For every entrepreneur, India is a country of almost unending possibilities. With 1.4 billion inhabitants, it might almost seem a daunting challenge to hold a national cybersecurity exercise there, especially when the leading partner, CybExer, hails from Estonia, a country with the population of one of India’s smaller cities. Yet this took place last year and was a real success.
Strong e-Estonia brand
According to Lauri Almann, cofounder of CybExer, Estonia’s positive international reputation in cybersecurity led to the partnership with the Indian government.
“We have to start with the brand of Estonia,” he said in a recent interview. “If you say you are a cybersecurity company from Estonia, that puts you as a company in another league compared to others.”
Almann also credited Estonian Business and Innovation Agency, the country’s national foundation tasked with developing its economy, with assisting the collaboration with the Indian government. “They are extremely good,” he said. “We have created a narrative backed up by real capabilities.”
The Indian government contacted CybExer because the seven-year-old company has experience providing cyber ranges and virtual environments where security experts can simulate attacks and monitor responses. CybExer offers its Cyber Range in various formats to partners, such as a wholly owned hardware solution or via a software-as-a-service model. According to the company, it has provided cyber range experiences to more than 100,000 users.
“We deliver to our customers the experience of what it feels like to be under a massive cyber attack.”
These experiences are tailored to the needs of the user, he noted. “We talk to our customers about their infrastructure, their systems, what kinds of tools they are using,” he said. “The whole experience is very lifelike.”
CybExer’s platform also enables users to visualise what transpires on any of the systems being probed during an exercise, providing back information on their status, how well they are defended, and how successful the attackers were. “This allows good situational awareness in technical exercises,” he said.
While CybExer’s Cyber Range was designed from its inception to be delivered globally and remotely, the vastness of India was still a new experience for the company. “Just the sheer largeness” of India made the cybersecurity exercise unique, Almann acknowledged.
The most extensive exercise so far
The exercise, which took place last year, involved more than 1,500 people from many teams, with the goal to encompass all of the major federal sectors involved in cybersecurity in India. The exercise lasted for five days, meaning that CybExer had to build a complex infrastructure that simulated India’s cybersecurity infrastructure, and put those systems under constant attack.
“We haven’t had an exercise of this size, and to have it one-on-one at the national level with one of the largest countries in the world, with one of the largest sets of problems, is certainly a huge and humbling experience,” remarked Almann.
Almann said that the outcome of the national cybersecurity exercise was positive for the Indian government. It helped to reinforce and build the country’s cybersecurity community. He noted that, in general, there tends to be a lack of exchange between technical teams and strategic decision making teams in the event of cyberattacks, and that people who have no training in cybersecurity are often the ones making decisions, rather than those with technical knowhow.
India’s digital revolution
Almann also said he was impressed by the firm’s Indian partners. “We liked the engagement of the clients and the level of seniority of people who helped to plan, customise, and offer ideas to improve the scenario.”
The government’s Press Information Bureau (PIB) said in their press statement that participants were trained in various cybersecurity areas, including intrusion detection techniques, malware information sharing platforms, vulnerability handling and penetration testing, network protocols and data flows, and digital forensics.
According to the PIB, the exercise helped inform strategic leaders how to understand cyber threats better, assess readiness, and develop skills for cyber crisis management and cooperation.
Shri Ajit Doval, the country’s national security advisor, was quoted as saying that India was undergoing a “digital revolution,” and that the government had launched a large number of digital services.
In 2015, for instance, the Indian government launched Digital India, a campaign to develop secure and stable digital infrastructure within India, to deliver government services digitally, and to achieve universal digital literacy. With increased digitalisation, however, comes increased vulnerability to cybersecurity threats.
“Cybersecurity remains the foundation of any successful digital transformation,” Doval noted. “Any cyber threats directly impact our social, economic and national security, and therefore we must safeguard our cyberspace.”
Cooperation with universities
CybExer’s relationship with the Indian government led to a separate contract with Rashtriya Raksha University. Administered under the country’s Ministry of Home Affairs, RRU is India’s national security and police university based in Gujarat in northwestern India.
“This is the central police academy responsible for training a large part of security personnel in India,” said Almann. “This is an exciting project for us,” he said.
Nidhish Bhatnagar, director of the School of information technology, artificial intelligence, and cybersecurity at RRU, said in a statement made when the partnership was announced in February that the university intends to use CybExer’s Cyber Range product to expand the scope of its cybersecurity studies.
It was also noted that the Cyber Range will continue to be used in the country’s annual Cybersecurity Exercise.
“What makes CybExer’s Cyber Range especially appealing to us is the ability to customise and create our content without restrictions,” Bhatnagar said. “We want to make full use of the cyber range and not be limited by artificial barriers,” he said.