Introduction to the Cyber Ranges Chapman & Hall/CRC Cyber-Physical Systems Series Editors: Jyotir Moy Chatterjee Lord Buddha Education Foundation, Kathmandu, Nepal Vishal Jain Sharda University, Greater Noida, India Cyber-Physical Systems: A Comprehensive Guide By: Nonita Sharma, L K Awasthi, Monika Mangla, K P Sharma, Rohit Kumar Introduction to the Cyber Ranges By: Bishwajeet Pandey and Shabeer Ahmad For more information on this series please visit: https://www.routledge.com/Chapman- HallCRC-Cyber-Physical-Systems/book-series/CHCPS?pd=published,forthcoming&pg=1 &pp=12&so=pub&view=list?pd=published,forthcoming&pg=1&pp=12&so=pub&view=list Introduction to the Cyber Ranges Bishwajeet Pandey Shabeer Ahmad First edition published 2022 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2022 Bishwajeet Pandey and Shabeer Ahmad Reasonable efforts have been made to publish reliable data and information, but the author and publisher can- not assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, includ- ing photocopying, microfilming, and recording, or in any information storage or retrieval system, without writ- ten permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or con- tact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 9781032072401 (hbk) ISBN: 9781032251424 (pbk) ISBN: 9781003206071 (ebk) DOI: 10.1201/9781003206071 Typeset in Palatino by KnowledgeWorks Global Ltd. Contents Preface ..............................................................................................................................................xi About the Authors ......................................................................................................................xiii List of Abbreviations ....................................................................................................................xv Glossary ......................................................................................................................................xxiii 1 Introduction .............................................................................................................................1 1.1 CSA ..................................................................................................................................1 1.2 Definition........................................................................................................................3 1.3 Need of CRs ...................................................................................................................5 1.3.1 Use Cases of CRs ..............................................................................................5 1.3.2 Merits of CRs Training ....................................................................................6 1.4 CRaaS ..............................................................................................................................7 1.5 On-Premise CR ..............................................................................................................7 1.6 Types of CRs ..................................................................................................................8 1.7 Conclusions ..................................................................................................................10 References ...............................................................................................................................11 2 Architectural Design and Tools of Cyber Ranges .........................................................13 2.1 Architectural Modules and Their Functions ..........................................................13 2.1.1 Portal ................................................................................................................13 2.1.2 Run-Time Environments ...............................................................................15 2.1.2.1 Emulation-Based Tools ..................................................................15 2.1.2.2 Simulation-Based Tools .................................................................19 2.1.2.3 Traffic Generation Tools ................................................................22 2.1.2.4 Management Tools .........................................................................24 References ...............................................................................................................................25 3 Motivations for Construction of Cyber Ranges .............................................................27 3.1 IT and OT Infrastructures .........................................................................................27 3.1.1 Cybersecurity Challenges to OT/IT Systems ............................................29 3.1.2 Cybersecurity Implementations in OT/IT Systems ..................................30 3.1.2.1 Asset Management .........................................................................30 3.1.2.2 Governance .....................................................................................30 3.1.2.3 Risk Assessment .............................................................................31 3.1.2.4 Cyber-Risk Awareness ...................................................................31 3.1.2.5 Cybersecurity Maintenance ..........................................................31 3.1.2.6 Cyber-Risk Detection .....................................................................32 3.1.2.7 Mitigation of Cyber Risk ...............................................................32 3.1.2.8 Cyber-Risk Analyses ......................................................................33 3.1.3 Need of CRs for WSS .....................................................................................33 3.1.4 Need of CRs for Logistic Systems ...............................................................34 v vi Contents 3.1.5 Need of CRs for Maritime Systems .............................................................36 3.1.6 Need of CRs for O&G Industries .................................................................37 3.1.7 Need of CRs for Power Systems...................................................................38 3.2 Cyberattacks ................................................................................................................39 3.2.1 Cyberattacks on Critical Infrastructures ....................................................41 3.2.2 Cyberthreats to Critical Infrastructures .....................................................42 References ...............................................................................................................................43 4 Types of Cyber Ranges ........................................................................................................47 4.1 Hybrid CRs ..................................................................................................................47 4.1.1 EVA ..................................................................................................................47 4.1.2 DIATEAM CR .................................................................................................49 4.1.3 CRATE .............................................................................................................52 4.2 Physical CRs .................................................................................................................53 4.2.1 SCADA Testbeds ............................................................................................54 4.2.2 SWAT ...............................................................................................................56 4.2.3 WADI ...............................................................................................................57 4.3 Virtual CRs...................................................................................................................59 4.3.1 CYRA ...............................................................................................................60 4.3.2 GISOO ..............................................................................................................62 4.4 CRaaS ............................................................................................................................63 References ...............................................................................................................................65 5 Roles of Cyber Ranges: Testing, Training, and Research ............................................67 5.1 CRs for Testing ............................................................................................................67 5.1.1 Penetration Testing ........................................................................................67 5.1.2 Software Testing ............................................................................................68 5.1.3 Security Testing ..............................................................................................70 5.1.3.1 Threat Model Testing .....................................................................70 5.1.3.2 Web Security Testing .....................................................................70 5.2 CRs for Training ..........................................................................................................72 5.2.1 How to Use CRs for Trainings .....................................................................74 5.2.2 Cybersecurity Awareness Trainings ...........................................................74 5.2.3 Incident Response Trainings ........................................................................75 5.3 CRs for Research .........................................................................................................76 References ...............................................................................................................................77 6 Cybersecurity Exercises and Teams Definition .............................................................79 6.1 Need of CEs .................................................................................................................79 6.2 Life Cycle of a CE ........................................................................................................82 6.3 Steps in Designing of a CE ........................................................................................83 6.4 Different Kinds of Approaches .................................................................................86 6.5 Common Features of a CE .........................................................................................89 6.6 Types of CEs .................................................................................................................89 6.6.1 Examples of CEs .............................................................................................91 6.7 Teams Definition .........................................................................................................92 6.8 Conclusions ..................................................................................................................93 References ...............................................................................................................................93 Contents vii 7 Simulation and Emulation Environments.......................................................................95 7.1 Emulation Environment .............................................................................................95 7.1.1 Need for Emulation Environment ...............................................................95 7.1.2 Types of Emulation Models ..........................................................................97 7.1.3 Emulators ........................................................................................................98 7.1.3.1 Dummynet ......................................................................................98 7.1.3.2 NetEm ..............................................................................................98 7.1.3.3 NIST Net ..........................................................................................99 7.2 Simulation Environment ..........................................................................................100 7.2.1 Need for Simulation Environment ............................................................101 7.2.2 Simulators .....................................................................................................101 7.2.2.1 NS ..................................................................................................102 2 7.2.2.2 NS ..................................................................................................102 3 7.2.2.3 OMNET++ ......................................................................................103 7.2.2.4 QualNet .........................................................................................104 References .............................................................................................................................105 8 Designing a Cyber Range .................................................................................................107 8.1 Planning Phase ..........................................................................................................107 8.1.1 Security Challenges Supported by the CR ...............................................107 8.1.2 Components for CR .....................................................................................109 8.1.3 Defining CR Teams ......................................................................................109 8.2 Architectural Considerations ..................................................................................110 8.3 Implementation Phase ..............................................................................................111 8.3.1 IaC ..................................................................................................................112 References .............................................................................................................................113 9 Military Cyber Ranges ......................................................................................................115 9.1 Need of MCRs............................................................................................................115 9.2 Simulation-Based MCRs ..........................................................................................116 9.2.1 SIMTEX..........................................................................................................116 9.2.1.1 Introduction ..................................................................................116 9.2.1.2 Origin .............................................................................................116 9.2.1.3 Architecture ..................................................................................117 9.2.1.4 Evolution ........................................................................................118 9.2.2 CAAJED .........................................................................................................119 9.2.2.1 Introduction ..................................................................................119 9.2.2.2 Origin .............................................................................................119 9.2.2.3 Architecture ..................................................................................120 9.2.2.4 Evolution ........................................................................................122 9.2.3 SAST ...............................................................................................................122 9.2.3.1 Introduction ..................................................................................122 9.2.3.2 Origin .............................................................................................122 9.2.3.3 Architecture ..................................................................................123 9.2.3.4 Evolution ........................................................................................125 9.2.4 StealthNet ......................................................................................................126 9.2.4.1 Introduction ..................................................................................126 9.2.4.2 Origin .............................................................................................126 viii Contents 9.2.4.3 Architecture ..................................................................................126 9.2.4.4 Evolution ........................................................................................128 9.2.5 Comparison of Simulation-Based MCRs ..................................................129 9.3 Emulation-Based MCRs ...........................................................................................130 9.3.1 NCR ................................................................................................................130 