Cyber Range Technology stAck and Simulations for Training and Evaluation
Many activities relevant to cyber security cannot be performed on production systems, as they would jeopardize their secure operation and availability. These include training, exercises and education in cyber security processes (e.g. incident handling, forensic analysis), as well as testing and experimentation (research) and certification of cyber security solutions. Performing these activities within production systems can lead to economic/financial damage, poor reputation, or data privacy consequences in the case of enterprises. In the case of critical infrastructure and essential services, such as energy, water, and healthcare, this is compounded by threats to safety and security, basic services, and public health. Cyber Ranges (CR) therefore offer the possibility to create virtual network infrastructures that are capable of simulating system, user, and network normal behavior and attacks as well as their effects, in addition to systems, applications, and the network itself. Due to the numerous different use cases, there are various requirements for CRs and their features to enable realistic virtual representations of specific network infrastructures. Due to the increasing demand for the implementation of CR use cases, technological progress has led to a variety of technologies for the implementation of CR features. However, these differ greatly in characteristics such as maturity, license (availability), and function. The vision of the CyberTASTE study is to support all target groups in the best possible way in selecting the appropriate technologies for implementing specific CR use cases and features. Therefore, CyberTASTE has the following objectives: (i) survey of use cases and requirements for CR features of all target groups, (ii) derivation of a generally understandable definition of the CR term depending on the individual use cases, (iii) survey of available CR technologies and comparison of their advantages and disadvantages, (iv) development of a systematic method (incl. an implemented service) that supports the selection of CR technologies depending on use case and requirements, (vi) formulation and validation of best practices and guidelines for the selection of CR technologies, and (vii) derivation of the current research gap and development needs in the area of CR technologies.
- Partner: Bundeskanzleramt
- Project duration: 02/20247-01/2024
- Funding: KIRAS Sicherheitsforschung - Ausschreibung 2022/2023, Schutz kritischer Infrastrukturen allgemein