TY - GEN
T1 - A framework to address challenges encountered when designing a cyber-range
AU - Lawless, Brendan
AU - Flood, Jason
AU - Keane, Anthony
PY - 2014
Y1 - 2014
N2 - The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.
AB - The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.
KW - Cyber-range
KW - Gamification
KW - Modular cyber-range
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84991266087&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84991266087
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 258
EP - 263
BT - Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014
A2 - Liaropoulos, Andrew N.
A2 - Tsihrintzis, George A.
PB - Curran Associates Inc.
T2 - 13th European Conference on Cyber Warfare and Security, ECCWS 2014
Y2 - 3 July 2014 through 4 July 2014
ER -