Test your might at the Open Cyber Range

We sat down with Maarja Heinsoo, the Head of Cyber Ranges at CR14, to peek into the world of private-sector cybersecurity and how it’s similar to firefighting and dogs.

Maarja Heinsoo, with her trusty sidekick

Maarja, can you explain what a cyber range is to those who might not be familiar with the term?

Maarja: Sure! Imagine you’re a firefighter. You wouldn’t want to learn how to fight fires by jumping into a burning building, right? You would want to practice in a safe and controlled environment with a training facility that simulates different scenarios and challenges. That’s precisely what a cyber range does. We put organisations and their products to the test so they wouldn’t get burned in the real world.

Sounds hot! What about the Open Cyber Range? What kind of fires are you fighting there?

Maarja: The Open Cyber Range is specifically designed to test, validate and help develop innovative products coming out of the private sector. So, we are both starting different kinds of fires and helping companies to figure out new ways to stop them.

Essentially, we simulate real-world cyber attacks in a controlled environment. Then, we look at the vulnerabilities we found and advise on how to fix them either through code or by improving the processes behind it. This approach gives the client’s teams hands-on experience in dealing with different types of attacks and enables them to address any weaknesses before they are exploited.

We often repeat the process with the client multiple times to ensure we cover as much ground as possible. Because the cybercriminals are nothing if not resilient. They sometimes strike a resemblance to my dogs - if they want to gain access to something, they will keep trying different approaches until they succeed. Unfortunately for my dogs and the cybercriminals, I and my team are constantly improving our capabilities as well.

Leaving the sad dogs aside, who do you help with the Open Cyber Range?

Maarja: Our clients come from various industries; basically, any organisation that values its data and wants to protect itself from cyber threats can benefit from OCR. We are a NATO DIANA accelerator program test centre, so we have clients from the defence sector improving their products on OCR. But we help everyone we can - from start-ups to different service providers and manufacturers.

Time for your elevator pitch - why should a private sector organisation contact you?

I will give three reasons:

1. OCR can save organisations a lot of money and reputation damage by preventing serious incidents from happening. A data breach can and already has doomed companies.

2. The best way to improve your might is to test it in a controlled environment. You will learn a lot. You might also shed some tears and discover vulnerabilities that give you nightmares. But it’s like going to the dentist - either you address things proactively or prepare for the pain that is soon to come.

3. It is free! As OCR is supported by Norway Grants “Green ICT programme”, we offer the range and its capabilities to the private sector for free, at least until June.