a cyberSecurity Platform for vIrtualiseD 5G cybEr Range services

5G technologies through their potential to enable and support a spectrum of functions and applications are destined to play a major role towards the successful digital socio-economic transformation in the EU affecting a wide range of sectors such as IoT, energy utilities, healthcare, public safety, manufacturing, media and entertainment, transportation, and finance. However, there are many security challenges and a broad spectrum of vulnerabilities to be taken into consideration towards 5G secure network architecture development. Moreover, the complexity of threats and malicious activities in cyberspace is significantly growing and cybercrime attackers are getting more sophisticated and organised and are continuously evolving their tactics.

To address the above challenges, SPIDER developed a sophisticated cyber range environment that provides its users (trainees) with the ability to master how to use domain-specific cyber protection technologies and collaboratively improve their ability to handle incidents and cyber risks. In essence, SPIDER has delivered a novel Cyber Range as a Service (CRaaS) platform targeting 5G deployments to assist cybersecurity professionals of various levels to enhance their skills by being trained under realistic conditions.

Project activities in the 36 months duration covered the analysis of the user, technical and business requirements, the design of the architecture of the CRaaS platform for the telecommunications domain, the development of the infrastructure-related and supporting technologies, the integration, deployment, and validation of the platform, the piloting activities in five major use cases, and finally the dissemination, communication and exploitation awareness framework with the purpose of achieving positive Impact Creation and Business Exploitation.

Towards completing the defined milestones and objectives, studies were aimed at analysing, collecting, and extracting the SPIDER user requirements that the architecture development had to realize. A fundamental step of the work was to define the 5G cybersecurity threat landscape, and the related SPIDER actors as well as to outline the possible attack scenarios.

The resulting cyber range reached its final version through the validation in realistic pilot use case scenarios (PUCs) aimed at demonstrating its applicability and validity for all requirements and with specific objectives: 1) Cybersecurity Testing: functional verification of the SPIDER platform and assessment of the platform's advanced virtualization and orchestration solutions; 2) 5G Security Training: educational effectiveness of the platform and assessment of the training of experts and non-experts; 3) Cybersecurity Investment Decision Support: validity of the proposed 5G econometric models.

One of the most significant results has been the extraction of a unique value proposition oriented towards the needs of various prospective customers and stakeholders. SPIDER has four main modalities, namely (i) the theoretical training with the goal of evaluating and improving the theoretical background of trainees, (ii) the hands-on training aimed at putting in practice the skills of trainees, (iii) the simulation training to help execute the risk assessment and econometric analysis of auditors/assessors, and (iv) security-awareness training for non-expert users to improve their soft-skills in the security domain.

In parallel, SPIDER has focused on multiple far-reaching communication, dissemination, and exploitation activities to present the significance of adoption of the SPIDER cyber range innovative features into the 5G evolution ecosystem, not only to interested stakeholders, but also to the public. Targeted community-building and dissemination activities have been supported, such as the co-organization of events (workshops, webinars, etc.) as part of clustering activities, CTF challenges, and Knowledge Transfer events, in addition to the production of a solid number of scientific papers, coupled with targeted communication activities towards broader audiences through the project’s web presence.

SPIDER's exploitation analysis identified, described, and analysed 7 Key Exploitable Results (KERs) that are part of the SPIDER platform, and that represent important outcomes for the sustainability of the project:

SPIDER Cyber range as a whole;
5G-specific emulated Scenarios;
Cyber Security Serious Game;
ML Emulation Lab;
XL-SIEM;
Continuous Risk Assessment Engine;
Assurance Platform Event Captors.

The exploitation analysis carried out for each asset has provided an overview of its specific market positioning, the expected TRL, the licensing scheme, the analysis of the market including the existing competitors and the potential customers. Moreover, a thorough business analysis activity has been carried out in support of the business exploitation of the platform, by:

1) Identifying prospective customers;
2) Performing a competitive analysis of the reference business sector;
3) Realizing a techno-economic analysis of the competitors in the same market space;
4) Analysing current IPRs arising from the platform in support of the post-project sustainability.

Modern societies have become increasingly dependent upon critical (cyber) infrastructures, and this dependency is only becoming stronger as ICT progress. As the future of the telecommunications sector, 5G network infrastructures are key Critical Information Infrastructures (CIIs) with Telecom Service Providers (TSPs), Internet Service Providers (ISPs), cloud infrastructure providers, and Over-The-Top (OTT) players to depend upon such infrastructures, which in turn comprise one of the backbones of Europe’s economic growth.

The SPIDER project addresses this issue at its very core by delivering a novel, flexible and scalable Cyber Range as a Service platform (i) promoting cybersecurity preparedness through improved cyber defence training, (ii) addressing advanced cybersecurity threats targeted at critical virtualised 5G infrastructures by deploying virtualised versions of market ready cyber protection solutions, (iii) facilitating cyber threat situational awareness by blending together advanced network configuration and attacker emulation tools, and (iv) leveraging secure and authorised exchange of 5G network security incidents by creating interfaces with open-source tools developed by CERTs/CSIRTs across the EU.

Furthermore, due to the increasing cyber-risk and economic uncertainty, organisations that rely heavily on IT infrastructures require managerial strategies that are responsive to market conditions. Accordingly, improved knowledge on how organisations can make the right investment to secure their operations against cyber-attacks should be a priority for modern ICT organisations. SPIDER’s mission goes well beyond permitting a multidisciplinary understanding of the costs and investment decisions around securing information systems, enabling organisations to better shape their cybersecurity budget spending strategies towards securing their operations against cyber-attacks.

Ultimately, SPIDER will contribute towards enhanced economic performance through encouraging further development and path to market for integrated cyber range solutions. The enhanced economic situation will also have a catalysing social impact through improved incomes and enhanced societal conditions within a wider societal context.