During 2021, ransomware attacks increased by 151 percent, organizations experienced an average of 270 attacks, and two-thirds of companies are struggling to respond to a cybersecurity incident due to skills shortages within their teams. This is revealed by statistics reported in the Global Cybersecurity Outlook 2022, an annual report by the World Economic Forum.
A trend that had been highlighted as early as September by the Clusit 2021 Report on ICT Security in Italy, according to which 24 percent more attacks were launched in the first half of 2021 than in the same period of the year .
Organizations and companies are struggling to respond to increasingly sophisticated and devastating cyber threats. Blame the few economic and human resources deployed in cyber defense and an IT culture that is often not up to the new challenges. But above all, poor training in responding to and handling attacks that can jeopardize crucial systems and infrastructure. It is precisely to improve resilience on the part of businesses and institutions that cyber ranges are born. As defined by the Cybersecurity Organization, a cyber range is a platform for the development, delivery and use of interactive simulation environments. A product that, through a simulation in which mainly two groups of actors – (defense) and a Red team (attack) – participate, allows the validity of protection strategies to be verified, appropriate defense procedures to be developed, and cybersecurity personnel to be trained: a tool that allows those who use it to understand, thanks to simulations using a digital copy, the digital twin, isolated from the real system, what exactly happens during a cyber attack and to take the necessary countermeasures. Thus, a way to develop skills and knowledge suitable for dealing with cyber threats.
“The real problem with cyber defense is that companies don’t know what it’s like to actually operate under an attack until they are affected,” explains Fabio Cocurullo, VP Grants Collaboration & Projects in the Cyber & Security Solutions Division of Leonardo Vice President of Cyber 4.0 -. They don’t know how to communicate it, they don’t know if they have proper procedures or proper skills to respond to it. So they don’t know how strong the resilience of their infrastructure really is.”
Cyber ranges come to their rescue as they allow them to “practice, assess skills on real scenarios, test and develop attack management procedures, and analyze particularly complex cyber issues. The benefits of a cyber range are really numerous. And those who try it claim to be enthusiastic.”
According to a report produced by Cyber Security for Europe in February 2019, cyber ranges are being used not only to develop the skills and knowledge of individuals, but also to train and coach organizations, companies and service providers to develop cyber resilience.
Leonardo has developed its own proprietary solution, Leonardo Cyber Range & Training, which can create an interactive, emulated representation of a system, including network and traffic emulation, enabling the execution of cyber attacks and defense activities in a controlled environment. The product, developed by a team led by Fabio Cocurullo, was successfully deployed in a cyber contest held on Nov. 17, 2021 at ADIPEC, the oil and gas expo held in Abu Dhabi, pitting cyber security professionals from leading international companies against each other. “We carried out a scenario involving an attack on an oil facility with pumps and displacement and refining arrangements,” Cocurullo says. “In that case, the exercise lasted a few hours, but there were others that lasted as long as three or five days, in which the participants were so immersed in the contest that they even lost track of the fact that it was a simulation.
There are many cyber range platforms currently in use. Masaryk University in Brno, Czech Republic, has developed its own and released it in open source for educational purposes for students and professionals. KYPO Cyber Range, that’s the name of the platform “is based on several years of experience using cyber range in education, training and cyber defense exercises,” is found on the portal of the Cybersecurity Competence Network Concordia Ecosystem.
Federations: a growth opportunity for the cyber range
In recent years, organizations and professionals active in cybersecurity have been debating around the need to build federations of cyber ranges that would enable the development of broader and more complex, sophisticated and specialized scenarios both vertically and horizontally, integrate different environments, with more advanced capabilities and with sustainable costs since they are not entirely in the hands of a single entity. Indeed, the development and management of a cyber range requires significant investment in technology and professionalism. The creation of an expanded space from multiple cyber range providers would also enable small and medium-sized companies to track and use high-quality services at an affordable price.
An important example of European collaboration promoted by the European Defence Agency (EDA) is the Cyber Range Federation, in which ten countries including Italy, Austria, Germany and Belgium participate, according to the Cyber Defence Built on European cooperation report published by the EDA. Cyber Range Federation has the ambition to systematize a process of sharing the technological environments in which cybersecurity professionals move to detect and mitigate cyber attacks.
The Cyber 4.0 webinar
Cyber range and cyber exercises were discussed on Friday, February 25, 2022 in a webinar organized by the Cyber 4.0 Competence Center attended by CISOs, CIOs, Cyber Experts, risk and security specialists, managers from companies, institutions, and public and private organizations.
The seminar explored possible uses of the Cyber Range, and more generally of an immersive simulation platform–from skill development to process tuning, from conducting industry exercises to infrastructure security audits–understanding how to prepare for and conduct an exercise, analysis of achievable benefits and actions taken, debriefing, individual and group performance scoring.
“This advanced training tool,” says Matteo Lucchetti, Operations Director of the Center of Competence, “is already widely used by large organizations and institutional and military entities but is still little known to many smaller companies and organizations, which can benefit from it equally. The seminar made it possible to represent the speakers’ direct experience in the stages of preparation, participation and analysis of the results of an exercise using state-of-the-art Range systems and exercise content, fully consistent with Cyber 4.0’s mandate to increase awareness and facilitate the adoption of new technologies.”