A framework to address challenges encountered when designing a cyber-range

Brendan Lawless; Jason Flood; Anthony Keane

A framework to address challenges encountered when designing a cyber-range

Brendan Lawless
, Jason Flood
, Anthony Keane

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.

Original language	English
Title of host publication	Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014
Editors	Andrew N. Liaropoulos, George A. Tsihrintzis
Publisher	Curran Associates Inc.
Pages	258-263
Number of pages	6
ISBN (Electronic)	9781910309247
Publication status	Published - 2014
Event	13th European Conference on Cyber Warfare and Security, ECCWS 2014 - Piraeus, Greece Duration: 3 Jul 2014 → 4 Jul 2014

Publication series

Name	European Conference on Information Warfare and Security, ECCWS
Volume	2014-January
ISSN (Print)	2048-8602
ISSN (Electronic)	2048-8610

Conference

Conference	13th European Conference on Cyber Warfare and Security, ECCWS 2014
Country/Territory	Greece
City	Piraeus
Period	3/07/14 → 4/07/14

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy

Keywords

Cyber-range
Gamification
Modular cyber-range
Security

Cite this

Lawless, B., Flood, J., & Keane, A. (2014). A framework to address challenges encountered when designing a cyber-range. In A. N. Liaropoulos, & G. A. Tsihrintzis (Eds.), Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014 (pp. 258-263). (European Conference on Information Warfare and Security, ECCWS; Vol. 2014-January). Curran Associates Inc..

Lawless, Brendan ; Flood, Jason ; Keane, Anthony. / A framework to address challenges encountered when designing a cyber-range. Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014. editor / Andrew N. Liaropoulos ; George A. Tsihrintzis. Curran Associates Inc., 2014. pp. 258-263 (European Conference on Information Warfare and Security, ECCWS).

@inproceedings{74bf533cc64b41f4baa44563b492f5b5,

title = "A framework to address challenges encountered when designing a cyber-range",

abstract = "The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.",

keywords = "Cyber-range, Gamification, Modular cyber-range, Security",

author = "Brendan Lawless and Jason Flood and Anthony Keane",

year = "2014",

language = "English",

series = "European Conference on Information Warfare and Security, ECCWS",

publisher = "Curran Associates Inc.",

pages = "258--263",

editor = "Liaropoulos, \{Andrew N.\} and Tsihrintzis, \{George A.\}",

booktitle = "Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014",

note = "13th European Conference on Cyber Warfare and Security, ECCWS 2014 ; Conference date: 03-07-2014 Through 04-07-2014",

}

Lawless, B, Flood, J & Keane, A 2014, A framework to address challenges encountered when designing a cyber-range. in AN Liaropoulos & GA Tsihrintzis (eds), Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014. European Conference on Information Warfare and Security, ECCWS, vol. 2014-January, Curran Associates Inc., pp. 258-263, 13th European Conference on Cyber Warfare and Security, ECCWS 2014, Piraeus, Greece, 3/07/14.

A framework to address challenges encountered when designing a cyber-range. / Lawless, Brendan; Flood, Jason; Keane, Anthony.
Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014. ed. / Andrew N. Liaropoulos; George A. Tsihrintzis. Curran Associates Inc., 2014. p. 258-263 (European Conference on Information Warfare and Security, ECCWS; Vol. 2014-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A framework to address challenges encountered when designing a cyber-range

AU - Lawless, Brendan

AU - Flood, Jason

AU - Keane, Anthony

PY - 2014

Y1 - 2014

N2 - The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.

AB - The national infrastructure of modern countries have demonstrated a high dependence on vulnerable automated computer based technologies. At the core of the problem is the convergence of networked systems to TCP/IP everywhere along with the proliferation of smart devices entering the home has increased the cyber attack surface and radically altered the risk profile of end users, organizations and governments alike. It is of critical importance that the individuals responsible for ensuring the security of Cloud, SCADA, smart meters and other intrinsically important pieces of a nation's infrastructure are aware of all threats, vulnerabilities and exploits in the system they protect. This paper proposes that a modular Cyber-Range Framework is a valuable training asset that can be leveraged to help protect critical infrastructure. A Cyber-Range is a vehicle used to train in offensive and defensive Information Operations and Information Warfare. Skills transfer of security principles through gamification facilitates the calculation of metrics that describe the skill level of the player taking part in Cyber-Range activities. Gap analysis based on security player accomplishment will promote the creation of new targets inside the Cyber-Range that focus on addressing an individuals or organizations shortfalls. New challenges may be required due to a recognizable skills gaps or technical advancements in the marketplace. It is proposed that a readily adaptable framework for the design of Cyber-Ranges can be built to cater for current and future cyber defensive needs. Key to this ideology is developing the Cyber-Range Framework in a modular way. Using this framework new challenges can be considered as simple plugin modules that are easily turned on, off and fine-tuned. This methodology will allow for growth and can be focused to suit an individual, organizational or national requirement. Although this is still a work in progress, it has already been used as the backbone of the highly successful Global OWASP 2013 CTF. Design challenges, implementation challenges and the future of the proposed framework are discussed in this paper. Comparisons are drawn between the current in place solutions and our modular Cyber-Range Framework. The benefits and challenges of both approaches are discussed.

KW - Cyber-range

KW - Gamification

KW - Modular cyber-range

KW - Security

UR - https://www.scopus.com/pages/publications/84991266087

M3 - Conference contribution

AN - SCOPUS:84991266087

T3 - European Conference on Information Warfare and Security, ECCWS

SP - 258

EP - 263

BT - Proceedings of the 13th European Conference on Cyber Warfare and Security, ECCWS 2014

A2 - Liaropoulos, Andrew N.

A2 - Tsihrintzis, George A.

PB - Curran Associates Inc.

T2 - 13th European Conference on Cyber Warfare and Security, ECCWS 2014

Y2 - 3 July 2014 through 4 July 2014

ER -

A framework to address challenges encountered when designing a cyber-range

Abstract

Publication series

Conference

UN SDGs

Keywords

Fingerprint

Cite this