Skip to content

Canada's Business and Tech Newsroom

  • Professional Subscription
  • Partnerships & Advertising
  • Licensing & Syndication
Log In Subscribe
Welcome,
  • My Account
  • Log Out
  • Business
  • Tech
  • National
  • The Big Read
  • Briefings
  • Commentary
Search
Log In Subscribe
Welcome,
  • My Account
  • Log Out
The Big Read

Preparing for the ‘boom’ at Ottawa’s new cyber range

OTTAWA — At the front of a crowded room at the University of Ottawa, IBM’s Brenden Glynn is saying you’d better think through what to do if hackers break into your organization, before they do it.

The Big Read

Preparing for the ‘boom’ at Ottawa’s new cyber range

Joint project of university and IBM aims to cross disciplines, deal with labour shortages

By David Reevely
The new cyber range at the University of Ottawa, where staff of companies and institutions train to respond to digital attacks, and researchers study how they do it. Photo: Handout
Nov 7, 2023
A A
A Small A Medium A Large
Share

Share

OTTAWA — At the front of a crowded room at the University of Ottawa, IBM’s Brenden Glynn is saying you’d better think through what to do if hackers break into your organization, before they do it.

“It’s three in the morning. As the president, as the CEO, as the dean, [do] you want to be woken up, just to be notified, so that you could potentially make a decision at that point?” he asks.

Talking Points

  • Since DARPA in the U.S. revealed it was building a cybersecurity testing ground in 2008, “cyber ranges” have proliferated, including with a new $28-million facility at the University of Ottawa
  • A cyberattack won’t come when you’re rested and prepared, so you’d better think through in advance what you’ll do, IBM experts tell simulation participants

The room is on the fifth floor of the university’s STEM building. Outside, one whole wall of the building has a multi-storey mural of a pair of stylized eyes gazing out on the Rideau Canal; the windows at the back of the simulation room look out through them. The place is set up Mission Control-style, with wide banks of workstations—screens and keyboards and telephones—facing the front of the room, where Glynn stands before a wall of digital screens.

Today, the stations are occupied by corporate types from the Ottawa tech firm Bane & Ox, getting a taste of cybersecurity training. Hundreds of Canadian companies report breaches affecting private data each year, according to data from the cybersecurity group at law firm Blakes. The Communications Security Establishment (CSE), the federal agency responsible for cyberdefences, says those come from a mix of cybercriminals, state actors and mercenary hackers who blur the lines.

Some insidious attacks target internet infrastructure, snaring numerous organizations’ data in an attack on one company that serves many others. Even arrests don’t necessarily stop decentralized threats.

Glynn continues, talking about what happens once word of a breach spreads: “Once it’s publicly known—it’s in the organization [for now]—once it gets out into the general public …”

Related Articles

Shortage of cybersecurity workers a ‘crisis’ at apex of federal government

By David Reevely

TransUnion staggers under load of customers seeking credit monitoring after cyberattack

By David Reevely

A phone rings in a low electronic tone at one of the workstations. The crowd ripples with laughter. A wrong number—now of all times. Glynn smiles.

“You’re part of the Bane & Ox crisis-management centre,” he tells the guy sitting by the ringing phone, indicating he should go ahead and answer it.

The man and the people sitting on each side of him figure out which button to press.

“This is Matt Jones with Canadian public broadcasting,” another man’s cheerful voice—with an American southern twang, oddly—comes over the speaker. “I’ve been trying to get a hold of someone over there for quite a few hours here and I’m just trying to get a comment on the breach at Bane & Ox.”

Ah, we’ll get back to you with a statement within the hour, says the guy who’s answered the phone. How can we reach you?

The southerner gives him a number and slides right into his next thought: “Are you aware that there are millions of records out on CopyDrop of Bane & Ox’s information?”

By now, everyone’s onto it: this is an object lesson, the first to be taught at the University of Ottawa’s new cyber range. Bane & Ox is a fiction, a pretend company that the range will see hacked into dust again and again. The message is that a cyber breach will not happen when you’re calm, rested and ready for it.

Glynn is a major in a U.S. army reserve cyberwarfare unit in addition to his full-time work in cybersecurity at IBM; he’s presenting with Jake Paulson, another IBM cybersecurity expert and a veteran of the U.S. air force. They’ve been talking about the military metaphor of the “boom,” the moment when your world changes.

“Left of boom,” before the thing happens, you have some control. You can prepare, game out, reinforce, drill. Left of boom, you might be able to avert or at least limit the thing, if you get wind of it in time.

A training exercise in progress at the University of Ottawa cyber range. Photo: Handout

In cybersecurity, the boom could be a phone call. It could be a social media post from an anonymous account, a network administrator noticing something odd in the logs, an email, or every screen in the company suddenly displaying a ransomware demand. One really good hack can set off hundreds and hundreds of booms.

“Right of boom,” your time is not your own. You don’t have time to think, only react, ideally by applying the things you’ve practised. Who gets called first, second, third? Whose job is it to scope out what happened? Whose job is it to close the breach? Who tells customers, suppliers, partners, the public, and how do they do it?

