defence exercises in a cyber range
play

Defence Exercises in a Cyber Range Frontiers in Education 2017 - PowerPoint PPT Presentation

Dec 04, 2023 •276 likes •451 views

Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal Masaryk University, Brno Who am I? Post-doc researcher with KYPO academic cloud-based cyber range.

  1. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal Masaryk University, Brno

  2. Who am I?  Post-doc researcher with KYPO – academic cloud-based cyber range.  Ph.D. graduate in flow-based intrusion detection.  Founder and head of a certified university operational security team.  Coordinator and designer of hands-on training session at KYPO platform. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 2 Jan Vykopal, Masaryk University

  3. Outline  Red vs. Blue team exercise format  Who is who – team roles  Cyber range  Defence exercise in a cyber range  Exercise lifecycle – from preparation to evaluation and repetition  Lessons learned – different viewpoints:  Learners  Exercise content  Exercise infrastructure  Conclusion and future work Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 3 Jan Vykopal, Masaryk University

  4. Red vs. Blue team exercise format Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 4 Jan Vykopal, Masaryk University

  5. Cyber range Dedicated HW Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 5 Jan Vykopal, Masaryk University

  6. Example of a defence exercise in a cyber range  Topic: defending critical IT infrastructure with SCADA/ICS systems against skilled and coordinated attackers  Learners play a role of members of emergency security teams.  Their tasks:  Secure their network and services.  Investigate possible data exfiltrations.  Collaborate with the coordinator, law enforcement agencies and media.  Schedule:  Day 1 – familirization with the infrastructure and rules; no attacks  Day 2 – actual intensive exercise; no breaks Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 6 Jan Vykopal, Masaryk University

  7. Exercise scenario Follows common attack phases: 1. reconnaissance the victim's network 2. exploitation of the unveiled vulnerabilities 3. escalation of privileges on compromised computers and further exploitation 4. completing attackers' mission (e. g., shutdown a control system) Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 7 Jan Vykopal, Masaryk University

  8. General requirements for a cyber range  One sandbox for each team with exercise network interconnecting all virtual hosts that have to be defended by learners.  Monitoring and logging system  Each host in the sandbox sends logs to the central server for further analysis.  State of the host's network services is periodically checked and logged.  Scoring system  Provides instant feedback to participants during exercise.  Penalty and award points are computed automatically from events processed by the logging infrastructure or entered manually. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 8 Jan Vykopal, Masaryk University

  9. Cyber defence exercise lifecycle Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 9 Jan Vykopal, Masaryk University

  10. Lessons learned - preparation  Setting learning objectives with respect to the expected readiness of prospective learners  Organizers have limited information about learners' skills before the exercise.  Ask for self-assessment or taking part in a test before the exercise.  Creating balanced teams  If some learners are experts in one area, distribute them to all teams equally and complement them with experts in another area.  Sandbox configuration documents  Continually update specification of systems, network and vulnerabilities.  Do not use static documentation, but automation tool such as Ansible. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 10 Jan Vykopal, Masaryk University

  11. Lessons learned – dry run  Adjusting the scoring system based on the dry run might be misleading  Expertise and size of the Blue teams participating in the dry run may be different.  Think about various conditions and events that may not happen in the execution . Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 11 Jan Vykopal, Masaryk University

  12. Lessons learned – execution I  Level of guidance by organizers  Provide some hints to keep learners in flow and not to get frustrated.  The guidance should be provided to all teams equally to preserve fair play.  Exercise situational awareness for learners  Might be contradictory to the aim and nature of cyber defence exercise.  Provide only a basic indication of the learners’ performance by displaying a real-time total score of all teams on a shared scoreboard.  It also fuels participants with stress as well as a competitive mood. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 12 Jan Vykopal, Masaryk University

  13. Lessons learned – execution II  Exercise situational awareness for organizers  Familirization period: monitoring the infrastructure enables the White team to provide hints for Blue teams if they unintentionally misconfigure their services.  Actual exercise: White team needs to know if some event reported by the Blue teams is a part of the exercise or outage of the infrastructure (cyber range).  Automation of the attacks and injects  A need for semi-automated routines that execute attacks and injects in predefined order (=> master’s thesis ).  A need for a generator of network traffic that can emulate typical users.  Service access to the exercise's infrastructure  Clearly define what is it and how to distinguish it from a ordinary traffic and attacks by Red team. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 13 Jan Vykopal, Masaryk University

  14. Lesson learned - evaluation  Ask learners what they want to know  Prepare a questionnaire that is distributed before the evaluation workshop and tailor the content based on their input.  Learning also happens in this phase  Evaluation workshop reveals the exercise scenario and timeline from the perspective of the Red and White team.  The only opportunity when the learners can authoritatively learn about attacks.  Provide a hand-out with best practices that might be useful in the daily routine. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 14 Jan Vykopal, Masaryk University

