CYRAN: a realistic environment for cyber warfare training

Cyber Security of ICS/SCADA systems is a major aspect of current research in the cyber community. Here at the Cyber Technology Institute, we have developed CYRAN – a hybrid cyber range that is a combination of physical and virtual components which is an ideal environment for hands-on training in cyber warfare training, cyber resilience testing and cyber technology development.

A key challenge in Cyber Security training is the ability to perform practical exercises in a realistic environment, especially for areas where the ability to incorporate real equipment is almost non-existent.

To this end, the Cyber Technology Institute at De Montfort University have created the CYRAN cyber range. CYRAN has been developed utilising a hybrid approach, combining virtualised components with actual physical hardware.  This includes the capacity for switches, routers, user terminals with a variety of operating systems, programmable logic controllers, human machine interfaces, geographically distributed networks and virtual private networks.

Scenarios can be developed to better represent operational environments by incorporating physical systems such as control systems and bespoke technologies, providing enhanced resiliency testing.

Once a scenario has been developed Red vs Blue exercises (where one team attack the system and the other attempt to identify and attribute the attacks) can be performed highlighting areas of weakness likely to be exploited by malicious actors and assessing the level of information required for successful attribution.  Tokens worth a predetermined number of points are spread throughout the scenario and are associated with particular techniques or exploits.

redAndblue

This approach introduces an element of competition, which can be tailored to assess the impact of differing schemes.  Competition can be simply between Red and Blue, but provision exists to monitor individual points meaning competition within teams can also be assessed.  Any combination of these can also be implemented; one that has proved successful in the past is to award Blue points solely to the team whilst awarding individual points to the Red team, leading to greater teamwork amongst the defenders whilst highlighting individuality for the attackers.

A key component of a scenario is the White team; not only do they ensure the smooth running of the event providing hints or extra information when necessary, but they can also take on the role of other members of an organisation to increase the realistic demands of a situation.

With CYRAN, we can provide attendees with practical and technical skills as well as the experience of working with others within a simulated scenario.  It is also  easy to create and add new scenarios in order to tailor the training to the specific needs of organisations.

For more information about the training opportunities with CYRAN, please contact us: cybertech.support@dmu.ac.uk.

For more detail about the development of CYRAN, please see: http://www.igi-global.com/chapter/cyran/172681

This entry was posted in Uncategorized. Bookmark the permalink.