Cybersecurity Gets Real at FBI Kinetic Cyber Range
Cybersecurity Gets Real at FBI Kinetic Cyber Range
https://securityboulevard.com/2026/06/cybersecurity-gets-real-at-fbi-kinetic-cyber-range/
Publish Date: 2026-06-25 04:48:00
Source Domain: securityboulevard.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
The FBI has changed its training tactics over the years with a tacit acknowledgment that hands-on experience is almost always the best way to learn. That’s not to say classroom instruction should go the way of the dodo bird, but at the bureau’s 22,000-square-foot Kinetic Cyber Range in Huntsville, Alabama, eager future agents get to learn “in the field.”Located on the FBI’s North Campus at Redstone Arsenal, the training environment mirrors a real town, complete with businesses, infrastructure, and homes. No one lives or works there; just students crawling its streets solving and thwarting cyberattacks before being unleashed into the real world as FBI agents.“The systems that we have running in these facilities are just as real as the facade on the outside,” Dave Beachboard, manager of the Kinetic Cyber Range, said in a story posted on the FBI’s website. “When they start diving into the network, they’re going to see Active Directory, email, firewalls—everything that’s typical of that venue.”Trey Ford, chief strategy and trust officer at Bugcrowd, says what stands out “is the recognition that you can’t simulate cyber-physical attacks in a sandbox, you need actual hardware, actual control systems, actual consequences.”That’s something Ford has “dreamed of seeing a Black Hat for years – a live-fire cyber range.” Standing up the range is more than live targets, he says, “it’s an operational playground where buyers, vendors and analysts can test and reproduce real-world conditions to understand what works, and how capabilities fail.”By providing a realistic environment to train against threats targeting critical infrastructure, Matthew Hartman, chief strategy officer at Merlin Group, says “the Bureau is helping build the operational readiness needed to defend both IT and OT environments.”The industry should take note—it’s “another signal that cybersecurity and critical infrastructure resilience will remain national priorities for years to come,” he says.The FBI article describes a scenario in which students assess a home loaded with devices connected to the internet and must decide which items to seize; in another scenario, they removed a car’s electronic control unit. The range also has “a data center that has over 200 servers running in it,” Beachboard is cited as saying. “Some are running Windows, some are running Linux. So, a student gets to encounter what it’s like working in a data center.”Standing out at the facility “is the focus on OT and IoT systems, which are the most vulnerable and increasingly the target of ransomware attacks,” says John Gallagher, vice president at Viakoo. “Being able to simulate ransomware attacks within a city, school, or hospital setting provides a valuable real-world training opportunity at a time when many organizations are shifting their focus to OT security,” he says. Gallagher points to the complex environment the FBI has created, noting it “is ideal for testing and analyzing the means of lateral movement” and explaining that “knowing how malware deployed in an IP security camera ends up taking down critical infrastructure is one of the key learnings that can come from this.” With cybercrime costs on the rise, Gallagher says, “if this facility can help to bring down that cost through effective prevention and remediation methods by even a small fraction, it will deliver significant ROI.” The Kinetic Cyber Range mimics what private industry has been doing for years—ongoing training to prevent cyberattacks. “This is bringing that same concept to the agents and law enforcement officers who need better training on how to respond to cyber incidents,” says Gallagher, and “can train cyber defenders to quickly know what to do and how to do it.”The range reflects a reemerging trend. “Attacks on critical infrastructure no longer originate at a network port. They originate at a door, a console, a server-room walk-in, a contractor with credentials they should not have, or a tailgater into a control room from which the rest of the network is reachable,” says Jody Russell, senior solutions engineer at Ambient.ai. “The IT-OT air gap is effectively gone, and the layer of the perimeter where physical presence becomes digital access is the layer that has received the least investment from the cyber stack,” says Gallagher.Rather than being static, the Range also helps the FBI make changes as they go. “If we see gaps in training, we will adjust,” Beachboard was cited as saying, “making sure that students are encountering the latest software, the latest Internet of Things, the latest drones, the latest vehicle forensics—all of that to keep us cutting edge.”
