Modeling and executing cyber security exercise scenarios in cyber ranges

Abstract

The skill shortage in global cybersecurity is a well-known problem; to overcome this issue, cyber ranges have been developed. These ranges provide a platform for conducting cybersecurity exercises; however, conducting such exercises is a complex process because they involve people with different skill sets for the scenario modeling, infrastructure preparation, dry run, execution, and evaluation. This process is very complex and inefficient in terms of time and resources. Moreover, the exercise infrastructure created in current cyber ranges does not reflect the dynamic environment of real-world systems and does not provide adaptability for changing requirements. To tackle these issues, we developed a system that can automate many tasks of the cybersecurity exercise life cycle. We used model-driven approaches to (1) model the roles of the different teams present in the cybersecurity exercises and (2) generate automation artifacts to execute their functions efficiently in an autonomous manner. By executing different team roles such as attackers and defenders, we can add friction in the environment, making it dynamic and realistic. We conducted case studies in the form of operational cybersecurity exercises involving national-level cybersecurity competitions and a university class setting in Norway to evaluate our developed system for its efficiency, adaptability, autonomy, and skill improvement of the exercise participants. In the right conditions, our proposed system could create a complex cybersecurity exercise infrastructure involving 400 nodes with customized vulnerabilities, emulated attackers, defenders, and traffic generators under 40 minutes. It provided a realistic environment for cybersecurity exercises and positively affected the exercise participants’ skill sets.