also permits the testing, evaluation and interoperability assessment of enterprise information assurance devices and applications. Virtual enclaves can be created within the range for specific test requirements.
To model an operationally realistic environment, the IAR uses tools such as the Systems Administrator Simulation Trainer (SAST) and Breaking Point. Created by the Pacific Northwest National Laboratory, SAST is a software suite designed to provide a realistic cyber range environment for training personnel, conducting exercises and testing tools.
According to DISA, SAST serves as a framework for building applications to describe and generate network behavior. A capability for the software is the A Network Traffic Synthesizer (ANTS) suite of tools. It includes the Multi-User Traffic Tool that allows ANTS to simulate the behavior of individual users on a network and track overall network traffic; a Coordinated Attack Tool to describe aggressors and generate their behavior; and a Virtual Internet ProvidER, a pack of plug-ins allowing ANTS to describe and provide Internet or local LAN services.
BreakingPoint is designed to model Internet-scale network conditions with real world applications, live security attacks and millions of users. Some of its capabilities include creating high levels of realistic user application traffic; creating simulated network nodes that can interact with the range and make it appear larger; providing realistic network management and service traffic; and creating large volumes of threat traffic. It can play prerecorded scenarios, script test data, support and emulate advanced networking protocols such as MPLS and IPv6, and capture and record traffic across the range for replay.
In the 2011 fiscal year, additional capabilities will be added to the range. These include public-key interface, control access cards, a classified environment, DISA NIPRnet hardening services, wireless capabilities, voice over IP, and IPv6.