defence exercises in a cyber range
play

Defence Exercises in a Cyber Range Frontiers in Education 2017 - PowerPoint PPT Presentation

Dec 04, 2023 •276 likes •451 views

Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal Masaryk University, Brno Who am I? Post-doc researcher with KYPO academic cloud-based cyber range.

  1. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range Frontiers in Education 2017 October 21, 2017 Jan Vykopal Masaryk University, Brno

  2. Who am I?  Post-doc researcher with KYPO – academic cloud-based cyber range.  Ph.D. graduate in flow-based intrusion detection.  Founder and head of a certified university operational security team.  Coordinator and designer of hands-on training session at KYPO platform. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 2 Jan Vykopal, Masaryk University

  3. Outline  Red vs. Blue team exercise format  Who is who – team roles  Cyber range  Defence exercise in a cyber range  Exercise lifecycle – from preparation to evaluation and repetition  Lessons learned – different viewpoints:  Learners  Exercise content  Exercise infrastructure  Conclusion and future work Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 3 Jan Vykopal, Masaryk University

  4. Red vs. Blue team exercise format Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 4 Jan Vykopal, Masaryk University

  5. Cyber range Dedicated HW Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 5 Jan Vykopal, Masaryk University

  6. Example of a defence exercise in a cyber range  Topic: defending critical IT infrastructure with SCADA/ICS systems against skilled and coordinated attackers  Learners play a role of members of emergency security teams.  Their tasks:  Secure their network and services.  Investigate possible data exfiltrations.  Collaborate with the coordinator, law enforcement agencies and media.  Schedule:  Day 1 – familirization with the infrastructure and rules; no attacks  Day 2 – actual intensive exercise; no breaks Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 6 Jan Vykopal, Masaryk University

  7. Exercise scenario Follows common attack phases: 1. reconnaissance the victim's network 2. exploitation of the unveiled vulnerabilities 3. escalation of privileges on compromised computers and further exploitation 4. completing attackers' mission (e. g., shutdown a control system) Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 7 Jan Vykopal, Masaryk University

  8. General requirements for a cyber range  One sandbox for each team with exercise network interconnecting all virtual hosts that have to be defended by learners.  Monitoring and logging system  Each host in the sandbox sends logs to the central server for further analysis.  State of the host's network services is periodically checked and logged.  Scoring system  Provides instant feedback to participants during exercise.  Penalty and award points are computed automatically from events processed by the logging infrastructure or entered manually. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 8 Jan Vykopal, Masaryk University

  9. Cyber defence exercise lifecycle Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 9 Jan Vykopal, Masaryk University

  10. Lessons learned - preparation  Setting learning objectives with respect to the expected readiness of prospective learners  Organizers have limited information about learners' skills before the exercise.  Ask for self-assessment or taking part in a test before the exercise.  Creating balanced teams  If some learners are experts in one area, distribute them to all teams equally and complement them with experts in another area.  Sandbox configuration documents  Continually update specification of systems, network and vulnerabilities.  Do not use static documentation, but automation tool such as Ansible. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 10 Jan Vykopal, Masaryk University

  11. Lessons learned – dry run  Adjusting the scoring system based on the dry run might be misleading  Expertise and size of the Blue teams participating in the dry run may be different.  Think about various conditions and events that may not happen in the execution . Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 11 Jan Vykopal, Masaryk University

  12. Lessons learned – execution I  Level of guidance by organizers  Provide some hints to keep learners in flow and not to get frustrated.  The guidance should be provided to all teams equally to preserve fair play.  Exercise situational awareness for learners  Might be contradictory to the aim and nature of cyber defence exercise.  Provide only a basic indication of the learners’ performance by displaying a real-time total score of all teams on a shared scoreboard.  It also fuels participants with stress as well as a competitive mood. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 12 Jan Vykopal, Masaryk University

  13. Lessons learned – execution II  Exercise situational awareness for organizers  Familirization period: monitoring the infrastructure enables the White team to provide hints for Blue teams if they unintentionally misconfigure their services.  Actual exercise: White team needs to know if some event reported by the Blue teams is a part of the exercise or outage of the infrastructure (cyber range).  Automation of the attacks and injects  A need for semi-automated routines that execute attacks and injects in predefined order (=> master’s thesis ).  A need for a generator of network traffic that can emulate typical users.  Service access to the exercise's infrastructure  Clearly define what is it and how to distinguish it from a ordinary traffic and attacks by Red team. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 13 Jan Vykopal, Masaryk University

