Joint Research Centre

Similar documents
ENISA EU Threat Landscape

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

ENISA S WORK ON ICS AND SMART GRID SECURITY

KYPO Cyber Range Design and Use Cases

ENISA s Position on the NIS Directive

Directive on Security of Network and Information Systems

Security and resilience in Information Society: the European approach

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Final Project Report. Abstract. Document information

Discussion on MS contribution to the WP2018

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Directive on security of network and information systems (NIS): State of Play

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Israel and ICS Cyber Security

Valérie Andrianavaly European Commission DG INFSO-A3

EU policy on Network and Information Security & Critical Information Infrastructures Protection

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

European Directives and reglements for Information security

EISAS Enhanced Roadmap 2012

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

GridEx IV Initial Lessons Learned and Resilience Initiatives

Securing Europe's Information Society

Critical Cyber Asset Identification Security Management Controls

Bradford J. Willke. 19 September 2007

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Cybersecurity & Digital Privacy in the Energy sector

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

Cyber Security Technologies

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cyber Security Incident Report

The Digitalisation of Finance

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

RUAG Cyber Security Training Range & Attack Simulation. Peter Hladký Senior Cyber Security Specialist RUAG Defence

Challenges in Maritime and Supply Chains Security

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Towards a European Cloud Computing Strategy

Cyber Security Congress 2017

Cybersecurity Strategy of the Republic of Cyprus

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber security: a building block of the Digital Single Market

First Session of the Asia Pacific Information Superhighway Steering Committee, 1 2 November 2017, Dhaka, Bangladesh.

Implementing a National Strategy : the case of the Tunisian CERT

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Are Cyber Security Exercises Useful? The Malaysian Case Study. Adli Wahid Head of Malaysia CERT (MyCERT) Twitter: adliwahid

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Cyber Security in Europe and CEER s new PEER initiative

Emergency response plan in the event of an attack against information systems or. a technical flaw in the information systems

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Developing ILNP. Saleem Bhatti, University of St Andrews, UK FIRE workshop, Chania. (C) Saleem Bhatti.

Google Cloud & the General Data Protection Regulation (GDPR)

Strategic and operational threat analysis at Europol's EC3

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Canada Life Cyber Security Statement 2018

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

Examining Cooperative Strategies through Cyber Exercises

Package of initiatives on Cybersecurity

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Call for Expressions of Interest

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Roll-out of Smart Metering the key for success

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

The SPARKS Project Motivation, Objectives and Results

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

GridEx IV Panel Discussion

EU policy and the way forward for smart meters and smart grids

Cyber Security Reliability Standards CIP V5 Transition Guidance:

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATION SOCIETY AND MEDIA

TIES for Microsoft CityNext Next-Generation Situational Awareness

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Australian Energy Sector Cyber Security Framework. Frequently Asked Questions FINAL V1-0

Wiebe Ruttenberg & Emran Islam DG Market Infrastructure & Payments. From Cyber Threats via Cyber Security to Cyber Resilience

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

Implementation Strategy for Cybersecurity Workshop ITU 2016

Towards an integrated regulation platform in Luxembourg. Information Security Education Day th of april

Regulating Cyber: the UK s plans for the NIS Directive

EARTH Ex 2017 Middle Planning Conference

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

Bontempiorgel. Mar7n LATZENHOFER

Final Project Report. Abstract. Document information

We are also organizational home of the Internet Engineering Task Force (IETF), the premier Internet standards-setting body.

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Italy - Information Day: 2012 FP7 Space WP and 5th Call. Peter Breger Space Research and Development Unit

Transcription:

Joint Research Centre The European Commission s in-house science service www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation

On the use of emulation test-beds for increasing the realism of operational cyber exercises T. Benoist, C. Siaterlis, A. Pérez García 5 July 2012 2

Overview 1. Test-beds for CE a. Rationale b. methodology c. Benefits for CEs d. EPIC 2. Driving Cyber Exercises: EXITO a. Requirements b. Architecture c. Features

Rationale Support the paradigm shift towards more operational CEs Increase realism of operational CEs by embedding a technical dimension into storylines Increase players situational awareness Collect additional Exercise feedback

Methodology An environment for the exercise is realistically recreated on the test-bed, i.e. without using operational systems. The environment shall reproduce data and PSTN networks. Players are given access to the environment from remote locations The environment shall be strictly confined (e.g. phone calls, player actions, etc) Environment subject to scripted events and real-time interaction. Detailed exercise logs are stored in data repositories.

