Implementation Of Cyber Range For Cyber Defence Strategy

By | Mohamad Firham Efendy Bin Md Senan, Hafizah Binti Che Hasan & Muhammad Fadzlan Bin Zainal

 

 

Introduction

 

Cyber defense comprises activities that measure the effectiveness of mitigating a cyber-attack. A good cyber defense strategy is to understand a cyber-attack from multiple points of view. The complexity in cyber security threats has also been increasing over time. Cyber attackers are always one step ahead because they are equipped with advanced technology and a variation of techniques, which makes them much more organized and lethal. Cyber security awareness is therefore required at all levels ready to defend against these cyber-attacks. Rigorous cyber security training is required in order to gain a thorough understanding on how a cyber-attack works.

 

A cyber range allows companies to simulate real-world cyber-attack scenarios. It is mostly used for cyber warfare training and cyber technology development [1]. However, it can also be used for digital forensic analysis. A simulation is conducted to understand how an incident occurs without resorting to a real environment platform. Cyber range can be used to understand the tactics, techniques, and procedures to be implemented in a complex networking system environment. Cyber range also helps to define the respective functions and roles of cyber security experts in various scenarios.

 

2. How Does Cyber Range Work?

 

Cyber ranges are used to train and strengthen the skills of cyber security engineers. These virtual environments simulate new and complex challenges to improve the protection and efficiency of cyber infrastructures and IT systems in the real world. While Cyber ranges may operate in either a physical or virtual environment, they can mimic even the most complicated networks used by government, commercial organizations or the military. In order to provide a realistic training environment and to utilize the entire gamut of cyber defense, a Network Traffic Generator within a Cyber Range can generate legitimate and malicious traffic which are realistic and varied. [2].

 

Cyber ranges that are used for training and practice mostly operate on a dueling team basis,

i.e. red versus blue team environment. With the red team targeting the virtual network; while the blue team securing the infrastructure. In general, a white team will be required to ensure that some elements of the cyber range operate as planned for training purposes as they will be used to teach how to attack and defend.

 

 

3. Implementing Cyber Defense

 

Cyber Defense is a computer network defense mechanism which responds to actions, protects critical infrastructure and provides information assurance for organizations, government entities and related networks[3]. A Cyber Defense team will help strengthen and defend their organization. With the necessary resources and skills in place, steps and measures can be taken to remediate and eradicate threats.

 

Cyber Range is an ideal platform that helps develop the capabilities of cyber defense professionals. It enables a team to work together, discuss and make decisions that affect the entire cyber defense chain [4]. In an exercise, security teams are given 21 different types of attack with various real-world scenarios. This is designed to prepare and sharpen their skills in hyper-realistic cyber-attacks while running massive performance tests without suffering any adverse effects.

 

Table
Description automatically generated

Table 1 shows the type of attacks provided.

 

3.1 Roles in Cyber Range Exercises

 

During cyber range exercises, the participants are divided into several teams such as white team, blue team, red team, purple team, etc. For example, a typical cyber range exercise can be divided into two teams:

 

White Team – exercise managers, referees, instructors and organizers. They provide the scenario, set out rules and framework for the team’s exercises. The White team assigns tasks to the participants. They also act as instructors and provide basic information to participants if needed and also control and generate the noise that comes from Traffic Generator.

 

Blue team – participants are responsible to secure networks and deal with attacks. They have to follow the exercise’s rules and respond to a given scenario. Participants in Blue teams need to manage and assign each role based on incident detection, incident handling, and incident response. Figure 1 shows the interactions between the teams [5].


Diagram
Description automatically generated

Figure 1. Basic Roles in Cyber Range



4. Challenges


While there are some advantages in using the Cyber Range platform to train personnel as part of Cyber Defensive strategy, there are also some disadvantages. Cyber Ranges are not real operational environments. In a Cyber Range platform, a person from White Team will try to reflect all or part of the possibilities which adversaries could use, including all possible vulnerabilities that could be exploited. Designing, developing and deploying the systems for a Cyber Range requires a lot of time and effort.


As a Cyber Range is an ephemeral environment that is used for training purposes, the training environments need to be scaled to realistically mirror enterprise infrastructure.


Among the major challenges with cyber ranges is that they often need to be manually configured from the ground up, which could introduce an error and does not always represent the target operating environment and thus produces a questionable result.[6] Additionally, the white team is required to set up the learning objectives. Thus, it needs to have all information about the participants or learners’ skills and capabilities before commencing the actual exercise. [8]. Besides learning objectives, there is also a need to make sure that this exercise or training has a balanced team to build a sense of teamwork.



Conclusion


An example of successful Cyber Range is Cyber Defence Exercise (CDX), which is organised by the NSA for military academy cadets from the US and Canada. Other examples of Cyber Range initiatives include those developed by Estonian Defence Forces. This effort was observed and used during the NATO Cyber Coalition exercise. And it is proven that Cyber Range could be used as a platform for cyber warfare training and simulation.


Besides building a cyber defence strategy, Cyber Ranges could also create an important terrain for cyber red teams. However, the success rate depends entirely on the design and deployment elements during preparation [7].


Cyber Range could also be used as a copy of a range, which means once it has been tested, a new threat emerges that may affect the physical network can be tested against the virtual cyber range to see what adverse effects it has on the system [8]. Cyber Range can also be used to penetrate a specific hardware or software.



References


  1. Debatty, W. Mees, “Building a Cyber Range for training CyberDefense Situation Awareness” ICMCS 2019
  2. S.Braidley, "Extending Our Cyber-Range CYRAN with Social Engineering Capabilities," Researchgate, 2016.
  3. Technopedia, 2019. https://www. technopedia.com/definition/6705/cyber- defense
  4. Cyber Test Systems, 2018. https://www. cybertestsystems.com/#!/cyber-range
  5. Tajul Azhar, Tajul Ariffin., Syearifah, Shahidan., “Cyber Defense Competition and Information Security: The Red Teaming Exercise Implementation to Resolve Skills and Techniques with Cyber Range Concept,” e-Journal LIS Liga Ilmu Serantau, 2018.
  6. B. Ferguson, “National Cyber Range Overview”, IEEE Military Communications Conference, 2014.
  7. E. Ç. H. R. Pascal Brangetto, "Cyber Red Teaming," NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDC), 2015.
  8. J. V. e. al, "Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range," IEEE, 2017.