The FBI Built a Fake Town to Train Agents for Cyberattacks

The FBI has built a 22,000-square-foot fake town in Huntsville, Alabama — complete with a hospital, a gas station, a power company, furnished houses, and a data center packed with more than 200 servers — so its agents can practice responding to real-world cyberattacks without any risk of those attacks spilling into the real internet. The facility, called the Kinetic Cyber Range, was first detailed in reporting by The Verge and described in depth by the FBI itself. According to the bureau, the replica community is wired with functioning systems, networks, and devices that behave the way they would in an actual town, all running on an isolated network so that ransomware, intrusions, and other simulated attacks stay sealed inside the building. This article explains what the Kinetic Cyber Range is, what it contains, how the training works, and why the FBI decided that the best way to prepare investigators for digital crime was to build a physical small town and break it on purpose.

What the Kinetic Cyber Range is

The Kinetic Cyber Range is a purpose-built training facility on the FBI's campus in Huntsville, Alabama, located on the North Campus at Redstone Arsenal. According to the FBI and reporting by The Verge and TechCrunch, it spans roughly 22,000 square feet and is designed to resemble a small American town rather than a classroom or a server room. The name itself captures the idea: a "cyber range" is a controlled environment for practicing cyber skills, and the "kinetic" part reflects the FBI's emphasis on physical, hands-on realism. Instead of teaching investigators about attacks through slides and abstractions, the range lets them walk into a hospital, a gas station, or a power company and confront systems that are actually running and actually under attack.

The thinking behind the facility, as the FBI describes it, is that cybercrime increasingly has real-world consequences. A ransomware attack on a hospital is not just a technical event; it can put patient safety at risk. An intrusion at a power company or a gas station is not only about stolen data but about physical services people depend on. By recreating those environments in miniature, the FBI aims to give trainees a setting where the stakes feel concrete and the decisions mirror what they would face on a genuine call-out. The range is, in effect, a sandbox built at human scale — a place where investigators can fail, learn, and try again without endangering a real community.

What the fake town contains

The replica town is unusually detailed for a training facility. According to the FBI and corroborating coverage from TechCrunch and Cybernews, it includes fully furnished houses, a hotel, a gas station paired with a grocery mart, a courthouse, a hospital, and a power company. The streets between these buildings are laid out with roads and traffic lights, reinforcing the sense that this is a place rather than a lab. Each location is not just a facade: the spaces are wired with working systems, networks, and connected devices designed to behave as their real-world counterparts would, from the point-of-sale terminals at a store to the operational systems that keep a utility or a clinic running.

That breadth is deliberate. The buildings represent the categories of target that show up most often in modern cybercrime — critical infrastructure like power and water, healthcare, retail and fuel, government facilities, and ordinary homes full of consumer technology. By packing all of those into a single, contained environment, the FBI can run scenarios that cut across sectors, letting investigators practice on the kinds of enterprise and consumer technologies that malicious hackers frequently exploit. The variety also means the range can be reused for very different exercises, from a smart-home intrusion in a furnished house to a coordinated attack on a utility, all without leaving the building.

The data center at the heart of it

Underpinning the whole town is a data center that gives the range its computing muscle. "I have a data center that has over 200 servers running in it," program manager Dave Beachboard said, according to the FBI's account, noting that some run Windows and some run Linux. That mix matters, because real organizations rarely run a single operating system; investigators need to be comfortable navigating heterogeneous environments. With more than 200 physical servers, the facility can stand up the networks, applications, and services that make each building in the town feel like a real, operating business or institution.

Beachboard also emphasized the physical reality of working in such a space. Describing data centers in general, he said: "They're cold, they're cramped, they're noisy, they're dark, they're miserable." That detail is part of the training philosophy. Responding to a cyber incident is not always a matter of sitting comfortably at a keyboard; investigators may have to work inside the literal infrastructure under stress, and the range is built to expose them to those conditions. By making the environment authentic down to the discomfort, the FBI aims to ensure that the first time an agent confronts a real, miserable data center under attack is not on an actual case.

Why everything runs on an isolated network

The single most important technical feature of the Kinetic Cyber Range is that it is sealed off from the outside world. According to the FBI and the reporting from The Verge, the range operates on an isolated network, separate from outside systems, so that simulated cyberattacks cannot escape the facility. This is essential. If trainees are going to detonate real ransomware, deploy genuine intrusion techniques, or let malware spread across a network to study how it behaves, that activity must be quarantined. An air-gapped or isolated setup means an attack can run its full course inside the town without any chance of leaking onto the public internet or affecting real victims.

