There’s a city in a secret place in the state of New Jersey where the public services are always a mess. Power cuts, water supply problems and even Internet outages. Then add to that banks, stores, hospitals, schools and public transport that can’t operate normally on a daily basis because their security is continually compromised. In this city however no human being has to suffer any of the consequences. Nobody lives there: the city is just 1.8m wide by 2.4 m long.

CiberCity is a model city created by the Sans Institute, an organization that brings together over 165,000 IT security professionals. Its aim is to show the US army how to hack every corner of a modern city. It’s a 1:87 scale training camp designed to ensure the military is properly prepared for a cyber-war.

Ed Skoudis is the director and instructor of this unusual project aimed at teaching the latest cyber-security techniques. “A lot of computer security over last 10 years has really focused on computers themselves and the data on them… or it’s focused on spying and espionage”. Now there are other types of attacks. “But the threat is changing. It’s still that, but adding to that, it’s now people hacking into computers to cause real-world physical damage“, explains this expert in IT security.

If CiberCity existed in real life, it would have 15,000 inhabitants. It’s a city that has all the typical amenities and features of a real town: garden plants, swings in the parks, urban traffic, bars with WiFi and even a chemical plant have all been recreated in this mini city.

Five cameras monitor CiberCity so students have a live stream of everything happening there, and can carry out remote cyber-attacks, thereby learning how to attack and defend a city by hacking its security systems.

In one of the training missions, these security experts assume the role of hackers to cause a complete blackout of the city then reconfigure the power company’s computers so utility workers can’t access them. A city can’t live without power, so the challenge is how to get the system up and running again.

Another scenario asks students to work out how to simultaneously turn all traffic lights in the city to red, to prevent terrorists from escaping from the city. Derailing a train hurtling towards the town and laden with radiological weapons; reprograming a rocket launcher aimed at a hospital and hacking a water treatment plant so that clean water appears to be dirty are just some of the entertaining challenges that students will have to tackle.

According to Skoudis, the fact that the model is so realistic makes the project more meaningful to military leaders than if the missions were simply in virtual environments. “They want to see physical things. They want to see the battle space, and what’s happening there”.

Some 70% of Americans say they fear cyber-attacks from other countries, and would no doubt approve of their military acquiring such advanced system hacking skills in order to be better prepared to defend them. And it’s a fair bet that the students enjoy themselves too. Who wouldn’t with such a realistic Lego set?

The post The most cyber-attacked city is a model town appeared first on MediaCenter Panda Security.