The first time most cybersecurity professionals encounter security bugs and flaws is when their system is attacked. That’s an expensive way to get hands-on experience. The average total cost of a data breach is nearly US $3.8 million, according to the Ponemon Institute’s Cost of Data Breach Study.
Most cyberattacks are short-lived and version-specific, so it’s difficult for an organization to build an effective defense or reproduce an attack. That’s why the IEEE Cybersecurity Initiative launched Try-CybSI. The interactive platform provides cloud-based tools for practitioners and students to experiment with cybersecurity code and data. Included are vulnerabilities such as a Heartbleed Exploit, LongTail SSH honeypot, a padding oracle attack, and an SSLstrip. They’re all housed in secure virtualized containers so as not to infect users’ machines.
And what’s more, Try-Cysi is free. About a dozen experiments have been uploaded since the project launched in March.
“We feel very strongly that cybersecurity practitioners need practical familiarity with these tools and [to learn] how common cybersecurity attacks and other artifacts behave,” the project’s leader, IEEE Member Baijian “Justin” Yang, said in an interview about the project. Yang is an associate professor in the computer and information technology department at Purdue University, in West Lafayette, Ind.
“These tools demonstrate current issues in today’s cybersecurity world,” he said, adding that IEEE’s reputation for collaboration, transparency, and impartiality means the tools are technically sound.
HOW IT WORKS
The tools are organized into four categories: network attacks, secure coding, research tools, and cryptography projects. Participants get an estimate of how much time it will take to conduct each demonstration. YouTube houses instructions for launching the containers.
“It’s important that users and prospective users understand that Try-CybSI is an ongoing process,” Yang said in the interview. “With the uniqueness of this platform, backed by IEEE’s reputation for excellence, we plan to attract cybersecurity professionals who will share their knowledge and contribute their tools for interactive use by other practitioners.”