As a result, organisations and companies which have understood their high dependence on technology, although not managing it themselves, have taken the precautionary step of training their employees and service partners in the anticipation of potential cyber incidents by using cyber ranges.

Individuals can be educated in many aspects of real-world cyber-attacks and cybersecurity good practices through training exercises and research on cyber ranges.  These technical environments are connected to a network, running software on a hardware platform, or simulating a modern data centre running virtualisation software. Some cyber ranges contain cyber-physical elements, such as medical devices and patient simulators. Cyber ranges that are realistic, running the commodity software and services found in an office, and having business domain specific capabilities, found for example in a factory facility or a healthcare unit, can provide an immersive and realistic exercise experience for the participants. By attending a realistic cyber exercise, participants may even face real malware or ransomware they may encounter in their work. An organisation participating in a cyber exercise develops their employees’ skills thus improving its preparedness for cyber incidents and ensuring business continuity after a cyber-attack.

A solution to a cyber range operators’ pain

Developing and operating a cyber range requires investment in labour costs, hardware procurement, software licences, facilities rental, and electricity, to name a few. Developing and operating a cyber range also requires a skilled workforce, as technology itself cannot fulfil the needs and expectations a cyber range owner has set.

To relieve the pain of investing in the development of cyber ranges, and to maximise the operating hours, cyber ranges can be interconnected or technically federated. In a technical federation, cyber ranges may cross-use federated cyber range capabilities, features and capacity offering a single venue to end users. Thus, federated cyber ranges can use the capabilities and features already available in a cyber range, without making additional investments. The lifespan of a technical federation may be temporary or permanent, depending on the needs of the cyber range operators, their end users and the contracts that have been negotiated.

The scope of the demonstration

In the recent CyberSec4Europe evaluation report on integration demonstration, only open source software solutions to implement cyber range technical federation were identified and evaluated. One solution met the set requirements and was demonstrated in a cybersecurity exercise. For the cyber exercise, two use cases were implemented:

1. Federating a commercial Amazon AWS cloud component into a cyber range
2. Creating a federation network for end users joining the cyber exercise

Both implemented use cases were seamless to the end users.  In the demonstration, network traffic was tunnelled in the federation network through the public Internet between the participants’ commissioned workstations and exercise network, and between the exercise network and Amazon AWS.

Maturity and estimated benefits

The participants in the demonstration event were simultaneously located in 16 EU Member States. The feedback that the cyber exercise conductor received from the participants was highly positive, indicating that not only did the perceived cyber range technical federation perform well, but also the contents of the exercise met or exceeded expectations.

The demonstrated open source software-only solution performed with high throughput, low latency and low CPU usage, as monitored by the cyber exercise conductor from the exercise network. The tested solution is estimated to be production-ready to be used in cross-border cyber exercises. The benefit of software-only open source solution is that no investment in hardware or software licences is required to establish a cyber range technical federation. However, a skilled workforce to plan and implement a federation network is required.

 

Jani Päijänen, Juha Piispanen
JAMK University of Applied Sciences
Institute of Information Technology / JYVSECTEC
Finland