European Commission logo
English English
CORDIS - EU research results

Civil Cyber Range Platform for a novel approach to cybersecurity threats simulation and professional training

Periodic Reporting for period 2 - CYBERWISER.EU (Civil Cyber Range Platform for a novel approach to cybersecurity threats simulation and professional training)

Reporting period: 2019-09-01 to 2021-02-28 is a H2020 innovation action born to respond to the increasing need for highly-skilled cybersecurity professionals, and also the need to respond swiftly to a complex, multifaceted, cyber threat landscape. The project, developed under Grant Agreement 786668, starts on 01.09.2018 and concludes on 28.02.2021. The objectives of the project are the following:

O1: Deliver a European Platform for cybersecurity professional training;
O2: Develop innovative cybersecurity training tools and materials;
O3: Develop economic models to measure the monetary exposure to cyber risk;
O4: Carry out 3-full-scale pilots in energy, transport and education;
O5: Develop a sustainability model for the platform;
O6: Develop and run a profiled database of cybersecurity professionals and
O7: Contribute to the continuous development of a cybersecurity culture across EU society.

Following the trend of recent years, cybercrime keeps being a profitable business. Cybercriminals get not only money, but also intellectual property and sensitive data. According to Europol, the cost of cybercrime in Europe is around 265B€/year.

With cybercrime becoming more intense and cyberattacks more sophisticated, the need for higher cyber resilience is evident. The White House reports that the global IT Security Products and Services Market is growing at a yearly rate of 18% and will have a volume of around 128B$ by 2020. In this direction there is a need for proactive incident detection with monitoring techniques. There is a need to foster continuous vocational training and to promote agile collaboration between multidisciplinary teams, creating better strategies to achieve cyber resilience. Preparedness must be adequate to solve quickly arising cybersecurity issues. Mandatorily, training must focus on the practical side. Immersive experiences are needed, with simulated scenarios as close as possible to the reality. Cyber ranges are nice environments for this, providing practical training capabilities without exposing the productive environment. aims at making an impactful contribution delivering an educational, collaborative, real-time cyber range platform to prepare expert technicians to protect valuable digital assets against cyber crime.
The first year of the project has witnessed relevant achievements that put the project in the correct direction towards its future success.

The team completed the elicitation of the business, functional, technical and legal requirements, delivering D2.1 (initial version) and D2.2 (final). The main resulting set of requirements presented are software and system requirements.

The requirements are leveraged to produce the design and architecture of aiding the technological development of the platform. The design task produced D2.3 (initial version) and D2.5 (final). The team followed a top-down approach with two general diagrams with coarse and fine-grained detail respectively. The list of components, their role and how they would be inter-related was made clear. Then, the team found important to describe the product to implement from different perspectives, hence more views of the design were provided. These were a perspective based on software components structure, another considering software deployment, a data view and also the technology stack with the set of technologies used to develop the different components. Then the internal details of the components and how they match the requirements were made clear and documented accordingly, as well as the identification of the relevant user interfaces.

Following the requirements and the design, the team worked in parallel to develop models, tools and carry out the integration. D2.4 documents the initial version of the cyber range tools. It sums up the current state of the development activities, which progress on track to implement the requirements. D3.1 is the initial report on integration activities, describing the integration environment and the integration methodology followed, based on an agile approach with monthly sprints easing continuous and smooth progress which is confirmed via regression tests. The integration activities carried out and the status of the components and interfaces are documented. It also describes the next steps and the associated demo to showcase the integration achieved up to date.

D4.1 presents the initial version of the training material to be provided in The team has built a learning pathway in line with ISO 27001 and ISO 27005. The perspective of the three pilots has been considered along the process. This has triggered the work about scenario development. Also, the evaluation criteria to assess the performance of the users in real-time are developed and documented in D4.2.

The requirements posed by the pilots were gathered and compiled in D5.1 which brings a list of exercises proposed by the pilots in accordance with their interests. These exercises are thoroughly described and will be the first ones to be actually implemented in the platform in synergy with WP3 and WP4. The 3 pilots have already started and the pilot teams are getting familiar with the currently available version of the platform, and will get periodic updates till the final version to be delivered at the end of the project.

D6.1 reports on the activities for communication and stakeholder engagement carried out in the first 3 months of the project (September 2018 - November 2018) and defines the strategy and foreseen activities for the period December 2018 - February 2020. Besides, D6.2 documents the first version of the business models and commercialization strategy. The offering is structured like a pyramid with four different levels, namely (from bottom to top): Primer (freemium); and Basic, Intermediate and advance (paying). A first approach to the value proposition is developed, the competitive landscape is analyzed, the market positioning is presented and also a SWOT analysis is provided. outcomes are expected to produce a remarkable impact, as summarized below:

* Integrated learning experience on a single platform with a suite of training courses and training materials (slides, videos, documents, interactive quizzes).
* Methodology for definition, characterization and instantiation of cyber scenarios captured in a standardized manner with supporting graphical user interface for scenario editing.
* Real-time monitoring of cyber-range exercise evolution and student performance.
* Definition of performance evaluation criteria and transformation into algorithms to automate the real-time assessment of students during exercises.
* Automatic simulation of hackers´ attacks based on a scenario-defined schedule
* Security monitoring capabilities extension and upgrade with new security directives and metrics. Development of new collectors to capture relevant information for exercise evaluation.
* Automatic detection of vulnerabilities in the machines composing an exercise scenario and leverage them as inputs for performance evaluation.
* Use of innovative and advanced cyber risk assessment models and techniques to estimate monetary exposure of the simulated infrastructure and use these data in the student evaluation process.
* Federation of cyber ranges.
* Potential contributions and collaborations in the context of pan-European certification schemes.