Abstract
Modern cyber domain is an extremely complex field to master. There are numerous capricious dependencies between networked systems and data. In cyber security, technology has a major role, but the knowledge and skills of the individuals combined with the incident response processes of the organisations are even more important assets. Those assets foster the cyber resilience of the organisation. The most effective ways to uphold these urgent assets are training and exercising. Cyber security exercises in particular have proven their efficiency in improving cyber security skillsets. During the cyber security exercises, it is possible to train cyber defence and incident response manoeuvres in stressful and hectic situations of being under cyber attack or intrusion. To achieve the capability to organise technical cyber security exercises with real attacks and real malware, technical training infrastructure mimicking real networks and systems is required. Such infrastructures are universally called cyber ranges or cyber arenas. Globally, cyber security exercises have become more common during the last decade, and there are several cyber ranges with diverse capabilities. Pooling and sharing the capabilities of cyber ranges raises the requirement to establish a cyber range technical federation. In this paper, a state-of-the-art implementation of the cyber range technical federation is introduced. In addition, the implementation demonstrated and evaluated during the Flagship 1 on-line cyber security exercise is discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon Web Services, Inc. Amazon Web Services (AWS). https://aws.amazon.com/. Accessed 8 Apr 2021
Chen Z, Yan L, He Y, Bai D, Liu X, Li L (2018) Reflections on the construction of cyber security range in power information system. In: 2018 IEEE 3rd advanced information technology, electronic and automation control conference (IAEAC), pp 2093–2097. https://doi.org/10.1109/IAEAC.2018.8577685
Cyber Security Network of Competence Centres for Europe-project: Cyber Security for Europe (CS4E). https://cybersec4europe.eu/. Accessed 7 Apr 2021
Debatty T, Mees W (2019) Building a cyber range for training cyberdefense situation awareness. In: 2019 international conference on military communications and information systems (ICMCIS), pp 1–6. https://doi.org/10.1109/ICMCIS.2019.8842802
Deckard GM (2018) Cybertropolis: breaking the paradigm of cyber-ranges and testbeds. In: 2018 IEEE international symposium on technologies for homeland security (HST), pp 1–4. https://doi.org/10.1109/THS.2018.8574134
Di Tizio G, Massacci F, Allodi L, Dashevskyi S, Mirkovic J (2020) An experimental approach for estimating cyber risk: a proposal building upon cyber ranges and capture the flags. In: 2020 IEEE European symposium on security and privacy workshops (EuroS PW), pp 56–65. https://doi.org/10.1109/EuroSPW51379.2020.00016
Drisko J, Maschi T (2016) Content analysis. Oxford University Press, New Yourk, NY
Elliott V (2018) Thinking about the coding process in qualitative data analysis. Qual Rep 23:2850–2861
European Commission (2019) Four EU pilot projects launched to prepare the European cybersecurity competence network. https://digital-strategy.ec.europa.eu/en/news/four-eu-pilot-projects-launched-prepare-european-cybersecurity-competence-network. Accessed 9 Apr 2021
European Commission (2020) Joint communication to the European parliament and the council: the EU’s cybersecurity strategy for the digital decade. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=JOIN:2020:18:FIN
European Commission (2020) Proposal for a directive of the European parliament and of the council on the resilience of critical entities. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2020:829:FIN
European Cyber Security Organisation (ECSO) (2020) Understanding cyber ranges: from hype to reality. https://www.ecs-org.eu/documents/uploads/understanding-cyber-ranges-from-hype-to-reality.pdf
European Defence Agency, EDA EDA’s pooling & sharing-factsheet. https://eda.europa.eu/docs/default-source/eda-factsheets/final-p-s_30012013_factsheet_cs5_gris. Accessed 9 Apr 2021
European Defence Agency, EDA (2017) Cyber ranges: EDA’s first ever cyber defence pooling & sharing project launched by 11 member states. https://www.eda.europa.eu/info-hub/press-centre/latest-news/2017/05/12/cyber-ranges-eda-s-first-ever-cyber-defence-pooling-sharing-project-launched-by-11-member-states. Accessed 7 Apr 2021
European Defence Agency, EDA (2018) Cyber ranges federation project reaches new milestone. https://www.eda.europa.eu/info-hub/press-centre/latest-news/2018/09/13/cyber-ranges-federation-project-reaches-new-milestone. Accessed 7 Apr 2021
European Defence Agency, EDA (2019) EDA cyber ranges federation project showcased at demo exercise in Finland. https://www.eda.europa.eu/info-hub/press-centre/latest-news/2019/11/07/eda-cyber-ranges-federation-project-showcased-at-demo-exercise-in-finland. Accessed 7 Apr 2021
Ferguson B, Tall A, Olsen D (2014) National cyber range overview. In: 2014 IEEE military communications conference, pp 123–128. https://doi.org/10.1109/MILCOM.2014.27
Graziano A (2020) About federation of cyber ranges, market places and technology innovation. https://www.linkedin.com/pulse/federation-cyber-ranges-market-places-technology-almerindo-graziano/. Accessed 9 Apr 2021