  15. Conclusions Exercise lifecycle Preparation Dry run Execution Evaluation Repetition Each phase brought several lessons from educational and technical perspectives. Follow-up work - two papers accepted for SIGCSE 2018 :  Prerequisite testing of cybersecurity skills  Timely feedback to learners (just after the exercise) Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 15 Jan Vykopal, Masaryk University

  16. QUESTIONS? THANKS FOR YOUR ATTENTION! www.kypo.cz Jan Vykopal @csirtmu vykopal@ics.muni.cz

Recommend

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

644 views • 19 slides
Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan

Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan

Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan Vykopal, Karolna Bursk , and Vt Rusk IEEE Frontier in Education Conference, San Jose, USA, 2018 1 KYPO Cyber Range Cloud-based simulator

538 views • 14 slides
Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference

Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference

NATO Command, Control and Consultation Agency Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference Miami, 13-18 June 2010 Luc Dandurand CAT 2 Cyber Defence and Assured Information Sharing NATO

671 views • 10 slides
The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can we run large cyber security exercises once a week? 2 Stepping back Looking at the configuration management problem, e.g., the gap

749 views • 20 slides
Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use of Cyberspace Major General J Shaw ACDS(GI) DEFENCE CYBER OPERATIONS GROUP What is Cyberspace? A global domain within the information

558 views • 8 slides
KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark

KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark

KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark Masaryk University (ICS) tovarnak@ics.muni.cz Cyber Ranges Cyber Range is a platform for cyber security research and education it is a

1.1k views • 18 slides
What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20 2007 FIRST Annual Technical Conference Sevilla, Espaa Overview Background Purpose of exercises Examples of what we can

351 views • 23 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University of Cincinnati About This Seminar Designed for everyday cyber citizens Online Webinar 2 hour Presentation 10 Minute break

607 views • 57 slides
The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander

The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander

The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander Defence SIGINT and Cyber Command Scope What is cyber Cyber 101. The Conceptual Framework The nature of the cyber threat problem.

753 views • 12 slides
Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO,

Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO,

Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO, IAPF House keeping NOTE EMERGENCY EXITS PUT MOBILE DEVICES ON SILENT FILL IN EVALUATION FORMS DOWNLOAD PRESENTATIONS AT WWW.IAPF.IE Whats your

821 views • 32 slides
Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques (NIT-K) S. K. Pal Defence Research & Development Organization (DRDO) SAG, Metcalfe House, Delhi 27-Jul-2020 1 What is Cyberspace? Refers to

766 views • 17 slides
WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison Officer - Defence SA 1 DEFENCE SA A SOUTH AUSTRALIAN GOVERNMENT AGENCY MISSION Facilitate the growth of Defence and sustainable defence industries in

457 views • 13 slides
cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK

cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK

Building an effective and dynamic cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK and GB&FM BT Security 1 BT Security 2 Our History Rethinking the Risk as a Trusted Security Partner BT

141 views • 10 slides
Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek Ralf Mller Universitt zu Lbeck Institute of Information Systems

605 views • 28 slides
Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010 Philippe Lagadec NATO C3 Agency CAT2 Cyber Defence and Assured Information Sharing Au menu Cyber-Dfense Visualisation CIAP -

306 views • 26 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m

Hands-on Exercises C H I P S T E R A N D F E D E R A T E D C L O U D Slides and Exercises m odified from the CSC presentation (EMBO event) Outline 2 Introduction to Chipster NGS data analysis and visualization Quality control

920 views • 46 slides
Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises

Course setup 9 ec course examination based on computer exercises weekly exercises discussed in tutorial class All course materials (slides, exercises) and schedule via http://www.snn.ru. nl/bertk/machinelearning/ Bert Kappen ML

696 views • 43 slides
WAVEFORM SONAR Mehmet Can Erdem Meteksan Defence, Turkey #UDT2019 Classical Sonar Waveforms

WAVEFORM SONAR Mehmet Can Erdem Meteksan Defence, Turkey #UDT2019 Classical Sonar Waveforms

PERFORMANCE ANALYSIS OF CODED WAVEFORM SONAR Mehmet Can Erdem Meteksan Defence, Turkey #UDT2019 Classical Sonar Waveforms CW : Long pulses reduce range resolution. But Doppler resolution is good FM : Range resolution is good but

419 views • 16 slides
Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib

Cyber Threats Incident Response Model for CNII Organizations Dr. Aswami Ariffin Megat Mutalib Dr. Zahri Yunos Presentation Outline 1. Our Service: CyberDEF (Cyber Defence) 2. Our R&D Product: CMERP (Coordinated Malware Eradication &

605 views • 25 slides
Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence

Japan: Defence and Security Strategic Aim: to be the second closest international defence equipment partner with Japan after the United States How? create a genuine two-way street of defence equipment cooperation including direct

910 views • 18 slides
ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark

ASPI-UNISYS Defence and Security Luncheon 26 May 2011 The 2011-12 Defence Budget Mark Thomson This years defence budget caused considerable alarm in some quarters. One commentator said that cuts to the defence budget announced

599 views • 13 slides

More recommend