Cyber Ranges: The (R)evolution in Cybersecurity Training

  • View
    146

  • Download
    0

Embed Size (px)

Text of Cyber Ranges: The (R)evolution in Cybersecurity Training

  • Dr. Jorge Lpez Hernndez-ArdietaHead of Cybersecurity Solutions & Digital Specialist

    Cyber Ranges: The (R)evolution in Cybersecurity Training

    Barcelona, 6 December 2016

    Cybersecurity Unit

  • 2

    Contents

  • 3

    Contents

  • 4

    Technology evolution01. CURRENT SITUATION

    Big Data/ Analytics

    Smart X

    BYOX/ Mobility

    Unmannedsystems

    Systems-of-systems

    Social networksIoT/

    WearablesBlockchain

    SDN/NFV

    Cloud/ Virtualisation(SaaS/PaaS/IaaS

  • 5

    Technology evolution01. CURRENT SITUATION

    Big Data/ Analytics

    Smart X

    BYOX/ Mobility

    Unmannedsystems

    Systems-of-systems

    Social networksIoT/

    WearablesBlockchain

    SDN/NFV

    Cloud/ Virtualisation(SaaS/PaaS/IaaS

    Interdependence & Interconnection

  • 6

    Cyber threats evolution01. CURRENT SITUATION

    ATM/Bank attacks

    First attacksto phonenetwork Morris

    worms

    Massiveattacks to

    EEUU phonesystem

    1900 1980 1990 20001970

    Kevin Mitnick

    2010 20121930

    Enigma is hacked

    Datastreamhacks

    DoD, NASA, USAF

    TenenbaumHacks

    Pentagon

    Anti-sec

    Conficker

    Estonia DDoS

    Anonymous

    Stuxnet

    APT Ghostnet, NightDragon, Titan Rain, Shady Rat, Aurora

    Worms CodeRed, Nimda, Kornoukova, Sadmind, slapper, Iloveyou, Mellissa, Blaster, etc

    2014

    APT

    Careto

    DragonFly

    Ransomware

    (mobile)

    DDoS/IoT

    2016

  • 7

    The need for qualified professionals01. CURRENT SITUATION

    Constant evolution of technology and cyber threats require constant efforts in professional education and training

    Decision-makers should also be educated on risks and security matters at strategic level

    Qualified professionals are paramount for organisations to deploy and implement effective cybersecurity practices

    secure SW/systems engineers, network security engineers, incident responders, malware & forensic analysts, security consultants, etc.

  • 8

    Current efforts and initiatives do not suffice

    Knowledge entry barriers slow down training process and increase costs

    Requires hands-on training: significant trainer resources (high costs)

    Our aim is to identify some desirable properties that technology should have in order to provide effective massive-scale cybersecurity training, detect which ones present technical challenges, and suggest novel approaches to achieve them

    Recent explosion in the demand (91% increase in US 2010-20141)

    Expectations are worse: 6M until 20192

    Offer-demand imbalance: Lack of highly skilled and trained cybersecurity professionals

    Problems01. CURRENT SITUATION

    2 Estimations by Symantec and CISCO reports (2014).

    1 Job Market Intelligence: Cybersecurity Jobs, Burning Glass Technologies (2015)

  • 9

    Contents

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 10

    USABILITY

    Easy access regardless when and where (remotely) students access from.

    Easy-to-use HMI and functionality.

    ROLE ORIENTED

    Adapt the training dynamics to the role of the student (strategic, operational, tactical).

    REALISM

    Information systems and communication networks that reproduce real-world scenarios with real-time feedback and operation.

    Hands-on approach.

    GROWTH

    Set up new exercises at a steady pace (and cost-effective), according to the evolution in technology and cyber threats.

    Desirable properties02. CHALLENGES IN CYBERSECURITY TRAINING

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 11

    CUSTOMIZABLE

    Easily adapt and tailor the exercises to the organisations needs, without the need to stick to predefined scenarios and exercises.

    SECURITY

    High security: isolation from production environments, isolation between exercises, access control, sound product engineering, etc.

    SCALABILITY

    Support large networks with hundreds and even thousands of assets.

    Transparently accommodate new users up to reasonable orders of magnitudes (hundreds, thousands).

    RICHNESS

    Support a wide array of scenarios, techniques, defensive and offensive tools, attackers profiles, configurations etc.

    Desirable properties02. CHALLENGES IN CYBERSECURITY TRAINING

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 12

    SUPERVISION

    Automatically monitor and assess the students actions and performance.

