Following reports that Chinese spies infiltrated the supply chain of servers assembled by Supermicro Computers Inc., the New York–based CYBERGYM has launched a new infrastructure-security combat training program.
Driven by the belief that threats posed by these types of supply chain and infrastructure hacks are significant, CYBERGYM said it developed the training to help organizations prepare for such an attack. In an effort to make the training as realistic as possible, the engineers and white-hat hackers at CYBERGYM developed a virtual model of the surveillance chip identified in the Bloomberg report. The virtual model emulates the actual attack scenario, which will allow participants to respond to a real-life chain of events, GYMBERGYM said.
Available in cyber-warfare arenas in the US, Europe, Asia and Australia, the training provides organizations with the strategies needed to defend against complex, hardware-based attacks, which requires advanced forensic analysis.
As such, the training program entails multiple forensic layers, including memory, network, PLC and operating system, in order to bolster the organization’s anomaly detection skill set. The training is multi-leveled and augments the critical forensics data collection skills sets of trainees so that they organization is equipped with security personnel who can effectively analyze, mitigate and remediate hardware or infrastructure level attack damages.
"Our program is based on multilayered forensics and is designed to fundamentally enhance both human training and policy implementation," said Ofir Hason, CEO of CYBERGYM, in a press release.
"The story, while contested, has nevertheless brought into sharp focus the very real likelihood of organization’s suffering infrastructure infiltration at the hands of hackers. To fight this type of core and complicated attack, organizations need to be able to quickly analyze the events, collect the relevant forensics and work collaboratively with their IT supply chain partners to mitigate and prevent escalation – processes that are benefited greatly by access to hands-on, real-world training scenarios. In this sense, time and performance are crucial.”