Picture this: You work for a cybersecurity team at a company that’s just had its network filleted open by a cyberattack. Your company’s CEO is calling. The press is calling. Other assorted stakeholders are calling with their immediate concerns.
That was roughly the intense and hectic scenario described by Douglas Alexander, the director of Rhode Island College’s (RIC) Institute for Cybersecurity & Emerging Technologies, during a Wednesday walkthrough with press and state leaders of the institute’s new cyber range.
“As we all know, sometimes under pressure, we all don’t respond at our best,” Alexander said.
The new cyber range is designed to help students learn how to perform within the unique gravity and demands of these scenarios in a more realistic way via staged cyber attacks. The range is the latest addition to the cyber institute, which opened in 2023 and is chaired by noted cybersecurity sage and former congressman Jim Langevin, who shared progress images of the range with Gov. Dan McKee earlier this year.
“I felt I was looking at ‘Star Wars’ or something like that,” McKee said during a public ceremony for the range’s grand opening before the walkthrough.
The range relies on IBM’s Cloud Range platform to simulate cyberattacks and teach students how to respond to them. Simulations displayed as tiles on a screen at the range Wednesday sported difficulty levels ranging from novice to advanced, with titles pulled from real threat actors’ strategies or broader tactics like ransomware or website defacements.
The Pawtucket-based firm LLB Architects — also enlisted recently by the Department of State to conduct a feasibility study for a state archives building — designed the classroom, which accommodates up to 24 students across four workstations. Each workstation has six computers, outfitted with Dell monitors and Alienware mice and keyboards that, on Wednesday at least, glowed with a futuristic blue. The room’s ceiling is outfitted with LED fixtures in similarly glowing hues, and the front wall sports a 24-foot-wide by 4-foot-tall screen that plays out the simulations.
The cyber range’s network is also isolated from the rest of the RIC network, to prevent spillover of any malware to other computers on campus. The school is also making it available to outside parties for “single-session engagements, annual multi-exercise programs, and comprehensive incident response plan stress tests,” according to an institute press release.
I felt I was looking at ‘Star Wars’ or something like that.
RIC is the third school to use the cyber range as part of the IBM Cyber Campus program, which is the company’s partnership with Cloud Range, the latter’s founder and CEO Debbie Gordon confirmed in an email Wednesday.
Wednesday’s ceremony also included a “powering up” — an electrified equivalent of a ribbon cutting, in which McKee and other state and university leaders joined together to press a big blue button before the cyber range’s 24-foot-wide screen lit up for ostensibly the first time.
Alas, the room has already seen some use this semester, Lindsay Russell, a spokesperson for RIC’s cyber institute, confirmed over phone Wednesday.
But students and faculty have largely “been dipping their toes in,” Russell said, acquainting themselves with the space, and by next semester the classroom will be more fully integrated into the institute’s curriculum.
The range’s home is on the first floor of Alger Hall. RIC intends, however, to move the simulation space to Whipple Hall once the renovations there are complete — including about $73 million for the makeovers drawn from the funds voters authorized via a 2024 ballot measure.
More pressure on state and local leaders
During the speaking program before the cyber range’s ceremonial powering on, retired U.S. Rear Adm. Mark Montgomery highlighted the need for cybersecurity education amid looming and numerous international threat actors which are beginning to target U.S. infrastructure more and more frequently.
“Really complicating this is that right now, Washington is tied up,” Montgomery said. “They’re tied up in knots, and they’re not able to proceed on a lot of these issues. So in my mind, that means the solutions have to push down to the state and local level, to the academics, to the nonprofits, to push these issues, to think of the solutions to drive change.”
Alexander echoed that sentiment during his demonstration, and recalled a recent “60 Minutes” special that detailed how Littleton, a town of about 10,000 in western Massachusetts, had its electric and water utility system hacked by Volt Typhoon, a prolific cyber crime outfit with ties to the People’s Liberation Army Cyberspace Force. The U.S. Cybersecurity and Infrastructure Agency (CISA) first issued an advisory on the group in 2023, outlining Volt Typhoon’s playbook and its purported sponsorship by the People’s Republic of China, which has denied any connections to the group.
Volt Typhoon primarily uses living-off-the-land techniques, according to Microsoft and CISA. That means embedding within a network’s existing administrative toolbox to limit logging, avoid detection and then run scripts as needed. The group is known to use Windows’ native command line to gain a foothold in government and infrastructure networks.
Volt Typhoon is also one of the simulations available in Cloud Range’s portfolio of exercises at RIC. It’s an advanced level simulation.
“This is the sword of Damocles that China has hanging over us, is ‘We could shut down your critical infrastructure, if we wanted to,’” Alexander said. “That is a heck of a leverage.”
But one does not have to go as far as Beijing or even as close as Massachusetts to find high-profile instances of cybercrime. Alexander gave the now canonical example of a large-scale data breach in Rhode Island, RIBridges. The breach of the state’s public benefits and health insurance marketplace in 2024 siphoned personal information of approximately 650,000 Rhode Islanders from state servers, which Alexander called “a fairly traumatic event for a sizable number of Rhode Island citizens.”
Two of the state’s top IT officials who wrestled with that breach — Chief Information Officer Brian Tardiff and Chief Information Security Officer Nathan Loura — attended Wednesday’s event. Both men left by the time Alexander gave his demo in the cyber range, which gave him permission to sing Tardiff and Loura’s praises.
“They actually were very proud of their command center and how they responded internally to that attack,” Alexander said. “It was a brutal time. It was clearly not optimal for them, but they pulled together.”
Alexander credited Tardiff and Loura’s performance on the backend of the incident response as grounded in the pair’s “pre-existing relationships with each other that even predated their positions at the state.”
“Now, we still need to get their team in here to really test that out, because we’ve got some advanced scenarios so that could put them to the test,” Alexander said of the state IT team.
That teamwork is what hardens a war room against attack, Alexander said. The cyber range is geared toward giving students “a fairly immersive, pressure filled situation,” he said, which will replicate the intensity of a real-time cyberattack, rather than the abstraction of tabletop scenarios.
Alexander likened tabletop scenarios to a game of Dungeon & Dragons — a pattern of action and response with a predictable pace, something lacking the “hands-on” experience a simulation can provide.
“Those poor professional skills are often the make or break differentiator between a successful defense and a failed defense, or an attack that goes on for too long,” Alexander said.
The cyber range’s post-scenario evaluations include a rubric to indicate the quality of teamwork during a given exercise. Perhaps a team does well overall, but individual members didn’t communicate well with others or had conflicts that impacted their work.
“These are all very human responses, especially under pressure,” Alexander said. “But if we can do that in a safe space…we’re much better off than if that happens in a real life attack.”
This story was originally published by the Rhode Island Current.
