Visualizing a Cyber-Secure Future
NREL Visualization Helps Industry Partners Strengthen Workforce and Fortify Cyber Defenses
To an untrained eye, the logs used to track activity on information technology equipment might look like gibberish, but the information they contain paint a complete picture of a system’s health. Cybersecurity professionals heavily rely on these data to detect anomalies and to fortify networks against increasing cyber threats.
The National Renewable Energy Laboratory (NREL) created an interactive visualization tool to make the information stored in these logs easier to view and interpret, especially for noncybersecurity professionals. The tool’s unique visualization application was on display during a two-day, tri-industry cyber-defense exercise among six critical infrastructure companies—AT&T, Lumen, Mastercard, Morgan Stanley, Southern Company, and Southern California Edison. Mastercard hosted the simulation and NREL’s visualization application on its own cyber range, which emulates information technology networks for cyber exercises.
Rather than typical “tabletop” exercises where executives discuss a hypothetical event, this event offered companies the opportunity to strengthen their skills with simulated threats and head-to-head cyber-sparring in which teams alternated attack and defense positions. NREL’s visualization of the cyberattack scenarios helped bridge the gap between executives and cyber professionals, such that executives could see through the digital code to understand system vulnerabilities.
“Participating teams, and even observers, were able to gather information from the visualization itself instead of solely relying on system logs,” said Shane McFly, a senior cybersecurity researcher at NREL. “The visualization made the simulation easier to view and more accessible, especially to noncyber people.”
McFly, who led the NREL team that designed the visualization, attended the event in Dallas and was impressed by its usefulness for interpreting information on the fly. A member of the Mastercard cyber range team took it a step further by connecting a gaming controller to make the 3D graphics more explorable.
Purple-Teaming To Protect National Infrastructure
Each company brought two teams to the event: a blue team to secure their system from attack and a red team to hunt for gaps in others’ defenses. The combination of red and blue teams showcases an industry trend toward “purple-teaming”—where companies hire cybersecurity professionals who understand attack and defense strategies.
“Now, instead of just having a team skilled in cyber defense, cybersecurity teams can attack themselves during scheduled downtime or in mock systems to find potential vulnerabilities and develop mitigation plans,” McFly said. “It also allows companies to come together in exercises such as this one to practice against each other and gain valuable insights about their system’s health.”
Instances of data breaches and cyberattacks are on the rise, placing pressure on U.S. companies—large and small—to enhance their defenses. Scenario exercises help prepare newcomers and retrain mid- and advanced-career professionals to respond to the ever-evolving cybersecurity landscape.
Supporting Cyber Workforce Development
The visualization tool was adapted from NREL’s Advanced Research on Integrated Energy Systems (ARIES) cyber range specifically for the defense exercise as an information model. Using network topography provided by the exercise team, researchers input network traffic and pumped it to a web browser to create a 3D view.
Providing the visualization for the critical infrastructure cyber-defense exercise is just one example of the many ways NREL's cyber range can support professional development for a variety of industries and applications. Inside the lab, workforces can train on custom scenarios in an immersive cyber-physical environment. With expertise in system vulnerabilities and security, NREL is poised to help partners prepare for, identify, and respond to threats.
Learn more about NREL’s cybersecurity research, the NREL cyber range, and how to work with us.