A framework to address challenges encountered when designing a cyber-range

Brendan Lawless, Jason Flood, Anthony Keane

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.

    Original languageEnglish
    Title of host publicationProceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014
    EditorsAndrew N. Liaropoulos, George A. Tsihrintzis
    PublisherCurran Associates Inc.
    Pages258-263
    Number of pages6
    ISBN (Electronic)9781910309247
    Publication statusPublished - 2014
    Event13th European Conference on Cyber Warfare and Security, ECCWS 2014 - Piraeus, Greece
    Duration: 3 Jul 20144 Jul 2014

    Publication series

    NameEuropean Conference on Information Warfare and Security, ECCWS
    Volume2014-January
    ISSN (Print)2048-8602
    ISSN (Electronic)2048-8610

    Conference

    Conference13th European Conference on Cyber Warfare and Security, ECCWS 2014
    Country/TerritoryGreece
    CityPiraeus
    Period3/07/144/07/14

    Keywords

    • Cyber-range
    • Gamification
    • Modular cyber-range
    • Security

    Fingerprint

    Dive into the research topics of 'A framework to address challenges encountered when designing a cyber-range'. Together they form a unique fingerprint.

    Cite this