Pretty good job dealing with that reporter on the phone, Paulson says to the fellow who answered Bane & Ox’s phone. But do you think you’ll be the only person he calls? Will they handle him as smoothly? Also, how do you know that was a reporter?

Like the “boom,” the idea of a cyber range as a place to prepare for cyberattacks is borrowed from the military.

The U.S. Defense Advanced Research Projects Agency (DARPA) let it be known that it was assembling a cyber range in 2008. The U.K. opened one in 2010. Michigan opened one in 2012 in concert with universities and the private sector, which it boasts is the most extensive unclassified one in the United States. Since then, they’ve proliferated. The University of Ottawa’s is at least the third university-hosted one in Canada: Toronto Metropolitan University has one in a joint venture with Rogers, and the University of Calgary opened one just days before Ottawa did.

These facilities vary in function and complexity, from virtual sandboxes where cybersecurity trainees can practise simple hacking and responses, to DARPA’s, whose Phase 1 goals included “realistic testing of Internet/Global Information Grid (GIG) scale research” and simulating the Pentagon’s “complex, large-scale, heterogeneous networks and users.”

Matt Holland, CEO of Field Effect, in Ottawa in October 2023. Photo: Justin Tang for The Logic

As a site for university research and tailored simulations for corporate clients, the University of Ottawa’s is in between. The third such site set up by IBM’s security division, which it calls X-Force, it follows projects in Cambridge, Mass., and Bangalore, India. The company pledged $21 million in equipment and labour; the university put in $7 million.

Some of the labour has been from Dustin Heywood. A Canadian—from Airdrie, Alta., just north of Calgary—his business card is black and gives his name only as “Evil Mog,” his hacker handle, and his title as “Chief Architect of X-Force.”

Heywood designs cybersecurity centres. Cybersecurity is having a moment, and it’s about time, he said in the hall outside the simulation room.

“People are realizing that cybersecurity is integral to making money, to being trustworthy,” he says. “If a company can’t be trusted to keep things secure, they’re not going to get clients, they’re not going to get customers. They’re going to get investigations, they’re going to eventually get dragged out in the court of public opinion, and they’re going to get shut down.”

Heywood said he got his start as a teenager, breaking into school networks. His education included network engineering and computer science, but cybersecurity just wasn’t on the curriculum. “I think this is transformational to Canada’s best interests.”

If a company can’t be trusted to keep things secure, they’re not going to get clients, they’re not going to get customers. — Dustin “Evil Mog” Heywood, IBM 


The simulation room is just part of the operation. Next door is a server room, running the cloud where Bane & Ox—the made-up company where range trainees will pretend to work—lives. On the other side, behind one-way glass, is a room for observers and researchers to watch how participants handle their simulations.

The range is in the university’s STEM building, but Jacques Beauvais, dean of the engineering faculty, said its work is to cross disciplines, into business, arts and social sciences.

“​​There’s also the psychology of people facing a cyberattack. How do you react? What is the best way and how do you not panic?” Beauvais said.

A couple of kilometres south along the Rideau Canal, Ottawa cybersecurity company Field Effect Software has a cyber range that began as a training environment in 2009.

“If you have a class of 20 people and each person requires 30 simulated computers, how do you spin that up 20 times?” said Field Effect CEO Matt Holland in an interview with The Logic. The solution Field Effect devised has expanded.

“Over the years, we found a ton of interest in governments for this type of technology,” he said. “Over time, we’ve built it out into a platform that allows us to do various types of wargaming simulations as part of cyber-operator training.”

The Faraday cage at Field Effect's office in Ottawa in October 2023. Photo: Justin Tang for The Logic

Field Effect has a variety of cellphones—a frequent vector for cyberattacks—stored in a Faraday cage so they stay digitally sterile. It can add the phones to the network, but its cyber range remains mainly virtual. Holland said it allows instructors to watch what cybersecurity trainees do as they respond to threats and make sure they react by the book.

“Perhaps I’m looking for a bad file. Did somebody open Explorer and actually find the file?” Holland says. “It’s like when you’re in school—when you’re learning math, they say, ‘Show your work.’”

Holland was a security researcher at the CSE, before he left in 2007 to found a previous firm. 

“Probably the biggest thing that people don’t talk about enough is the distance between what is offensively possible and what the world generally thinks is possible,” Holland said. You can defend against skilled hackers, but you have to understand what they’re capable of.

Does CSE have a cyber range? In an email, spokesperson Robyn Hawco acknowledged it has “a lab environment in which we test code for impacts.”

Although CSE didn’t help design any of the Canadian cyber ranges, Hawco wrote, “we absolutely believe these are valuable facilities.” The agency, which struggles to get and hold talent—a problem across the industry—is eager to recruit from among the students who train in them, she added.

#cybersecurity #economy #Field Effect #IBM #Ottawa #Tech #University of Ottawa

Loading...

Thanks for sharing!

You have shared 5 articles this month and reached the maximum amount of shares available.

