In recent years the complexity of the IT infrastructures that underpin business operations has increased significantly. This is largely due to the ongoing digital transformation of enterprises, which are replacing manual and error-prone processes with IT-enabled ones. At the same time, the advent of computing paradigms such as the Internet-of-Things (IoT) has to lead to an expanded deployment of more sophisticated systems that comprise Internet-connected devices and smart objects like drones, automated guided vehicles and industrial robots. This rising sophistication of IT infrastructures comes with a host of automation and productivity benefits. Nevertheless, it also introduces new challenges, such as the need for stronger and effective Cybersecurity.
Cybersecurity has always been a major concern for deployers and operators of non-trivial IT infrastructures. However, its complexity and importance has recently risen for a number of additional reasons
- The blending of IT systems with Operational Technology (OT) systems, which is very common in industrial settings such as production plants.
- The fact that cybersecurity processes cannot be fully automated, but rather have to rely on the proper engagement of humans in the implementation of effective security policies.
- Recent regulatory changes such as the introduction of the General Data Protection Regulation (GDPR) in Europe, in which cybersecurity is the most important facet.
As a result, there is a growing need to educate employees and other stakeholders on how cybercrime works, but also on how to engage in the implementation of robust security measures and policies. This need has led to the development of Cyber Ranges, which are emerging training and simulation environments for cybersecurity. The term Cyber Range stems from the concept of a “Shooting Range”: Cyber Ranges are safe places where people can be trained on cybercrime defense practices, much in the same way shooting ranges provide safe places where people fire guns at given targets.
Introducing Cyber Ranges
A Cyber Range training environment is typically interactive and comprises a simulated representation of an organization’s cyber infrastructure. The cyberinfrastructure includes models for local networks, systems, applications and tools that are all connected in the simulated Internet-based environment. This environment is destined to support the development of cyber-skills based on practical testing while acting as a sandbox for testing of new products and services in terms of their cybersecurity characteristics.
The simulated environment of a Cyber Range includes a combination of real-life hardware and virtualized software components. It’s the proper mixing and combination of the inputs and outputs of these components that render a Cyber Range environment realistic. A certain portion of the network traffic of a Cyber Range is simulated and may comprise realistic representations of web pages, browsers, and e-mail services depending on the processes that are to be simulated for training or testing purposes.
The simplest form of Cyber Ranges is single stand-alone ranges, that are deployed and used internally by different types of organizations such as private enterprises, industrial organizations, governmental organizations, military agencies, as well as schools and universities. However, it’s also possible to expand the scope of the Cyber Range training environment based on the interconnection of a Cyber Range of an organization with Cyber Ranges established in other organizations. This interconnection can expand the scope of the training activities towards covering larger scale environments. However, the Cyber Ranges interconnection process is not a trivial one: different Cyber Ranges have to be interconnected in an interoperable way.
Cyber Ranges Functionalities and Users
Let’s have a closer look at some of the main functionalities of a Cyber Range environment:
- Teamwork training: Security teams’ collaboration is a key to effective cybersecurity in complex environments such as industrial plants and other types of critical infrastructures. Cyber Ranges provide an ideal environment not only for improving an individual’s cybersecurity skills but also for training teams in collaborative processes and teamwork.
- Realistic on-the-job environments: Security professionals should not dispose of with theoretical training only. Rather they need to take on-the-job training as well. Cyber Ranges provide the means for simulating on-the-job settings as a means of engaging professionals in meaningful practical exercises.
- Real-time feedback: A Cyber Range environment enables organizations to obtain real-time feedback regarding a specific cybersecurity process, as part of realistic what-if scenarios simulation.
- Innovation Sandbox: Cyber Ranges provide environments where new concepts for security products and services can be tested and validated. This eliminates the uncertainty that is associated with new ideas prior to their field validation.
Cybersecurity professionals are the primary users of Cyber Range environments. However, many other stakeholder groups and professionals’ benefit from the use of Cyber Ranges, including law enforcement employees, IT experts, incident handlers, IT administrators, as well as regular personnel working in critical infrastructures. Furthermore, Cyber Ranges are commonly used by cybersecurity students and trainees, as part of their practical training curricula. In general, Cyber Ranges are closely related to all security training processes, including processes and examinations for obtaining security certifications.
Much as Cyber Ranges are important for individual workers, they are also very useful to entire organizations as tools for evaluating cyber competencies, testing new procedures, training personnel and evaluating new security processes and protocols.
Cyber Ranges and Early Preparedness
Beyond training and education, Cyber Ranges are about early preparedness. One of the main cybersecurity issues faced by organizations nowadays is that they tend to be reactive when coping with cybersecurity threats and incidents. This reactiveness incurs significant damage, which takes place until the organization realizes the scale of the problem and remedies its root cause. Cyber Ranges can alleviate such poor reactions by making organizations more proactive. In particular, they can train employees to communicate fast about security-related information or security incidents’ indicators such as a dangerous email or an unusual behavior of an IT system. To this end, there is a need for employees to be able to identify these situations and to communicate them to cybersecurity experts. Likewise, cybersecurity teams must be very well trained on all incidents that they are likely to encounter, but also on the remedial actions that they should undertake, especially during the very first moments after the identification of an incident. Cyber Ranges can ensure that both cybersecurity teams and other employees are ready to play their role in the early cybersecurity preparedness of their organization.
Despite significant investments in cybersecurity and regulatory compliance, cybercrime incidents around the globe are still on the rise. Cyber Ranges can be a powerful tool in an organization’s cybersecurity arsenal in the years to come.