A CybEr range tRaining platform for medicAl organisations and systems Security

The AERAS project aims at developing a realistic and rapidly adjustable cyber range platform for systems and organisations in the critical healthcare sector, to effectively prepare stakeholders with different types of responsibility and levels of expertise in defending high-risk, critical cyber-systems and organizations against advanced, known and new cyber-attacks, and reduce their security risks. The platform will be a virtual cyberwarfare solution enabling the simulation of the operation and effects of security controls and offering hands-on training on their development, assessment, use and management. The platform will be based on an evidence-based approach where virtual cyberwarfare and simulations are configured according to evidence regarding: (i) the occurrence of cyber threats, and (ii) the effectiveness of the operation of the internal and external system defence mechanisms. Evidence will be collected by multi- faceted real- time monitoring and assessed according to Cyber Range Security Assurance (CRSA) models specifying potential cyber-attacks, the security mechanisms used against them, and the methods for assessing their effectiveness. The AERAS solution will be delivered at TRL-7 and validated through two different pilots in the healthcare sector.

To address the above, AERAS will pursue the following objectives:
1) Develop Cyber Range Security Assurance models (CRSA models) to drive the generation of Cyber Range Simulation and Training (CRST) programmes.
2) Develop novel hybrid cyber security risk analysis models, which combine traditional static cyber security risk analysis principles and standards with continuous risk estimates.
3) Develop mechanisms to support the adaptation of cyber range simulation and training programmes, via feedback received from multiple sources, including multi-layer system, trainee and programme performance monitoring, and CSLAs monitoring.
4) Develop capabilities required for the delivery of effective cyber training, namely emulation, simulation, security assurance assessment, and visualisation capabilities
5) Integrate capabilities developed under Objectives 1-4 into a common platform that delivers realistic and highly adjustable cyber training, offering hands-on experience against cyber-attacks.
6) To ensure the dissemination and communication of the project’s results and the uptake of the AERAS innovation to organisations in critical domains, and cyber security stakeholders.

The project activities has been strongly affected by the COVID outbreak and the cold-start of research activities we experienced. Furthermore, two partners withdrawn from the Consortium (TSI and CITY), while others committed in reducing their effort. This has created knowledge gaps filled by introducing new partners (EAIN, TRID, and LIBRA), specifically selected to guarantee the fulfillment of secondments and specifically to cover the knowledge areas. Due to the major changes in the Consortium, the partners decided to focus the activities on the delivery of the main platform and the definition of the overall AERAS training approach, at detriment of concepts like CSLA monitoring that are not in the major trends of cybersecurity training.

In the following, the work carried out of single WP is summarized:
WP1) Overall management of the project, organization of weekly calls , communication with PO, and management of periodic reporting

WP2) The work in WP3 has been focused on the following points:
- Making and administering a survey is with doctors, nurses, IT experts, Administrative Staff.
- Study cybersecurity standards and certification that could be relevant to AERAS training models.
- Study of technological landscape and AERAS novelty and of an initial specification of the AERAS platform technical requirements for each platform's component.
- Discussing the initial version of the reference architecture for the AERAS platform.
- Definition of each component of the architecture.
- Discussion of the candidate technologies that can be used to build the AERAS cyber range platform.
- Selection of the KYPO open source framework as AERAS reference architecture.


WP3) The work in WP3 has been focused on the following points:
- Definition of a language to support the development of CRSA models and CRST programmes.
- Study of the development of CRSA models for both pilots, and, consequently, on the development of CRSA-driven CRST programmes.
- Development of means to enable basic forms of analysis and determine the impact that certain changes in specific parts of the CRSA model.
- Application of the LLM concepts to CRSA and CRST.

WP4) The work done in WP4 has been mainly focused on the following points:
- Specification of tools and technologies to develop the AERAS platform components.
- Study of the design of a user-friendly Cyber range training platform.
- Design the AERAS platform architecture.
- Adaptation of the KYPO open source framework to be installed in pilots’ environments and with respect to AERAS technical requirements.
- Definition of the AERAS checklist for the risk evaluation and adaptation.


WP5) The work in WP5 has been focused in the deployment of the AERAS platform in the pilots’ environments, and in the administering of the validation tests.
- Implementation of AERAS-specific drivers for KYPO and OpenStack to allow the adaptation of the platform to the project requirements and the newer version of Openstack.
- Definition of validation tests and training programmes.
- Administering of the validation tests and training programmes to the selected pilots’ personnel.
- Collection and analysis of validation tests results.
The validation test have seen the participation of 18 participants (53%) from UPAT and 16 participants (47%) from PAGNI.


WP6) WP6 Team, together with the whole Consortium, has worked on fostering Dissemination and communication activities related to the project. In particular, the AERAS website and social channels has been managed and kept updated with partners’ activities in the area of cybersecurity training. Two open webinars have been organized with good participation. Seven newsletter have been published, the last one will come after the closure.

The project is still at its early stage and the partners are laying the basis for the future impact it can have on the European healthcare landscape.

In particular, the impact of the project will be focused in the following areas:
1) Adapting an existing open source framework (KYPO) to work in the healthcare context
2) Defining a mechanism for the establishing of training campaigns starting from the analysis of the organization's cybersecurity landscape, definition of models and training activities, administering of the training, monitoring of results, and adaptation of training programmes
3) Definition of the RiskFactor techniques for the evaluation of the improvement (resp. detriment) of the overall cybersecurity status.

At the time of the writing of the report, the Impact Awarness Metrics valorized so far are the following:
- AERAS Website accesses 11369
- AERAS Newsletters: 7 (last one will be issued after the closure)
- AERAS on Social Media - Announcements > 100
- AERAS on Social Media - followers > 300
- Journal and Magazine Publications 10
- Conference & Workshop Publications 1
- Public lectures and/or networking event for the general public 2 with >= 100 attendees