Chaos Engineering: Building the Next Generation of Cyber Ranges

Chaos Engineering: Building the Next Generation of Cyber Ranges

In one of our past posts on the same subject, we discussed how to apply chaos engineering principles to cyber war-games and team simulation exercises in broad brush strokes.


In short, ‘chaos engineering’ is the discipline of working and experimenting with new features and changes on a system that’s already in live production. The purpose is, among others, to test the system’s ability to implement changes and remain resilient.


Using the applicable principles, IBM Security X-Force is building out next-generation cyber ranges that encompass security concerns and business imperatives, mapped to likely attack scenarios. In a sense, it’s chaos engineering with intent. We want to inject enough chaos and unexpected elements into the exercises to force security and other types of organizational teams to think on their feet and learn how to react to new threats. 


In the range, we also want teams to encounter scenarios and exploits that are relevant in their domains, geographies and technology environments. A key element in our simulations is to include not just the infosec teams but also all other affected units — marketing and public relations, legal, finance and even human resources. 


The goal is to leverage the best parts of chaos engineering to create an immersive and highly relevant experience that can better prepare an organization for the jolting and uncomfortable experience of a successful cyberattack and resulting damage — to live out the worst-case scenario. If they can handle the worst case, then all other cases can be more manageable.


So, let’s consider a hypothetical case as an example: A large chain of hospitals faces a broad array of cyber threats. What types of attacks may come? Ready, set, go.


A Big Hospi ..

Support the originator by clicking the read the rest link below.