    GUIDANCE

    Provide automatic guidance and hints to the student to help him during the training activity to enhance the learning process.

    REPRODUCIBILITY

    Repeat, pause, resume and restore the exercises at any time (student).

    CONTROL

    Automatically control the execution of the exercise to know its progress as well as state of the underlying network.

    Desirable properties02. CHALLENGES IN CYBERSECURITY TRAINING

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 13

    ADAPTABILITY

    Adapt the level of difficulty of the training to the students skills and performance, including dynamically.

    Automatically and dynamically propose new challenges to the student.

    AUTOMATED ADVERSARY

    Play automatically adversarial roles (defender, attacker, ally).

    PEDAGOGICAL

    Embed a variety and effective learning processes and pedagogical strategies, such as:

    Observational learning (play automated exercises).

    Trial and error approaches (active attitude, capability to undo actions and take different courses of action, etc.).

    Quantitative scoring system and gamification mechanisms to encourage competitiveness and self-improvement.

    Desirable properties02. CHALLENGES IN CYBERSECURITY TRAINING

  • 14

    Contents

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 15

    Cyber rangeshave become valuable tools for civil and military organisations

    Hands-on training

    01

    Experimentation and test of

    technology and

    cyberweapons

    02

    CDX Cyber Defence

    Exercises

    03

    Research andvalidation of new

    concepts and

    technology

    04

    Cyber ranges03. CYBER RANGES: A NOVEL APPROACH

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 16

    A classical cyber range03. CYBER RANGES: A NOVEL APPROACH

    ESXi serversVirtual SMP VMFS

    Storage

    Network

    infrastructure

    Virtual machines

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    Physical layer

    Virtual layer

    Management

    layer

    vCenter Management platform

    Advanced functions

    DRS HA vMotion

    Servers

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 17

    A classical cyber range03. CYBER RANGES: A NOVEL APPROACH

    ...

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    Redes

    MZDMZ

    Virtual Switch

    (VLAN A)

    OS

    AppVirtual

    Firewall

    Virtual

    IPS OS

    App

    Target system Red Team

    OS

    App

    OS

    App

    OS

    App

    Red

    Ataque

    Virtual Switch

    Plataforma Ataques

    (VLAN B)

    OS

    AppFirewall

    Virtual

    Exercise B

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    Redes

    MZDMZ

    Virtual Switch

    (VLAN A)

    OS

    AppVirtual

    Firewall

    Virtual

    IPS OS

    App

    Target system Red Team

    OS

    App

    OS

    App

    OS

    App

    Red

    Ataque

    Virtual Switch

    Plataforma Ataques

    (VLAN B)

    OS

    AppFirewall

    Virtual

    Exercise A

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    OS

    App

    Redes

    MZDMZ

    Virtual Switch

    (VLAN A)

    OS

    AppVirtual

    Firewall

    Virtual

    IPS OS

    App

    Target system Red Team

    OS

    App

    OS

    App

    OS

    App

    Red

    Ataque

    Virtual Switch

    Plataforma Ataques

    (VLAN B)

    OS

    AppFirewall

    Virtual

    Storage & Backup

    Appliance Backup

    WBS

    Dedicated

    DataStore

    NetworkApp

    liance

    NetApp FAS2040

    (storage)

    DataStores

    VMware

    Overland NEO-

    2000

    SAS

    Virtual Switch

    (VLAN D)

    Vmware Virtual

    Center

    Management

    computer

    Management network (VLAN C)

    HostESX-01 HostESX-02

    Cluster (servers)Physical

    switches

    External

    access

    Management

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 18

    MATURE

    GROWTH

    SCALABILITY

    SECURITY

    REALISM

    RICHNESS

    USABILITYCHALLENGE

    CONTROL

    ADAPTABILITY

    GUIDANCE

    PEDAGOGICAL

    SUPERVISION

    A-ADVERSARY

    INCIPIENT

    REPRODUCIBILITY

    CUSTOMIZABLE

    ROLE ORIENTED

    Maturity level in state-of-the-art solutions03. CYBER RANGES: A NOVEL APPROACH

  • TRAINING IN CYBERSECURITY: CHALLENGES AND NOVEL APPROACHES | 19

    A mere virtualisation infrastructure with some tailored functionality does not suffice

    CHALLENGE

    CONTROL

    ADAPTABILITY

    GUIDANCE

    PEDAGOGICAL

    SUPERVISION

    A-ADVERSARY

    Covering the challenges03. CYBER RANGES: A NOVEL APPROACH

  • TRA