Close
This account has reached its share limit.

If you would like to purchase a sharing license please contact The Logic support at [email protected].

Close
Want to share this article?

Upgrade to all-access now

Close
Gift the full article!

You have gifted 0 article(s) this month and have 5 remaining.

Copy link and gift
Copy Link
Email to a friend
Send Email
Gift on Social Media

Recipients will be able to read the full text of the article after submitting their email address. They will not have access to other articles or subscriber benefits.

Photo: Handout

A training exercise in progress at the University of Ottawa cyber range.

Matt Holland, CEO of Field Effect, in Ottawa in October 2023.

The Faraday cage at Field Effect's office in Ottawa in October 2023.

Most Popular This Week

A shot of a small rocket sitting on a launch pad attached to its launch equipment. The backdrop is open sea and a light blue sky.
News

Canada’s submarine decision just paid off for Nova Scotia’s spaceport

By David Reevely
An aerial photo of Kearny mine, a mine surrounded by dense forest, with terraced rock walls that surround a deep blue body of water.
News

Canada bets on graphite as allies scramble for critical minerals

By Anita Balakrishnan
News

Feds move to help small firms with new Buy Canadian rules

By Laura Osman and Chaimae Chouiekh
A cityscape featuring two tall buildings; the right one has a large orange "Q" logo and a Quebec flag atop. The sky is clear and blue.
Commentary: Quebec Ink

Quebec’s era of endless, cheap electricity is coming to an end

By Martin Patriquin

In-depth, agenda-setting reporting

Great journalism delivered straight to your inbox.

A shot of Nate Glubish at a lectern, against a backdrop of exposed brick partly covered by a white film screen.
News

Alberta wants to be a model for government AI and power Canada-wide adoption

By Murad Hemmadi

Briefing

Constellation Software’s Harris acquires TouchBistro

By Murad Hemmadi   |   Jul 10, 2026

Aritzia doubles its first quarter profits on strong sales

By Catherine McIntyre   |   Jul 10, 2026

Carney confirms Saudi Arabia’s Public Investment Fund to attend his investment summit

By Laura Osman   |   Jul 10, 2026

Best business newsletter in Canada

Get up to speed in minutes with insights and analysis on the most important stories of the day, every weekday.

Exclusive events

See the bigger picture with reporters and industry experts in subscriber-exclusive events.

Membership in The Logic Council

Membership provides access to our popular Slack channel, participation in subscriber surveys and invitations to exclusive events with our journalists and special guests.

Recent Popular Stories

Commentary: Quebec Ink

Quebec’s era of endless, cheap electricity is coming to an end

By Martin Patriquin   |   Jul 6, 2026
A cityscape featuring two tall buildings; the right one has a large orange "Q" logo and a Quebec flag atop. The sky is clear and blue.
Analysis

Canada’s ETF industry is almost a trillion-dollar business

By Chaimae Chouiekh   |   Jul 3, 2026
Despite a down year a sign board displays the TSX's upbeat close on the final day of the year, in Toronto's financial district on Monday, Dec. 31, 2018.
The Big Read

What Alberta’s corporate heavyweights really think about separation

By Meghan Potkins   |   Jul 2, 2026
A shot of a placard on a table reading "Let Alberta Decide." There is a person out of focus in the foreground wearing a cowboy hat.
News

A niche white-collar role is becoming the AI industry’s hot new job

By Anita Balakrishnan   |   Jun 30, 2026
A person in glasses and a blue top is sitting and typing on a laptop in an office. A desktop screen next to the laptop displays some blurred-out coding work.
News

Canada bets on graphite as allies scramble for critical minerals

By Anita Balakrishnan   |   Jul 7, 2026
An aerial photo of Kearny mine, a mine surrounded by dense forest, with terraced rock walls that surround a deep blue body of water.
News

Canada’s submarine decision just paid off for Nova Scotia’s spaceport

By David Reevely   |   Jul 8, 2026
A shot of a small rocket sitting on a launch pad attached to its launch equipment. The backdrop is open sea and a light blue sky.

Canada's most influential executives and policymakers are reading The Logic

  • CPP Investments
  • Sun Life Financial
  • C100
  • Amazon
  • Telus
  • Mastercard
  • bdc
  • Shopify
  • Rogers
  • RBC
  • General Motors
  • MaRS
  • Government of Canada
  • Uber
  • Loblaw Companies Limited
logic-logo

Canada's Business and Tech Newsroom

100% human-crafted journalism

Newsroom

  • News Tips
  • AI Policy
  • Editorial Disclosures
  • Story Pitches

Company

  • About Us
  • Terms of Service
  • Privacy Statement
  • Corporate Information

Contact

  • Contact Us
  • Advertise
  • FAQs
  • Work at The Logic

© 2026 The Logic Inc. All Rights Reserved.

Trusted by leaders

Error

Account creation failed.

Please email us at [email protected].

Create Account

[wppb-register form_name=”cozmo-registration-form-for-modal”]

I do have an account
Login
or

[wppb-login]

I don’t have an account