Researchers from New York University and the New York City Cyber Command (NYC3) – the agency tasked with defending New York’s municipal networks and residents from digital threats – recently held their annual Cyber Simulated Threat Response and Incident Knowledge Exercise (Cyber STRIKE).
They used the city’s cyber range – a virtual environment used to train cyber defenders to face real-life scenarios of detecting and mitigating active attacks against government, educational, and corporate organizations. The goal was to prepare for a post-Coronavirus world in which the increased prevalence of remote work potentially gives hackers more ways to target networks.
“If you don’t know or see your environment, you don’t know what you’re working against,” New York City Chief Information Security Officer, Geoff Brown, said.
This year’s Cyber STRIKE involved three scenarios: a simulated ransomware infestation, a spear phishing campaign, and a cryptocurrency mining scam. There was also a “capture-the-flag” exercise in which the participants competed against each other to defend or attack a network. Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business, often with the intent of stealing data or to install malware on a targeted user’s computer. Legitimate cloud mining services allow users to rent server space to mine for coins at a set rate, but mining scams promise astronomical returns and fail to disclose a range of hidden fees, or may be fronts for Ponzi scams.
NYC3 is also tasked with growing the city’s public- and private-sector information security workforce. The city projects it will need at least an additional 10,000 cybersecurity professionals by 2027.
“For our part, the most valuable thing is building the workforce,” said Mitch Herckis, a New York City Cyber Command senior adviser. “We have an all-of-New York City mission.”