FBI cyber training isn’t about sitting at your desk with a textbook anymore. It’s all about simulated towns and dealing with the real stress of fake situations.
-
The FBI is moving cyber training out of the classroom and into a realistic 22,000-square-foot simulated town where students practice under pressure.
-
The Kinetic Cyber Range in Huntsville includes fake homes, hotels, businesses, critical infrastructure, and a data center with more than 200 servers running real systems.
-
Trainees work through practical cybercrime scenarios, from deciding which connected devices to seize in a home to investigating corporate networks with system administrators.
-
The range can recreate high-stress incidents such as a ransomware attack on a hospital, forcing agents to handle both the technical crisis and the people affected by it.
-
The training reflects a wider push against costly cybercrime, as Americans have reported more than $20 billion in losses and the FBI targets criminal tools, infrastructure, and services through Operation Riptide.
The Federal Bureau of Investigation (FBI) has revealed its 22,000-square-foot toy town, where students are finally taken out of the classroom and forced to confront realistic threats.
The Kinetic Cyber Range in Huntsville, Alabama, is a response to the evolution of the cybercrime landscape, as old-school teaching methods are no longer sufficient to keep pace with evolving threats.
“In the past, you never left the classroom,” Dave Beachboard, the facility's manager, said. “Everything was presented to you at your desk.”
Instead of taking trainees out in the world to put theory into practice, aspiring FBI agents would be expected to learn tools and techniques beforehand.
Come inside the “Kinetic Cyber Range”
Now, the FBI has created its own model city, which gives students a sense of how to navigate real-life situations while putting their theory into practice.
The Kinetic Cyber Range on the FBI’s North Campus on Redstone Arsenal in Huntsville boasts a 22,000-square-foot complex that includes fake hotels, businesses, critical infrastructure, and apartments.
The facility isn’t just at scale for show, it’s also as realistic as it gets.
Not only do students feel that they’re immersed in a real-world environment, but the systems behind the fake buildings are also fully functional.
Students will have to interact with real networks, and “they’re going to see Active Directory, email, firewalls – everything that’s typical of that venue,” says Beachboard.
Digital forensic examiners need real-world training, too
A fake town might seem like overkill when it comes to training IT forensic examiners or agents focused on digital forensics, but there are a multitude of practical use cases, according to the Bureau.
One instance saw students enter a home brimming with internet-connected devices. The future agents then had to decide what devices to seize and what to leave.
In another scenario, trainees had to dig deep into a corporate network and work with system administrators to access data from a business.
There’s also a fake data center in the complex, which has “over 200 servers running in it… some are running Windows, some are running Linux…so a student gets to encounter what it’s like working in a data center,” said Beachboard.
This live-action simulation isn’t comfortable, calm, or cozy. These environments are deliberately manufactured to simulate real-life situations where threats are imminent and working life is tough.
Head of the Huntsville cyber training unit Stephanie Cassioppi acknowledges that digital forensics students will likely never get their hands on hardware, and their training is more about tracking how threat actors work and move online.
"For us, our threat actors are overseas…the odds are I'm never going to get my hands on their computer or their phone."
Cyber Range simulates real ransomware attacks
However, the facility is particularly important when it comes to recreating scenarios and seeing how these happen in real time.
For example, the facility could simulate a ransomware attack, sending a hospital into complete lockdown.
“Alarms sound. Role players respond as if patients' care is at risk, forcing trainees to navigate both the technical problem and the human one,” according to the Bureau.
Cybersecurity within the FBI isn’t like in the movies. It’s not isolated hackers sitting at computers, staring at lines of code, and breaking into systems. It’s actually more corporeal.
While technical skills are essential, Cassioppi says that cybersecurity is also about “practicing those soft skills…[and] dealing with people.”
Whether that’s interviewing people and making them aware of what data the FBI is planning to exfiltrate, agents working with digital forensics will need to know their way around people, not just computers.
As technology evolves, threat actors are likely to adopt the latest tools to exploit the public more easily and fool law enforcement.
The FBI has to be ready to tackle the latest connected devices and uncover new forms of cybercrime.
This means that aspiring agents must also encounter these situations while training.
Cybercrime is costing Americans millions
The FBI’s reveal of its Cyber Range coincides with Operation Riptide, which aims to tackle the US’s increasingly expensive cybercrime issue, as Americans filed 1 million complaints and reported over $20 billion in losses.
Operation Riptide is a “coordinated law enforcement campaign targeting criminal actors and the key services they rely on, their infrastructure, their tools and services, their communications platforms, and their money,” said the Bureau.
Since the announcement, the FBI’s Boston Division has taken down the First VPN Service, which is designed to support cybercriminals.
At least 25 ransomware groups, including Avaddon Ransomware, are said to use the First VPN infrastructure to hack systems and conduct network reconnaissance, which has “cost companies in the United States and around the world millions of dollars.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked