NEXT-GEN CYBER RANGE FOR ASSESSMENTS

Competence is a set of attributes such as knowledge, skills and abilities required to successfully perform specific tasks. The cyber range allows the assessment to be practical and based on the successful completion of practical tasks and/or on the observation of user behavior and choices made in the execution of practical tasks or assignments. As the cyber range is used for competence assessment, it is also to be expected that it influences a positive change in hiring practices, allowing organisations to better identify, validate and hire suitable candidates. This objective is highly dependent on the development of the national and international competence frameworks, the former currently being developed with the active participation of EDIH Trakia.

The  cyber range covers 3 main capabilities to support competence assessment:

• Attack Simulation;


• User Activity Simulation;


• Scenarios and Content Development.

The „Attack Simulation“ quality refers to the ability to simulate attacks within the simulated cyber range environment. Attack simulation is an ever-expanding capability with a range of players and tools. The business focus of most attack simulation tools and platforms is (semi-)automated enterprise security testing. This means that attack simulation refers to what is currently known as breach and attack simulation. The focus of traditional vulnerability scanning technology is networks, application vulnerabilities, and system identification. Attack simulation tools have the added benefit of allowing the different phases of the security breach process to be simulated while providing recommendations for an organization's defenses. Recently, attack and penetration simulation has increasingly focused on the MITER ATT&CKTM knowledge base. Targeting adversarial techniques, moving away from the traditional security destruction model. Simulating attacks is beyond the scope of this study. Suffice it to say that the ability to simulate cyber attacks possesses a level of sophistication relative to the ability of cyber ranges to simulate ICT/OT environments.

A distinction must actually be made between simulation and emulation of cyber attacks. In most cases, cyber attack simulation at cyber ranges is limited to the ability to respond to captured traffic with varying degrees of customization. This is because the core approach in the cyber breach and attack simulation module is still under development. The ultimate goal of cyber attack simulation is to define a library as a tool. Which contains a list of pre-defined cyber attacks, scenarios, and the ability to create and import custom cyber attacks.

The „User Activity Simulation“ refers to the ability to recreate the presence and behavior of users in a cyber environment. Although technology, methods and tools are used with the aim of simulating a realistic cyber attack environment. Simulation of user activity is critical for exploring scenarios that are truly close to real environments. In other words, to the simulation of systems and applications, adding the simulation of user activity makes the cyber range much closer to the real world. User simulation can refer to both internal users and fictitious client users of a simulated environment. For example, if the simulated environment is part of the accounting network of an enterprise network, then the user simulation should refer to the simulation of the staff members of a fictitious accounting department and to the simulation of the customers of the fictitious organization. Which use the relevant web cloud services to connect with accounting.

Examples of user activity simulation include:
     - User activity when surfing the Internet
     - Users watching videos on video streaming platforms
     - Users using P2P file sharing applications to download files
     - Users sending e-mail
     - Users interacting with cloud services such as Office 365, Dropbox, etc.

User activity simulation should also include simulation of devices, such as mobile phones and desktop computers, through which it is possible to simulate user interaction with the target environment. The desired characteristics regarding the user simulation are defined in the simulation library. Which contains a list of predefined user actions and the ability to create and import new user simulations. Finally, realism is further achieved by simulating users and subsequent business processes using business systems simulated by the cyber range.

Scenarios and Content Development: The effectiveness of cyber coverage is strongly related to how the cyber coverage is used. Which in turn relates to the scenarios to which cyber scope can apply. This is somewhat comparable to a PC game console, which is related to the range of games available and the number of third parties developing games for the console. In terms of cyber ranges, the game is the scenario of the simulation and the ability to develop scenarios by the users or by third parties. This would greatly increase the utility and added value of the cyber range. That's why some cyber ranges are now being equipped with scenario building tools that can range from the ability to create simulation environments to full-scale custom simulation of cyber-attacks.

This service of the cyber range is used on the next level support to testing and assessment services of EDIH-Trakia and for training purposes as well. Its development is to be pursued in the second 18 months period of the project duration, intensively testing it with our customers of training, testing and consulting services.