Benefits During the preparation phase: Test various crisis scenarii/timelines e.g. conception of competitive (e.g. Red vs Blue team) and collaborative scenari Test conceptual & technical procedures Test mitigation strategies Helps evaluating and writing sound realistic storylines During the exercise: Real-time monitoring of the exercise (e.g. Zabbix) Real-time monitoring of players (phone logs, players log) Provides exercise moderators with additional information to steer the storyline

Benefits After the exercise: Additional feedback through exercise intelligence reporting Possibility to replay the exercise Possibility to reuse exercise topologies useful to write lessons-learnt, improve procedures, convert previous exercise topologies into training material, etc.

How? Traditional Ad-hoc testbeds Simulators EPIC Recent Overlay testbeds (on top of existing infrastructures) Emulation testbeds (dedicated physical resources)

EPIC

EPIC Example: BGP MiM attack lan0 10.1.1.0/24 100Mbps Voice communications / PSTN

Overview 1. Test-beds for CE a. Rationale b. methodology c. Benefits for CEs d. EPIC 2. Driving Cyber Exercises: EXITO a. Requirements b. Architecture c. Features

Requirements for EXITO The Exercise event Injection Toolkit shall Facilitate large scale distributed exercise playing though event injection and data collection Need to organize exercise stakeholders across various roles Maintenance of a MaSter Event List (MSEL) representing the scenario Scenario control what event from the MSEL is injected and when Keep track of past events Event Management - what happens when an event is injected Feedback collection platform

Architecture: hierarchical model EXCON Excon-moderators EXITO Clustermoderator Clustermoderator Clustermoderator Observers player player player player player player Cluster A Cluster B Cluster C EXCON: centralized location for overall management Clusters: independent and parallel groups Cluster-moderator: manages a single cluster s participation

Events The scenario is composed of events Events have a set of attributes: injection_offset: from the exercise start time in minutes group_id: in order to group events for bulk injection type: Exercise related, CERT, International Media, Intelligence, CIIP Incident, Law Enforcement necessity: Mandatory, Optional cluster: cluster identification or ALL sender: supposed sender of the event within the exercise scenario recipient: intended players for this event title description attachment Offset Group_id Type Necessity Cluster Sender Recipient Title Description attachment 0 1 Exercise related Mandatory ALL EXCON All players Beginning of exercise Good afternoon, this is an EXERCISE! The mechanism for the File.pdf

Features - Data & Data Access Rights MSEL Full list of scenario events Ideally designed and set up before the exercise Managed and visible only by the EXCON-moderators Event List Contains events injected during the exercise Limited views for Cluster-moderators (only own events) Feedback repository Includes the status reports generated by the Cluster-moderators Limited views for Cluster-moderators (only own reports) Full access for EXCON-moderators Main source for post analysis

Features - Exercise map Provides visual information of the exercise topology Managed and updated by the EXCON-moderators Typically not visible for Players (but possible) Consists of three elements: The background image The Information exchange Points (IXP) The links between IXP Supports WeatherMap, KML, OpenLayers

Information flows: Injection of Events Executed by the EXCON-moderators Events are copied from the MSEL to the Event list Accompanied with one or more actions: mail to the Cluster-moderators Exercise map update 3 rd Party RESTful Webservice calls (openpublish, statusnet, etc). EPIC script (attack tool, traffic generator, ) Cluster-moderators are responsible of forwarding the information to the Players

Injection of Events (II) - EXCON 5 July 2012 18

Injection of Events (II) Cluster Mod 5 July 2012 19

Information flows: Feedback from clusters Cluster-moderators gather information form Players and fill in a status report Status reports are generated periodically, on demand or according to exercise s requirements All status reports are logged for post analysis Cluster Moderators can also provide live-feedback through traffic-light status indicator

Cluster moderators fill in Status reports

Cluster-moderators provide feedback to EXCON moderators

EXCON-moderators have a quick view of status provided by Cluster-moderators

Extra Features A discussion page is available for all users to share information and experiences EXCON-moderators can provide the users with files through the downloads page Observers see a timeline made of injected events and submitted status reports EXITO is fully integrated into EPIC 5 July 2012 24

Showcase: Cyber Europe 2010 4th November 2010 EXCON & Cluster moderators in a centralized location 22 Member States (clusters) 12 observers 80 remote players from Computer Emergency Response Teams (CERT), Ministries, National Regulatory Authorities, Law enforcement and Intelligence agencies MSEL with 320 events 185 status reports were collected

Under the hood OpenSource Architecture: PHP Web application leverages CMS FW(Drupal) FreeBSD OS Apache web server MySQL database sshd Perl Exito Drupal mysqld Sendmail Apache httpd FreeBSD 8.0 RELEASE Freebsd filesystem GENERIC PC Exito PHP EUPL License

How do I get EXITO? Format: Live CD for initial testing Virtualbox appliance (fully working environment) Source code (Drupal + EXITO + mysql scripts) for deployment, customization and running exercises Procedure: Fill in request form Accept EULA Download software** http://sta.jrc.ec.europa.eu/index.php/exito-request-form ** The release is in a beta level

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback