Successfully reported this slideshow.
Your SlideShare is downloading. ×

Building a Cyber Range for training Cyber Defense Situation Awareness

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 17 Ad
Advertisement

More Related Content

Slideshows for you (19)

Similar to Building a Cyber Range for training Cyber Defense Situation Awareness (20)

Advertisement

More from Thibault Debatty (15)

Recently uploaded (20)

Advertisement

Building a Cyber Range for training Cyber Defense Situation Awareness

  1. 1. Building a Cyber Range for training CyberDefense Situation Awareness Thibault Debatty, Wim Mees Cyber Defense Lab, Royal Military Academy, Belgium ICMCIS2019
  2. 2. Building a Cyber Range for training Cyber Defense Situation Awareness 2 Context Cyber is ● Complex ● Rapidly evolving ● Highly concurrent
  3. 3. Building a Cyber Range for training Cyber Defense Situation Awareness 3 Context Efficient Cyber Defense training requires: ● Simulate large and complex networks and situations ● Train more than just technical skills
  4. 4. Building a Cyber Range for training Cyber Defense Situation Awareness 4 What should be trained? Boyd and Endsley decision making model
  5. 5. Building a Cyber Range for training Cyber Defense Situation Awareness 5 Boyd and Endsley decision making model
  6. 6. Building a Cyber Range for training Cyber Defense Situation Awareness 6 Boyd and Endsley decision making model Level 1 : perception ● Correct, real-time perception of the situtation ● E.g. SIEM ● Can be insufficient due to: – Information unavailable – Misinterpreted – Forgotten – Not seen...
  7. 7. Building a Cyber Range for training Cyber Defense Situation Awareness 7 Boyd and Endsley decision making model Level 2 : comprehension ● Impact on our goals and objectives ● E.g. High-level report ● Can be insufficient due to: – Missing model (lack of technical training or experience) – Incorrect model (self-confidence or reliance on defaults)
  8. 8. Building a Cyber Range for training Cyber Defense Situation Awareness 8 Boyd and Endsley decision making model Level 3 : projection ● Extrapolate into the future ● Can be insufficient due to: – Missing model (lack of technical training or experience) – Incorrect model (self-confidence or reliance on defaults) – Reliance on current trends
  9. 9. Building a Cyber Range for training Cyber Defense Situation Awareness 9 Individual CDSA training ● Perception (technical) skills ● Task management skills ● Comprehension skills ● Projection skills
  10. 10. Building a Cyber Range for training Cyber Defense Situation Awareness 10 Team CDSA training ● Communicate actions ● Communicate intentions ● Actively gather more information ● Manage peak workloads ● Shift responsabilities
  11. 11. Building a Cyber Range for training Cyber Defense Situation Awareness 11 Cyber Range Implementation
  12. 12. Building a Cyber Range for training Cyber Defense Situation Awareness 12 Cyber Range Implementation
  13. 13. Building a Cyber Range for training Cyber Defense Situation Awareness 13 Cyber Range Implementation ● Text definition of scenarios ● Variable number of trainees ● Vagrant images ● Extensive VM configuration (hardware, OS, software)
  14. 14. Building a Cyber Range for training Cyber Defense Situation Awareness 14 Example : individual CDSA
  15. 15. Building a Cyber Range for training Cyber Defense Situation Awareness 15 Example : team CDSA
  16. 16. Building a Cyber Range for training Cyber Defense Situation Awareness 16 Future work ● Other hypervisors ● Better interface ● More scenarios ● Federated cyber ranges ● Scripted events and attacks ● Automatic and non intrusive evaluation
  17. 17. Building a Cyber Range for training Cyber Defense Situation Awareness 17 Questions...

×