9.3.1.1 Introduction ..................................................................................130 9.3.1.2 Origin .............................................................................................131 9.3.1.3 Architecture ..................................................................................131 9.3.1.4 Evolution ........................................................................................132 9.3.2 JIOR ................................................................................................................133 9.3.2.1 Introduction ..................................................................................133 9.3.2.2 Origin .............................................................................................133 9.3.2.3 Architecture ..................................................................................134 9.3.2.4 Evolution ........................................................................................134 9.3.3 DoD CSR........................................................................................................135 9.3.3.1 Introduction ..................................................................................135 9.3.3.2 Origin .............................................................................................135 9.3.3.3 Architecture ..................................................................................136 9.3.3.4 Evolution ........................................................................................136 9.3.4 Comparison of Emulation-Based MCRs ...................................................137 9.4 MACRs ........................................................................................................................138 9.4.1 USMA IWAR ................................................................................................138 9.4.1.1 Introduction ..................................................................................138 9.4.1.2 Origin .............................................................................................138 9.4.1.3 Architecture ..................................................................................138 9.4.1.4 Evolution ........................................................................................140 9.4.2 Estonian CR ..................................................................................................140 9.4.2.1 Introduction ..................................................................................140 9.4.2.2 Origin .............................................................................................140 9.4.2.3 Architecture ..................................................................................141 9.4.2.4 Evolution ........................................................................................142 9.4.3 KYPO Czech .................................................................................................142 9.4.3.1 Introduction ..................................................................................142 9.4.3.2 Origin .............................................................................................142 9.4.3.3 Architecture ..................................................................................143 9.4.3.4 Evolution ........................................................................................143 9.4.4 Comparison of MACRs ...............................................................................144 References .............................................................................................................................144 10 Existing Cyber Ranges in Academic Sector ..................................................................147 10.1 Simulation-Based ACRs ...........................................................................................147 10.1.1 SECUSIM .......................................................................................................147 10.1.1.1 Introduction ..................................................................................147 10.1.1.2 Terminologies ...............................................................................148 10.1.1.3 Architecture ..................................................................................149 10.1.2 RINSE ............................................................................................................150 10.1.2.1 Introduction ..................................................................................150 10.1.2.2 Architectural and Business Influences .....................................151 10.1.2.3 Architecture ..................................................................................151 Contents ix 10.1.3 netEngine ......................................................................................................152 10.1.3.1 Introduction ..................................................................................152 10.1.3.2 Architecture ..................................................................................153 10.1.4 OPNET CR ....................................................................................................154 10.1.4.1 Introduction ..................................................................................154 10.1.4.2 Architecture ..................................................................................155 10.1.4.3 Simulation Workflow ...................................................................156 10.1.5 Concordia Consortium................................................................................157 10.1.5.1 KYPO CR .......................................................................................158 10.1.5.2 TELECOM Nancy CR ..................................................................158 10.1.5.3 RISE CR ..........................................................................................158 10.1.5.4 Airbus CR ......................................................................................159 10.1.5.5 CODE CR .......................................................................................159 10.1.6 Comparison of Simulation-Based ACRs ...................................................159 10.2 Emulation-Based ACRs ............................................................................................161 10.2.1 VCSTC ............................................................................................................161 10.2.1.1 Introduction ..................................................................................161 10.2.1.2 Architecture ..................................................................................161 10.2.2 LARIAT .........................................................................................................162 10.2.2.1 Introduction ..................................................................................162 10.2.2.2 Architecture ..................................................................................163 10.2.3 Emulab ...........................................................................................................163 10.2.3.1 Introduction ..................................................................................163 10.2.3.2 Architecture ..................................................................................164 10.2.4 DETER ...........................................................................................................165 10.2.4.1 Introduction ..................................................................................165 10.2.4.2 DETERlab ......................................................................................166 10.2.4.3 Architecture ..................................................................................167 10.2.5 Virginia CR ...................................................................................................168 10.2.5.1 Introduction ..................................................................................168 10.2.5.2 Architecture ..................................................................................168 10.2.6 Comparison of Emulation-Based ACRs ...................................................170 References .............................................................................................................................171 Index .............................................................................................................................................175