Calibre interview: Daz Preuss, CybExer
Many criminal organisations and states use cyber-attacks to cause chaos and sow division within societies. There are military and civil aspects to this type of threat that make countering cyber-attacks a core need for militaries and societies alike. This Calibre interview with Daz Preuss from CybExer explores the role of cyber training ranges in preparing organisations for cyber threats.
In January 2007 the Estonian government announced its decision to move the Bronze Soldier of Tallinn monument. The controversial statue was built in 1947 to commemorate the Soviet soldiers that died fighting Nazi forces in Estonia. For Estonians, however, it became a symbol of the Soviet occupation and oppression that followed. It was located in the centre of Tallinn, a prominent reminder of Russia’s power over the country and its people. To native Russian speakers in Estonia, however, the statue was seen to represent the sacrifice of Russian soldiers during The Great Patriotic War. The remains of Red Army soldiers were buried beneath it, and it was the main place of remembrance for the Victory Day parades every May.
The decision to move it was charged with tension, and violent protests broke out the night that work on the relocation started on April 26th. The following day, a wave of cyber-attacks targeted the country’s media outlets and governmental websites. They were uncoordinated, brute force attacks, mostly consisting of distributed denial of service (DDoS) tactics. This is where many different computers around the world send requests to the website in question, overloading its servers and forcing it to crash. Estonia was already highly digitalised by this point, and its Computer Emergency Response Team (CERT-EE) sprang into action combating the attacks and things went quiet. Then, in early May, a massive coordinated and sophisticated attack using networks of bots and DDoS tactics was launched, targeting the country’s financial institutions and infrastructure. The attacks peaked on May 9th, forcing Hansabank, Estonia’s largest bank, to shut down its online service for more than an hour. The attacks continued in a variety of ways until May 19th when they abruptly stopped. The episode had been a shock for Estonia, and is widely considered to be the first instance of a cyber-attack being used for political purposes.
- How specialised consultancies can help win new business in defence
- Russian intelligence services targeting Signal messenger – Calibre Defence
They were essentially a punishment for the act of relocating the statue and its remains, but the artefacts of the attacks were concerning. The majority of the malicious traffic originated from Russian IP addresses, instructions for the attacks were circulated in Russian, and a pro-Kremlin youth group tried to claim credit for organising them. It was clear that Russia could use cyber-attacks to pressure Estonia, or any state, to alter its behaviour. The intent was not new, the Soviet Union led by Russia had employed what it called active measures to try and shape NATO policies and behaviours, it had simply added new tools to its belt. Out of this event, NATO established the Cooperative Cyber Defence Centre of Excellence (CCDCOE) and developed its first cyber policy. And, more importantly for this article, it led to the establishment of CybExer, a company set up to build virtual cyber training environments to test the emerging challenges. So, Calibre Defence spoke with Daz Preus, Chief Operating Officer of CybExer in the UK to learn more about what a cyber training range is, and why it’s important.
CybExer: From cyber ranges to grass roots education
CybExer visualises its cyber exercises to help show participants what is happening. Credit: CybExer.
Do you know what a cyber range is? Neither did I until Daz explained: “A cyber range would have copies of Windows, Linux, and so on. You can connect to 5G and long-range WAN to simulate an internet of things. And, if you have an offensive cyber product like Wannacry, you could bring it to the range and test it against what is there. Alternatively, you can simulate your network and test its ability to withstand an attack.”
In a nutshell, CybExer’s team works to build a virtual version of your computer, and then attacks it. WannaCry,was a cyber-attack that spread in 2017. It combined ransomware with a worm capability, which means that it can spread across a network without a user clicking on anything, and would take any computers running Windows hostage. The rapid, global spread of WannaCry was possible because it exploited a vulnerability in an older version of the Windows networking protocol known as Server Message Block (SMB) version 1 (SMBv1). The UK’s NHS was impacted particularly badly because its networks and computers had not been updated to address this networking vulnerability. WannaCry was attributed to the Lazarus Group, which is affiliated to North Korea. The rogue state often uses cyber crime to finance its activities.
