A new tool will make it easier and cheaper to train individuals who defend us from computer attacks.
Cyber attackers continually target the general population, businesses and public actors. The major attack on Norsk Hydro recently was a strong reminder of this.
“We train defenders,” says Basel Katt, an associate professor at NTNU’s Department of Information Security and Communication Technology in Gjøvik.
He is coordinating the work of creating the Norwegian Cyber Range (NCR), a comprehensive program that will make it easier to simulate data attacks and defences.
- You might also like: Cyber crime is on the rise. NTNU is on the case.
Program saves money and time
It’s expensive to train the people who defend us. When big companies hold a large-scale exercise, they often take several months to prepare for it. Lots of people and computers, routers and other hardware form a complex infrastructure to create an attack that is as realistic as possible. That’s a good approach, but at the same time it is time consuming and expensive.
“Building this sort of thing isn’t easy. Besides, if we want to train defenders, we also need attackers. Large companies can hire some of the best hackers to plan and execute an exercise. Companies of that size can afford to do this,” says Katt.
But not everyone has this much time or money. This is where the Norwegian Cyber Range comes in and enables medium and smaller players to train, too. And the NCR may also be an option for larger actors who don’t always need to train using large scale attacks.
To be precise, we’re not just talking about a simulation, but an emulation. A simulation is something that behaves like something else, but does not necessarily adhere to all the rules and reality. An emulation goes several steps further and copies reality as closely as possible. The program thus provides realistic training in a cost-effective way. That’s a positive development.
The idea is that the program itself will largely emulate and build a network and different types of attacks and defences, without any manual adjustments. But it is also possible to adjust the program as desired. At the same time, people can be assigned roles as attackers or defenders and try out roles from both sides.
Several countries are developing their own variants of cyber range, but the Norwegian one stands out. This is the first platform to test security where the idea is to practice defence on three levels.
- The first is the overall strategic level, called the “community level,” where the country is subjected to a computer attack. What happens if our country no longer has access to electricity after a computer attack? How can we manage without a cellular network? How should we react to keep society going?
- The second level is the tactical level, or what is called “the digital value chain level,” which looks at how different parts of a computer network are affected if parts of it are attacked or knocked out.
- The third is the level of operation, called the “infrastructure level.” The main idea is to train on attack and defence in a realistic computer network consisting of programs, hardware and various other components where attacks or defences can be simulated.
“The goal is to be able to practise on all these levels,” says Katt.
- You may also like: Researcher’s heart problems uncover security gap
The work of developing the Norwegian Cyber Range began just under year ago, and much still remains to be done. A total of three years has been allotted to develop a working prototype.
This is a national initiative. NTNU’s Department of Information Security and Communication Technology is also cooperating with other actors, such as the Norwegian Armed Forces. But a lot of the work is being done by students and employees at NTNU. About 25 lower-level students are involved, in addition to four doctoral students, three post-doctoral fellows, two professors and administrative support.
Students can also qualify for national and international championships where they compete with other schools and institutions in computer attacks and defence.
In October 2019, the finals of the European Cyber Security Challenge will be held in Bucharest, Romania. Norwegian participants are being recruited from among 16- to 25-year-olds in Norway. The Norwegian finals took place at NTNU in Gjøvik on 27 April 2019.