Biblio

In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.

As cyber-physical systems are becoming more wide spread, it is imperative to secure these systems. In the real world these systems produce large amounts of data. However, it is generally impractical to test security techniques on operational cyber-physical systems. Thus, there exists a need to have realistic systems and data for testing security of cyber-physical systems [1]. This is often done in testbeds and cyber ranges. Most cyber ranges and testbeds focus on traditional network systems and few incorporate cyber-physical components. When they do, the cyber-physical components are often simulated. In the systems that incorporate cyber-physical components, generally only the network data is analyzed for attack detection and diagnosis. While there is some study in using physical signals to detect and diagnosis attacks, this data is not incorporated into current testbeds and cyber ranges. This study surveys currents testbeds and cyber ranges and demonstrates a prototype testbed that includes cyber-physical components and sensor data in addition to traditional cyber data monitoring.

With over 80% of goods transportation in volume carried by sea, ports are key infrastructures within the logistics value chain. To address the challenges of the globalized and competitive economy, ports are digitizing at a fast pace, evolving into smart ports. Consequently, the cyber-resilience of ports is essential to prevent possible disruptions to the economic supply chain. Over the last few years, there has been a significant increase in the number of disclosed cyber-attacks on ports. In this paper, we present the capabilities of a high-end hybrid cyber range for port cyber risks awareness and training. By describing a specific port use-case and the first results achieved, we draw perspectives for the use of cyber ranges for the training of port actors in cyber crisis management.

Cyber ranges are proven to be effective towards the direction of cyber security training. Nevertheless, the existing literature in the area of cyber ranges does not cover, to our best knowledge, the field of 5G security training. 5G networks, though, reprise a significant field for modern cyber security, introducing a novel threat landscape. In parallel, the demand for skilled cyber security specialists is high and still rising. Therefore, it is of utmost importance to provide all means to experts aiming to increase their preparedness level in the case of an unwanted event. The EU funded SPIDER project proposes an innovative Cyber Range as a Service (CRaaS) platform for 5G cyber security testing and training. This paper aims to present the evaluation framework, followed by SPIDER, for the extraction of the user requirements. To validate the defined user requirements, SPIDER leveraged of questionnaires which included both closed and open format questions and were circulated among the personnel of telecommunication providers, vendors, security service providers, managers, engineers, cyber security personnel and researchers. Here, we demonstrate a selected set of the most critical questions and responses received. From the conducted analysis we reach to some important conclusions regarding 5G testing and training capabilities that should be offered by a cyber range, in addition to the analysis of the different perceptions between cyber security and 5G experts.

Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.

There is an increasing trend in cloud adoption of enterprise applications in, for example, manufacturing, healthcare, and finance. Such applications are routinely subject to targeted cyberattacks, which result in significant loss of sensitive data (e.g., due to data exfiltration in advanced persistent threats) or valuable utilities (e.g., due to resource the exfiltration of power in cryptojacking). There is a critical need to train highly skilled cybersecurity professionals, who are capable of defending against such targeted attacks. In this article, we present the design, development, and evaluation of the Mizzou Cyber Range, an online platform to learn basic/advanced cyber defense concepts and perform training exercises to engender the next-generation cybersecurity workforce. Mizzou Cyber Range features flexibility, scalability, portability, and extendability in delivering cyberattack/defense learning modules to students. We detail our “research-inspired learning” and “learn-apply-create” three-phase pedagogy methodologies in the development of four learning modules that include laboratory exercises and self-study activities using realistic cloud-based application testbeds. The learning modules allow students to gain skills in using latest technologies (e.g., elastic capacity provisioning, software-defined everything infrastructure) to implement sophisticated “attack defense by pretense” techniques. Students can also use the learning modules to understand the attacker-defender game in order to create disincentives (i.e., pretense initiation) that make the attacker's tasks more difficult, costly, time consuming, and uncertain. Lastly, we show the benefits of our Mizzou Cyber Range through the evaluation of student learning using auto-grading, rank assessments with peer standing, and monitoring of students' performance via feedback from prelab evaluation surveys and postlab technical assessments.

This Innovative Practice full paper describes a technical innovation for scalable teaching of cybersecurity hands-on classes using interactive learning environments. Hands-on experience significantly improves the practical skills of learners. However, the preparation and delivery of hands-on classes usually do not scale. Teaching even small groups of students requires a substantial effort to prepare the class environment and practical assignments. Further issues are associated with teaching large classes, providing feedback, and analyzing learning gains. We present our research effort and practical experience in designing and using learning environments that scale up hands-on cybersecurity classes. The environments support virtual networks with full-fledged operating systems and devices that emulate realworld systems. The classes are organized as simultaneous training sessions with cybersecurity assignments and learners' assessment. For big classes, with the goal of developing learners' skills and providing formative assessment, we run the environment locally, either in a computer lab or at learners' own desktops or laptops. For classes that exercise the developed skills and feature summative assessment, we use an on-premises cloud environment. Our approach is unique in supporting both types of deployment. The environment is described as code using open and standard formats, defining individual hosts and their networking, configuration of the hosts, and tasks that the students have to solve. The environment can be repeatedly created for different classes on a massive scale or for each student on-demand. Moreover, the approach enables learning analytics and educational data mining of learners' interactions with the environment. These analyses inform the instructor about the student's progress during the class and enable the learner to reflect on a finished training. Thanks to this, we can improve the student class experience and motivation for further learning. Using the presented environments KYPO Cyber Range Platform and Cyber Sandbox Creator, we delivered the classes on-site or remotely for various target groups of learners (K-12, university students, and professional learners). The learners value the realistic nature of the environments that enable exercising theoretical concepts and tools. The instructors value time-efficiency when preparing and deploying the hands-on activities. Engineering and computing educators can freely use our software, which we have released under an open-source license. We also provide detailed documentation and exemplary hands-on training to help other educators adopt our teaching innovations and enable sharing of reusable components within the community.

The main purpose of this paper is to solve the problem of quantitative and qualitative evaluation of network security. Referring to the relevant network security situation assessment algorithms, and by means of advanced artificial intelligence deep learning technology, to build a network security Indication System based on Cyber Range, and optimize the guidance model of deep learning technology.

Cyber ranges are well-defined controlled virtual environments used in cybersecurity training as an efficient way for trainees to gain practical knowledge through hands-on activities. However, creating an environment that contains all the necessary features and settings, such as virtual machines, network topology and security-related content, is not an easy task, especially for a large number of participants. Therefore, we propose CyRIS (Cyber Range Instantiation System) as a solution towards this problem. CyRIS provides a mechanism to automatically prepare and manage cyber ranges for cybersecurity education and training based on specifications defined by the instructors. In this paper, we first describe the design and implementation of CyRIS, as well as its utilization. We then present an evaluation of CyRIS in terms of feature coverage compared to the Technical Guide to Information Security Testing and Assessment of the U.S National Institute of Standards and Technology, and in terms of functionality compared to other similar tools. We also discuss the execution performance of CyRIS for several representative scenarios.