  14. Lesson learned - evaluation  Ask learners what they want to know  Prepare a questionnaire that is distributed before the evaluation workshop and tailor the content based on their input.  Learning also happens in this phase  Evaluation workshop reveals the exercise scenario and timeline from the perspective of the Red and White team.  The only opportunity when the learners can authoritatively learn about attacks.  Provide a hand-out with best practices that might be useful in the daily routine. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 14 Jan Vykopal, Masaryk University

  15. Conclusions Exercise lifecycle Preparation Dry run Execution Evaluation Repetition Each phase brought several lessons from educational and technical perspectives. Follow-up work - two papers accepted for SIGCSE 2018 :  Prerequisite testing of cybersecurity skills  Timely feedback to learners (just after the exercise) Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range 15 Jan Vykopal, Masaryk University

  16. QUESTIONS? THANKS FOR YOUR ATTENTION! www.kypo.cz Jan Vykopal @csirtmu vykopal@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

644 views • 19 slides
Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan

Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan

Evaluation of Cyber Defense Exercises Using Visual Analytics Process Radek Olejek, Jan Vykopal, Karolna Bursk , and Vt Rusk IEEE Frontier in Education Conference, San Jose, USA, 2018 1 KYPO Cyber Range Cloud-based simulator

538 views • 14 slides
Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference

Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference

NATO Command, Control and Consultation Agency Cyber Defence Data Exchange and Collaboration Infrastructure 22 nd Annual FIRST Conference Miami, 13-18 June 2010 Luc Dandurand CAT 2 Cyber Defence and Assured Information Sharing NATO

671 views • 10 slides
The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can

The future of cyber security exercises more than just education? The Problem: how can we run large cyber security exercises once a week? 2 Stepping back Looking at the configuration management problem, e.g., the gap

749 views • 20 slides
Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use of Cyberspace Major General J Shaw ACDS(GI) DEFENCE CYBER OPERATIONS GROUP What is Cyberspace? A global domain within the information

558 views • 8 slides
KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark

KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark

KYPO Cyber Range Design and Use Cases ICSOFT CONFERENCE 24.7.-26.7. 2017 Daniel Tovark Masaryk University (ICS) tovarnak@ics.muni.cz Cyber Ranges Cyber Range is a platform for cyber security research and education it is a

1.1k views • 18 slides
What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20

What We Learn from Cyber Exercises, or Not Jim Duncan CSIRT Coordinator, BB&T 2007 June 20 2007 FIRST Annual Technical Conference Sevilla, Espaa Overview Background Purpose of exercises Examples of what we can

351 views • 23 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University of Cincinnati About This Seminar Designed for everyday cyber citizens Online Webinar 2 hour Presentation 10 Minute break

607 views • 57 slides
The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander

The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander

The Cyber Landscape Ikahan Seminar Jakarta April 2019 Commodore James McCormack RAN Commander Defence SIGINT and Cyber Command Scope What is cyber Cyber 101. The Conceptual Framework The nature of the cyber threat problem.

753 views • 12 slides
Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO,

Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO,

Seminar Whats your cyber defence? Thursday 27 February 2020 Welcome Jerry Moriarty CEO, IAPF House keeping NOTE EMERGENCY EXITS PUT MOBILE DEVICES ON SILENT FILL IN EVALUATION FORMS DOWNLOAD PRESENTATIONS AT WWW.IAPF.IE Whats your

821 views • 32 slides
Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques

Current Trends in Cyber Security Course on Cyber Attack Detection & Mitigation Techniques (NIT-K) S. K. Pal Defence Research & Development Organization (DRDO) SAG, Metcalfe House, Delhi 27-Jul-2020 1 What is Cyberspace? Refers to

766 views • 17 slides
WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison

WELCOME Les Shearn Alliance Facilitator Defence Teaming Centre Defence Industry Liaison Officer - Defence SA 1 DEFENCE SA A SOUTH AUSTRALIAN GOVERNMENT AGENCY MISSION Facilitate the growth of Defence and sustainable defence industries in

