"Cyber Ranges Bolster IoT Security"
The Government Accountability Office (GAO) released a report identifying government challenges to standardized security evaluations for Internet of Things (IoT) devices and Operational Technology (OT) devices. However, according to Joel Bagnal, director at the security company SpyCloud, state and local governments are required not to wait for federal guidance, as they can gain the upper hand by establishing more cyber ranges. In recent years, cyber ranges have risen in importance, with state-level ones opening in Louisiana, Virginia, and more. They primarily train cybersecurity professionals through hands-on labs and realistic exercises. Bagnal stated that increasing the number of ranges available to state and local governments would help officials in understanding the vulnerabilities of IoT and OT devices and learning to control the risk. He emphasized that a cyber range allows security staff to observe vulnerabilities being exploited and then learn how to apply this firsthand knowledge to their own network. Bagnal pointed out that the Idaho National Laboratory (INL) has a section devoted to critical infrastructure protection and IoT device security research, and is beginning to give recommendations for reducing vulnerabilities. The National Initiative for Cybersecurity Education (NICE) also published a guide on how cyber ranges can be used for education and training, stating that they are a crucial tool for closing the skills gap and securing society. This article continues to discuss the importance of setting up more cyber ranges to bolster cybersecurity for IoT and OT devices.