- BAE Systems partners with UK tech firm PAULEY for XR – Calibre Defence
- New secure encrypted server and cooling from Captec
- IDEX 2025: Allen Vanguard unveils NXT RF signal processor – Calibre Defence
“This network could include systems, drones, satellite ground stations, central heating/air control, power substations and so on,” Daz explained. You might now be looking with questioning thoughts at your thermostat, “how could my thermostat be used against me?” Daz explained that if your thermostat and heating are connected to your network in any way, and you can modulate a digital signal, it could be possible to gain access to your network through it or manipulate the physical world. “If a network is protected, a threat actor could attack the cooling on the server or the power to the building and shut you down that way,” Daz explained. A similar technique was used by Russian hackers targeting Ukraine’s power infrastructure in 2015 and 2017. In 2015 they gained access to the networks of three Ukrainian energy distributors through a phishing campaign, eventually coming across the Supervisory Control and Data Acquisition (SCADA) system. SCADA systems are used as the central nervous system for things like power plants and water stations. If they can be remotely accessed, as Russia’s Sandworm group did in Ukraine, then power plants can be turned off or permanently damaged.
“We can model real-world systems like controllers at a steel factory to identify vulnerabilities, but they then become classified. However, by taking away the context and making it more conceptual, it enables you to train against it,” Daz explained, referring back to the value of a cyber training range.
“Lots of people say they want a cyber range, but they don’t know what one is. It’s a boxing ring where you can model the real world and be attacked and see how you hold up. It is key to understand how resilient you are before you are exposed to that environment, before you realise you weren’t as good as you thought you were.” His final point touches on one of the enduring elements of cyber security, which is that you are only as good as the humans involved. You can build the most complex file structure with encrypted files and firewalls in the world, but if a senior executive clicks on a link in a phishing email and gives their password away, none of that will matter.
“So, as a company, we work to improve education at an early level and get people thinking about it. In the UK for instance, we don’t start teaching cyber until the back-end of college. And those that don’t deal with it, they see it as an afterthought,” he continued. “National resilience is the end goal,” he said.
“CybExer was formed for cyber exercises to test what the next challenges would be, and MoD’s welcomed this and started using it. The downside is that it is very expensive and tends to be high-level, focused on strategic attacks,” Daz added. But the company is now working to expand its offering and raise awareness from the grassroots up. “We need to train at the edge of chaos to be comfortable being uncomfortable. It ties into other work we are doing on mental health and how to make good calls when under pressure. How do you deal with being under a cyber-attack when you don’t know that it is going to end,” he explained, referencing the company’s work with Bournemouth University on responses to stress and strategies to manage the pressure of cyber-attacks.
“Often it’s the critical national infrastructure sector that will ask us to help them with things like this. So, we are trying to break from being purely military, to support and inspire future generations that will support defence and industry,” he concluded by saying.
Calibre comment: Close to home
When Russia re-launched its invasion of Ukraine in 2022, it started with a large conventional bombardment with missiles and the ground invasion that many of you are probably familiar with. Less well-known is the attack on Tooway, the satellite communications terminals used by Ukraine for command and control. Russia’s malware had spread across the entire Tooway network, taking down not just the modems in Ukraine, but across Europe, even disabling the systems on wind turbines in the North Sea. It severely hampered Ukraine’s response to the invasion and reflects the capabilities that Russia is able to bring to bear in a military context. This is why simulating a network and ensuring that it can withstand attacks and attempts by adversaries to exploit weaknesses is important.
By Sam Cranny-Evans, published on January 28, 2026. The lead image shows Daz Preuss, Chief Operating Officer of CybExer UK. Credit: CybExer.
Get insider news, tips, and updates. No spam, just the good stuff!