He Y, Yan L, Liu J, Bai D, Chen Z, Yu X, Gao D, Zhu J (2019) Design of information system cyber security range test system for power industry. In: 2019 IEEE innovative smart grid technologies—Asia (ISGT Asia), pp 1024–1028. https://doi.org/10.1109/ISGT-Asia.2019.8881739
Hsieh HF, Shannon SE (2005) Three approaches to qualitative content analysis. Qual Health Res 15(9):1277–1288. https://doi.org/10.1177/1049732305276687
JAMK University of Applied Sciences, Institute of Information Technology (2021) Coming soon—a cybersecurity exercise that emphasizes learning and cooperation. https://jyvsectec.fi/2021/01/cybersec4europe-projects-cybersecurity-exercise-on-january/. Accessed 7 Apr 2021
JAMK University of Applied Sciences, Institute of Information Technology/JYVSECTEC RGCE cyber arena. https://jyvsectec.fi/rgce. Accessed 8 Apr 2021
Karjalainen M, Kokkonen T (2020) Comprehensive cyber arena; the next generation cyber range. In: 2020 IEEE European symposium on security and privacy workshops (EuroSi &PW), pp 11–16. https://doi.org/10.1109/EuroSPW51379.2020.00011
Karjalainen M, Kokkonen T, Taari N (2022) Key elements of on-line cyber security exercise and survey of learning during the on-line cyber security exercise. Springer International Publishing, Cham, pp 43–57. https://doi.org/10.1007/978-3-030-91293-2_2
National Institute of Standards and Technology NIST Cyber ranges. https://www.nist.gov/system/files/documents/2018/02/13/cyber_ranges.pdf. Accessed 13 Jan 2020
Nevavuori P, Kokkonen T (2019) Requirements for training and evaluation dataset of network and host intrusion detection system. In: Rocha Á, Adeli H, Reis LP, Costanzo S (eds) New knowledge in information systems and technologies. Springer International Publishing, Cham, pp 534–546
North Atlantic Treaty Organization, NATO (2017) Smart defence. https://www.nato.int/cps/en/natolive/topics_84268.htm. Accessed 9 Apr 2021
Piispanen J (2018) Technical specification for federation of cyber ranges. Master’s thesis, JAMK University of Applied Sciences. http://urn.fi/URN:NBN:fi:amk-2018121722010
Piispanen J, Päijänen J (2021) Evaluation report on integration demonstration. https://cybersec4europe.eu/wp-content/uploads/2021/08/D7.3-Evaluation-report-on-integration-demonstration-v1.3_submitted.pdf
Päijänen J, Viinikanoja J, Piispanen J (2021) Flagship 1. https://cybersec4europe.eu/wp-content/uploads/2021/06/D6.4-Flagship-1-v1.1-submitted.pdf
Secretariat of the Security Committee (2019) Finland’s cyber security strategy, Government Resolution 3.10.2019. https://turvallisuuskomitea.fi/wp-content/uploads/2019/10/Kyberturvallisuusstrategia_A4_ENG_WEB_031019.pdf
Shangting M, Quan P (2021) Industrial cyber range based on QEMU-IOL. In: 2021 IEEE international conference on power electronics, computer applications (ICPECA), pp 671–674. https://doi.org/10.1109/ICPECA51329.2021.9362692
Shepherd LA, de Paoli S, Conacher J (2020) Human-computer interaction considerations when developing cyber ranges. Int J Inf Secur Cybercrime 9(2):28–32. https://doi.org/10.19107/IJISC.2020.02.04
Suni E, Piispanen J, Nevala J, Päijänen J, Saharinen K (2020) Report on existing cyber ranges, requirements. https://cybersec4europe.eu/wp-content/uploads/2020/09/D7.1-Report-on-existing-cyber-ranges-and-requirement-specification-for-federated-cyber-ranges-v1.0_submitted.pdf
The White House, signed by President Donald J. Trump (2018) National cyber strategy of the United States of America. https://trumpwhitehouse.archives.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf
Tian Z, Cui Y, An L, Su S, Yin X, Yin L, Cui X (2018) A real-time correlation of host-level events in cyber range service for smart campus. IEEE Access 6:35355–35364. https://doi.org/10.1109/ACCESS.2018.2846590
Ukwandu E, Farah MAB, Hindy H, Brosset D, Kavallieros D, Atkinson R, Tachtatzis C, Bures M, Andonovic I, Bellekens X (2020) A review of cyber-ranges and test-beds: current and future trends. Sensors 20(24). https://doi.org/10.3390/s20247148
Urias VE, Stout WMS, Van Leeuwen B, Lin H (2018) Cyber range infrastructure limitations and needs of tomorrow: a position paper. In: 2018 international Carnahan conference on security technology (ICCST), pp 1–5. https://doi.org/10.1109/CCST.2018.8585460
ZeroTier Inc. ZeroTier global—area networking. https://www.zerotier.com/. Accessed 29 Apr 2021
Zhang Z, Lu G, Zhang C, Gao Y, Wu Y, Zhong G (2020) Cyfrs: a fast recoverable system for cyber range based on real network environment. In: 2020 information communication technologies conference (ICTC), pp 153–157. https://doi.org/10.1109/ICTC49638.2020.9123273
Acknowledgements
This research is funded by Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) -project of the Horizon 2020 SU-ICT-03-2018 program. The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kokkonen, T., Sipola, T., Päijänen, J., Piispanen, J. (2023). Cyber Range Technical Federation: Case Flagship 1 Exercise. In: Dimitrakos, T., Lopez, J., Martinelli, F. (eds) Collaborative Approaches for Cyber Security in Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-16088-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-16088-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16087-5
Online ISBN: 978-3-031-16088-2
eBook Packages: Computer ScienceComputer Science (R0)