457 views • 13 slides
cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK

cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK

Building an effective and dynamic cyber defence capability: A practitioners perspective Luke Beeson, Vice President Security UK and GB&FM BT Security 1 BT Security 2 Our History Rethinking the Risk as a Trusted Security Partner BT

141 views • 10 slides
Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek Ralf Mller Universitt zu Lbeck Institute of Information Systems

605 views • 28 slides
Daya Bay Antineutrino Detector: Testing and Commissioning Dan Dwyer (for the Daya Bay

Daya Bay Antineutrino Detector: Testing and Commissioning Dan Dwyer (for the Daya Bay

Daya Bay Antineutrino Detector: Testing and Commissioning Dan Dwyer (for the Daya Bay Collaboration) Caltech Oct. 12, 2009 Daya Bay Antineutrino Detector Testing Dan Dwyer 1/14 DBD09: Oct. 12, 2009 Anti-neutrino Detector - Progress of AD

427 views • 14 slides
Middle Illinois River TMDLs and Load Reduction Strategies IMPLEMENTATION PLANNING Jennifer

Middle Illinois River TMDLs and Load Reduction Strategies IMPLEMENTATION PLANNING Jennifer

Middle Illinois River TMDLs and Load Reduction Strategies IMPLEMENTATION PLANNING Jennifer Olson, Tetra Tech, Inc. Jennifer Clarke, Illinois EPA Chris Urban, US EPA September 6, 2012 Presentation Overview Project Area TMDL Analysis

326 views • 21 slides
Presentation Techniques Organisations need to ensure that their staff have excellent

Presentation Techniques Organisations need to ensure that their staff have excellent

Presentation Techniques Organisations need to ensure that their staff have excellent presentation skills and it is a critical skill to possess. When time is short, decisions have to be made, business to be won, ideas to demonstrate, and

564 views • 7 slides
Presentation to Judges for CEF /Specify Construction Excellence Award Gerard Graham MSc MCIOB

Presentation to Judges for CEF /Specify Construction Excellence Award Gerard Graham MSc MCIOB

Presentation to Judges for CEF /Specify Construction Excellence Award Gerard Graham MSc MCIOB Procurement & HSQE Management Wilson Construction Presentation to Judges for CEF / Specify Construction Excellence Award 1 st August 2014 Agenda

177 views • 17 slides
Public Transportation Improvement Plan Advisory Committee October 26, 2017 Meeting Agenda

Public Transportation Improvement Plan Advisory Committee October 26, 2017 Meeting Agenda

Public Transportation Improvement Plan Advisory Committee October 26, 2017 Meeting Agenda Welcome, introductions & agreements HB 2017 Committee purpose & schedule Funding allocations & projected revenue

572 views • 38 slides
Board of Trustees Meeting July 25, 2019 Audio Recording in Progress AHS Board of Trustees

Board of Trustees Meeting July 25, 2019 Audio Recording in Progress AHS Board of Trustees

PLEASE USE MICROPHONE Board of Trustees Meeting July 25, 2019 Audio Recording in Progress AHS Board of Trustees Meeting CEO REPORT JULY 25, 2019 2 Updates 01 01 02 02 03 03 04 04 True North System SAPPHIRE Closing Metrics

491 views • 20 slides
Sydney eScholarship Repository and DSpace Sten Christensen & Gary Browne Sydney eScholarship

Sydney eScholarship Repository and DSpace Sten Christensen & Gary Browne Sydney eScholarship

Sydney eScholarship Repository and DSpace Sten Christensen & Gary Browne Sydney eScholarship Repository Software: DSpace Version: 1.4.1 Standard customisations ses.library.usyd.edu.au Sydney eScholarship Repository An open access

363 views • 9 slides
DSpace-CRIS: an Open Source Solution for Research Michele Mennielli, Andrea Bollini, Susanna

DSpace-CRIS: an Open Source Solution for Research Michele Mennielli, Andrea Bollini, Susanna

#THETA2015 DSpace-CRIS: an Open Source Solution for Research Michele Mennielli, Andrea Bollini, Susanna Mornati This work is licensed under a Crea ve Commons A ribu on 4.0 Interna onal License.

848 views • 36 slides

More recommend