Living our Mission: Circadence Collaborates with Academia and Army to Support Cyber Range Virtual Environment Replication and Construction with N/CRAF

Circadence announced in May 2020 the latest development of an automated network mapping tool for IT use, based on collaborative work with Mississippi State University engineers and researchers. Circadence has had a six-year partnership with the university and the Threat Systems Management Office of Redstone Arsenal (TSMO) and has worked on several projects over the years to solve challenges related to National Defense. We sat down with two of our Circadence personnel: Dwayne Cole, the JMN NOSC (Network Operation and Security Center) Operations Manager and Craig Greenwood, Project Manager with Opposition Force/Advanced Red Team Intrusion Capabilities to understand more about the tool and learn about the benefits it provides to the technology community at large.

The Netmapper/Cyber Range Automation Framework (N/CRAF) project started as two separate projects, Netmapper and CRAF. The projects were recently combined to form a new tool integrating two previously independent efforts:

  • Netmapper — Commissioned by TSMO, developed by Circadence in collaboration with Mississippi State University (MSU) Center for Cyber Innovation (CCI). Netmapper is a graphical tool for the scanning and configuration collection of network infrastructure and integration with NOSC automation.

 

  • Cyber Range Automation Framework (CRAF) — Developed by NOSC engineers to meet mission requirements for rapid and repeatable deployment and configuration of virtual environments. CRAF uses Ansible and other open source tools to instantiate virtual environments.

ncraf logo

N/CRAF Netmapper/Cyber Range Automation Framework is the enabling mechanism for effecting physical resource provisioning and virtual environment instantiation in a rapid and repeatable fashion. It supports the full lifecycle of cyber range virtual environment events.

The Netmapper project was born out of the need to improve the accuracy of Cyber Range emulated network environments. Craig noted that before N/CRAF, range environments were built from a subject matter expert’s assumption/belief of what their network looked like but inevitably those assumptions were never 100% correct. The network mapping process previously required a network administrator or engineer to draw a picture/map of the network which became the basis of virtualize environment used in the exercise(s). One can understand how there was room for error in this manual process – at the least, a small level of concern as to whether a network drawing and virtualization of it was indeed as realistic and accurate as possible.

As a result, Craig says, professionals training in the cyber range environments weren’t actually training on networks that were as ‘close to the real thing’ as possible. There was room to improve.

When automation engineers have real-world scanned networks as a reference, they can more accurately emulate the customers environment. Simply put, as Craig notes, “we took the assumption out of network mapping” with N/CRAF. Now the training moves ever closer to real world environment.

“Imagine scanning a network to extract the DNA which can be used to clone and re-build it” Circadence’s Dwayne Cole describes.

Combining the two programs (Netmapper and CRAF) enabled an iterative approach to cyber range environment build out that also drastically improved the end product. The scanning technology helps the automation engineers verify what they have built; it adds a check for the automation framework. It also can be used by the customer to validate the environment. The customer can easily compare the original design or scan versus the final emulated environment hosted on the Cyber Range.

With N/CRAF, it becomes easier for engineers to share their network models with one another and build out high fidelity networks to facilitate technologies assessments. N/CRAF saves everything to a single XML file to include all the configuration data.  The tool also supports merging and diff’ing the output files. The merge capability allows the engineer to take parts and pieces from other networks or events to add to the current event. This allows the engineers to build special purpose network sections, like synthetic internet or traffic generation, that can be reused/added to current event. N/CRAF is a force multiplier, it enables repeatable, tedious deployment and configuration tasks and improves the reuse of detailed environments for multiple users to train within.

The tool is currently undergoing an accreditation process and is being demoed within defense departments with the goal to deploy it as a standardized tool across various agencies. The potential for the tool to be used in more commercial applications is promising as well.

To read the project announcement issued by Mississippi State University, read the news release: https://www.msstate.edu/newsroom/article/2020/04/msu-circadence-partner-create-virtual-cyber-defense-tool.

 

 

 

Cyber Ranges and How They Improve Security Training

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed by government agencies looking to better train their cyber operators on new skills and techniques. To do this, a physical range or ranges were installed on-premise.  Cyber range providers built representations of actual networks, systems, and tools that helped cyber professionals safely train in virtual, secure environments without compromising the agency’s operational network infrastructure.

Today, cyber ranges are used in the cyber security sector to effectively train IT professionals in all industries and help improve defenses against cyberattacks. As technology advanced, cyber range training advanced as well, both in scope and potential. More on this later. 

To schedule a demo of Circadence’s cyber range platform, visit https://www.circadence.com/request-a-demo/

The National Initiative for Cybersecurity Education reports that cyber ranges provide:

  • An environment where new ideas can be tested safely and teams and work to solve complex cyber problems
  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience

Most cyber ranges come in one of two forms: A network environment without pre-programmed content; or a network environment with prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop enriched skill sets beyond what their specific work role may dictate.  

UNDERSTANDING & EVOLVINGCYBER RANGES IN A BOX 

Typically, Cyber range in a boxhas been a collection of virtual machines hosted on an on-premise systemHowever, Circadence has taken the concept of a cyber range in a box and placed it the cloud to better scale cyber training. We lovingly call this CyRaaS, or Cyber Range-as-a-Service, which is integrated into our Project Ares cyber learning platform.

