Living our Mission: Circadence Collaborates with Academia and Army to Support Cyber Range Virtual Environment Replication and Construction with N/CRAF

  • June 12, 2020

Circadence announced in May 2020 the latest development of an automated network mapping tool for IT use, based on collaborative work with Mississippi State University engineers and researchers. Circadence has had a six-year partnership with the university and the Threat Systems Management Office of Redstone Arsenal (TSMO) and has worked on several projects over the years to solve challenges related to National Defense. We sat down with two of our Circadence personnel: Dwayne Cole, the JMN NOSC (Network Operation and Security Center) Operations Manager and Craig Greenwood, Project Manager with Opposition Force/Advanced Red Team Intrusion Capabilities to understand more about the tool and learn about the benefits it provides to the technology community at large.

The Netmapper/Cyber Range Automation Framework (N/CRAF) project started as two separate projects, Netmapper and CRAF. The projects were recently combined to form a new tool integrating two previously independent efforts:

  • Netmapper — Commissioned by TSMO, developed by Circadence in collaboration with Mississippi State University (MSU) Center for Cyber Innovation (CCI). Netmapper is a graphical tool for the scanning and configuration collection of network infrastructure and integration with NOSC automation.

 

  • Cyber Range Automation Framework (CRAF) — Developed by NOSC engineers to meet mission requirements for rapid and repeatable deployment and configuration of virtual environments. CRAF uses Ansible and other open source tools to instantiate virtual environments.

ncraf logo

N/CRAF Netmapper/Cyber Range Automation Framework is the enabling mechanism for effecting physical resource provisioning and virtual environment instantiation in a rapid and repeatable fashion. It supports the full lifecycle of cyber range virtual environment events.

The Netmapper project was born out of the need to improve the accuracy of Cyber Range emulated network environments. Craig noted that before N/CRAF, range environments were built from a subject matter expert’s assumption/belief of what their network looked like but inevitably those assumptions were never 100% correct. The network mapping process previously required a network administrator or engineer to draw a picture/map of the network which became the basis of virtualize environment used in the exercise(s). One can understand how there was room for error in this manual process – at the least, a small level of concern as to whether a network drawing and virtualization of it was indeed as realistic and accurate as possible.

As a result, Craig says, professionals training in the cyber range environments weren’t actually training on networks that were as ‘close to the real thing’ as possible. There was room to improve.

When automation engineers have real-world scanned networks as a reference, they can more accurately emulate the customers environment. Simply put, as Craig notes, “we took the assumption out of network mapping” with N/CRAF. Now the training moves ever closer to real world environment.

“Imagine scanning a network to extract the DNA which can be used to clone and re-build it” Circadence’s Dwayne Cole describes.

Combining the two programs (Netmapper and CRAF) enabled an iterative approach to cyber range environment build out that also drastically improved the end product. The scanning technology helps the automation engineers verify what they have built; it adds a check for the automation framework. It also can be used by the customer to validate the environment. The customer can easily compare the original design or scan versus the final emulated environment hosted on the Cyber Range.

With N/CRAF, it becomes easier for engineers to share their network models with one another and build out high fidelity networks to facilitate technologies assessments. N/CRAF saves everything to a single XML file to include all the configuration data.  The tool also supports merging and diff’ing the output files. The merge capability allows the engineer to take parts and pieces from other networks or events to add to the current event. This allows the engineers to build special purpose network sections, like synthetic internet or traffic generation, that can be reused/added to current event. N/CRAF is a force multiplier, it enables repeatable, tedious deployment and configuration tasks and improves the reuse of detailed environments for multiple users to train within.

The tool is currently undergoing an accreditation process and is being demoed within defense departments with the goal to deploy it as a standardized tool across various agencies. The potential for the tool to be used in more commercial applications is promising as well.

To read the project announcement issued by Mississippi State University, read the news release: https://www.msstate.edu/newsroom/article/2020/04/msu-circadence-partner-create-virtual-cyber-defense-tool.