Cybersecurity simulation covers multiple domains
Cyberattacks on critical infrastructure, including power grids and hospitals, can be devastating. Such attacks are also evolving, which underlines the importance of constant vigilance and up-to-date training. “Cyberthreats also tend not to be specific to one domain,” explains FORESIGHT project coordinator George Kokkinis from the Center for Security Studies in Greece. “A cyberattack in one area can have a cascading effect into others.” For example, an attack that puts out an electrical grid could have serious repercussions for airport operations. However, cybersecurity staff are often only trained to protect their own domain, and can find it difficult to share information and expertise with other critical infrastructure.
Training needs of critical infrastructure
The FORESIGHT project sought to address this weakness by bringing together the training needs of three critical infrastructure domains – power grids, airports and port facilities. The aim was to enhance the preparedness of experts across multiple domains in preventing, detecting and reacting to cyberattacks. This was achieved by developing a network of realistic training and simulation platforms – or cyber ranges – that cover all three areas. “We began by developing generic cyber training for experts across all three domains,” says Kokkinis. “From this, they can advance into more specific training relevant to their area, but with an awareness of other domains.” Indeed, for Kokkinis and his team, the holy grail was to train up cyber experts across all three areas on how to deal with a cross-domain incident. Who should they call? How should they respond? Kokkinis points out that all too often in these situations, staff are stuck in their silos, and do not know what to do.
Cascading cyberattacks across domains
With this in mind, the project consortium next set out to develop cascade scenarios – attacks likely to spill across domains – based on identified and forecasted trends and vulnerabilities. These were extracted from cyberthreat intelligence gathered from the dark web. Combined with theoretical training, these scenarios were designed to encourage staff to work in cross-sectoral teams. A federated network of cyber ranges enabled them to safely practise responses to various cyberattacks, not only in their own field of expertise but also in the other domains included in the project. Almost 100 cyber experts participated in and evaluated the training curricula and cyber range scenarios. The training material – reports on which are available on the project’s website – has since been amended by infrastructure operators based on user feedback.
Federated cyber training platform benefits
FORESIGHT was able to demonstrate the potential benefits of federated cyber training platforms. The challenge now is to persuade other domains and end users to adopt this concept. A key benefit is cost-effectiveness. Cyber ranges can be expensive. Pulling together a consortium to share training platforms therefore not only enriches the training experience itself, but could bring cyber ranges within reach of SMEs. The project also underlined the importance of having constant cyber training. “Many members of staff don’t pay that much attention to cybersecurity policies,” adds Kokkinis. “More and more staff work from home, on their own devices. In many cases, security measures have been relaxed.” Kokkinis believes that virtual, federated platforms, such as the prototype pioneered in FORESIGHT, could provide a simple and cost-effective way of delivering continuous and updated training. In this way, security experts will be better positioned to react to cyberthreats, even if the danger is not coming from their own sector.
Keywords
FORESIGHT, cybersecurity, cyberthreats, infrastructure, cyberattacks