Instead of purchasing a physical set of machines to take up space in a room, virtual machines exist in the cloud and can be accessed by more professionals from any location who want to train persistently and develop cyber skills. The cloud is recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure cyber ranges spin up environments quickly, deliver the latest training content, and engage users in productive training activitiesaccessing cyber ranges in the cloud is the latest and greatest approach for professionals training in ‘sandbox’ environments. 

in-game-screeenshot-of-network-map

By offering cloud based, cyber range in a box services to support cyber training in Project Ares, we are able to deliver more relevant tools and technologies to help professionals gain the best cyber security training possible

The service allows Project Ares to emulate industry-relevant network configurations within learning activities that help trainees practice defensive tactics. Cloud-based cyber ranges also offer hands-on keyboard experience with real world tools and emulated network traffic to reflect the authentic feeling of an actual cyberattack.  

Advances in Artificial Intelligence and machine learning allow us to use cloud ranges to their full potential by tracking patterns in training data to reveal player learning progression with minimal human intervention and oversight. Those patterns are then used to inform the recommendations of an in-game advisor (Athena) that has chat bot functionality so players can get help on cyber range training activities in the platformFurther, cloud-based cyber range training gives security professionals better predictive capabilities when defending and anticipating threats—and according to Microsoft, even  “improve the efficacy of cyber security, the detection of hackers, and prevent attacks before they occur.” 

GAMIFIED CYBER RANGES

Not only have we taken physical cyber ranges and placed them in the cloud but we’ve added in elements of gamification to further drive the effectiveness of cyber training. 

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with sets of gamified elements (e.g. leaderboards, scoring mechanisms, points, badges, levels, etc.). Project Ares has a series of cyber learning games that teach foundational cyber concepts and termsbattle rooms that teach tools, tactics, and procedures, and team-based missions that bring learning full circle when players are tasked with defending against a realistic cyber threat scenario.  This level of cyber learning is done in the cloud so professionals can work together from anywhere in the world to collaborate and defeat modern-day attacks.  

We hope this post helped you understand the true potential of cyber ranges in the cloud and how they are evolving today to automate and augment cyber workforce training and learning.  

REQUEST A DEMO

Modernizing Cyber Ranges

Cyber ranges were initially developed for government entities looking to better train their workforce with new skills and techniques. Cyber ranges provide representations of actual networks, systems, and tools for novice and seasoned cyber professionals to safely train in virtual environments without compromising the safety and security of their own networks.

Today, cyber ranges are known to effectively train the cyber workforce across industries. As technology advances, ranges gain in their training scope and potential. The National Initiative for Cybersecurity Education reports cyber ranges provide:

  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience
  • An environment where new ideas can be tested and teams and work to solve complex cyber problems

In order to upskill cybersecurity professionals, commercial, academic, and government institutions have to gracefully fuse the technicalities of the field with the strategic thinking and problem-solving “soft skills” required to defeat sophisticated attacks. Cyber ranges can help do that.

Currently, cyber ranges come in two forms: Bare environments without pre-programmed content; or prescriptive content that may or may not be relevant to a user’s industry. Either form limits the learner’s ability to develop many skill sets, not just what their work role requires.

Six Components of Modern Cyber Ranges

Modern cyber ranges need realistic, industry-relevant content to help trainees practice offense and defense and governance activities in emulated networks. Further cyber ranges need to allow learners to use their own tools and emulated network traffic in order to expand the realism of the training exercise. By using tools in safe replicated networks, learners will have a better understanding of how to address a threat when the real-life scenario hits.

We also know that cybersecurity attacks require teams to combat them, not just one or two individuals. So, in addition to individual training, cyber ranges should also allow for team training and engagement for professionals to learn from one another and gain a bigger picture understanding of what it REALLY takes to stop evolving threats.

With advances in Artificial Intelligence (AI), we know cyber ranges can now support such technology. In the case of our own Project AresÒ, we are able to leverage AI and machine learning to gather user data and activity happening in the platform. As more users play Project Ares, patterns in the data reveal commonalities and anomalies of how missions are completed with minimal human intervention. Those patterns are used to inform the recommendations of an in-game advisor with “chat bot-esque” features available for users to contact if help is needed on a certain activity or level. Further, layering AI and machine learning gives cyber professionals better predictive capabilities and, according to Microsoft, even  “improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.”

With many studies touting the benefits of gamification in learning, it only makes sense that modern ranges come equipped with a gamified element. Project Ares has a series of mini-games, battle rooms, and missions that help engage users in task completion—all while learning new techniques and strategies for defeating modern-day attacks. The mini-games help explain cyber technical and/or operational fundamentals with the goal of providing fun and instructional ways to learn a new concept or stay current on perishable skills. The battle rooms are environments used for training and assessing an individual on a set of specific tasks based on current offensive and defensive tactics, techniques and procedures. The missions are used for training and assessing an individual or team on their practical application of knowledge, skills and abilities in order to solve a given cybersecurity problem set, each with its own unique set of mission orders, rules of engagement and objectives.

There is a lot of sensitive data that can be housed in a cyber range so security is the final piece to comprising a modern cyber range. The cloud is quickly recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure the cyber ranges are operating quickly with the latest updates and to increase visibility of how users are engaging in the cyber ranges across the company, security in the cloud is the latest and greatest approach for users training in test environments.

There you have it. The next generation cyber range should have:

  • Industry-relevant content
  • Emulated network capabilities
  • Single and multi-player engagement
  • AI and machine learning
  • Gamification
  • Cloud-compatibility

We are proud to have pioneered such a next generation cyber range manifest in many of our platforms including (as mentioned above), Project Ares®, and CyRaaSTM. We hope this post helped you understand the true potential of cyber ranges and how they are evolving today to automate and augment the cyber workforce.