That isolation is what makes the realism safe. In a typical classroom, instructors have to sanitize or simulate attacks to avoid collateral damage, which can blunt the lesson. Inside an isolated range, the gloves can come off: the malware is real, the failures are real, and the consequences play out fully — but only within the controlled boundary of the facility. For investigators, that means they can see exactly how an attack unfolds, how systems go dark, and how a network responds, learning from authentic behavior rather than a watered-down imitation. The isolated network is the foundation that lets the FBI run dangerous scenarios responsibly.

How the training actually works

What sets the range apart is that it combines technical and human pressure. According to the FBI's description, one signature scenario is a ransomware attack on the hospital: systems lock down, alarms sound, and screens go dark, while role players respond as if patients' care is genuinely at risk. Trainees must then juggle two problems at once — the technical challenge of understanding and containing the attack, and the human challenge of communicating with frightened, frustrated people who need answers. They conduct interviews with role players acting as business owners, executives, and legal teams, and they have to explain what they are doing and why, in plain terms, under stress.

This dual focus reflects how real cyber investigations unfold. Solving the technical puzzle is only part of the job; investigators must also coordinate with victims, manage expectations, and make decisions that weigh safety, evidence, and operations all at once. By forcing trainees to navigate role-play interviews and high-pressure incident response inside a believable setting, the range builds skills that a purely technical exercise would miss. The goal, as the FBI frames it, is to move agents beyond the classroom and give them realistic, hands-on experience with both the machines and the people involved in a crisis, so that their training mirrors the messy reality of an actual cyberattack rather than a clean textbook version of one.

Who it trains and why now

Since it opened in February 2025, the Kinetic Cyber Range has trained more than 1,400 students, according to the FBI, including FBI personnel as well as partners from other agencies. That throughput points to a deliberate strategy: the bureau is not just sharpening its own investigators but extending the facility to a broader law-enforcement community that increasingly has to deal with digital crime. Cyberattacks routinely cross jurisdictions and sectors, so training a wide pool of personnel in a shared, realistic environment helps build common skills and a common playbook across agencies.

The timing reflects the scale of the problem. The FBI's broader cybercrime reporting has documented enormous and rising losses — its 2025 Internet Crime Report tallied roughly $20.9 billion in U.S. cybercrime losses, a sharp increase, with ransomware repeatedly flagged as a top threat to critical infrastructure, according to the bureau. Against that backdrop, building a facility specifically designed around critical-infrastructure scenarios — hospitals, power companies, gas stations — is a direct response to where the damage is concentrated. The range is the FBI's bet that the most effective way to prepare for attacks on the physical systems people rely on is to recreate those systems and rehearse the response again and again.

At a glance: inside the Kinetic Cyber Range

The table below summarizes the key facts about the facility as reported by the FBI and the cited coverage. Figures are as described by the bureau and the outlets linked at the end of this article:

Why this matters

The Kinetic Cyber Range is notable because it treats cybercrime as a physical, human problem rather than a purely abstract one. By building an entire town and wiring it to fail under attack, the FBI is acknowledging that the consequences of modern hacking — locked hospital systems, disrupted utilities, paralyzed businesses — land in the real world, on real people, and that investigators need to train for that reality. The facility is, in a sense, an argument made in concrete and copper: that the best preparation for an attack on a hospital is to attack a fake hospital, repeatedly, until the response becomes second nature.

It also reflects a broader shift in how governments are approaching cyber defense. As ransomware and critical-infrastructure attacks grow more frequent and more costly, the emphasis is moving from awareness toward hands-on readiness. A 22,000-square-foot range that can host more than a thousand trainees a year, run real malware safely behind an isolated network, and put investigators through both technical and interpersonal pressure is a substantial institutional investment. Whether other agencies and countries follow with similar facilities will be worth watching, but the underlying logic is clear: as attacks on physical systems become routine, so too must realistic, physical-feeling training to defend them.

What to watch next

Several questions remain open as the range matures. One is scale: the FBI has reported more than 1,400 trainees since early 2025, and it will be telling whether that number grows, whether the facility expands, or whether the bureau builds additional ranges elsewhere to meet demand. Another is reach — how widely the FBI extends access to state, local, and international partners, since the value of shared training compounds when more agencies operate from the same playbook. The mix of scenarios is also likely to evolve as attackers change tactics, with new building types or technologies added to keep pace with emerging threats.

For now, the takeaway is straightforward. The FBI has decided that the most realistic way to prepare for cyberattacks on the physical world is to recreate the physical world and let agents fight off attacks inside it, safely, again and again. The Kinetic Cyber Range turns abstract cyber threats into something investigators can walk through, touch, and respond to under pressure. As the cost of cybercrime keeps climbing, that kind of immersive, contained, repeatable training looks less like a novelty and more like a model for how serious institutions will prepare for the next generation of digital attacks.

Based on reporting by The Verge, the FBI, TechCrunch, and Cybernews, linked below. Facts and quotes are as described by those sources.