Tecnalia's Cyber-Ranges Facilities
Functional Components Description
A cyber-range is a virtual environment that is used for the training of personnel and for the research and development of cybersecurity technology. The cyber-range includes tools that help strengthen the stability, security and performance of IT / OT systems.
From the physical point of view, there is a room to host a Security Operations Center (SOC), which is the one that controls the cyber-range, and a second room that is where training and training exercises takes place. The SOC has software for monitoring, supervising and preventing IPS, IDS and SIEMS for the supervision of cyber-exercises and cyber-ranges.
On the other hand, the second room includes work stations for the people that will take part in the exercises (students or researchers), screens and video walls with information on the system, as well as the physical equipment needed to replicate the different scenarios of the IT / OT network for the cyber-ranges.
Concerning training, the cyber range allows to perform exercises of the type Capture The Flag (CTF) or Red-VS-Blue type. A CTF is a cybernetic challenge based of about four people that compete to attack servers and, if they manage to control, get points. In the case of Red-VS-Blue exercises, two teams are created, one that attacks a system and the other that defends it. The configuration of the exercise room is therefore flexible, so that it can be configured for one type of exercise as well as for the other.
Support platform for R + D + i projects
This platform will be used to develop R+D+i projects with a cooperative approach. Participants may use their own nodes, both individually or with third parties, in order to carry out other R+D+I projects of a different nature in relevant conditions. These projects should be mainly conducted by researchers and in a one-off case private projects may be developed. In the latter case, pay-per-use models may be contemplated for using the testbed for the aim of financing the projects amortization or maintenance.
The facilities allow for the testing and experimentation in Cyber Ranges technologies and cybersecurity technologies for the detection, answer, resilience and recover.
The asset may be used as a platform for offering and developing a wide-range of training activities, as for instance, cyber-ranges on the other industrial cybersecurity nodes of the BDIH. In other words, enabling access to the testbed to end users, companies offering cybersecurity training or researchers, so they can prepare and provide training or sophisticated simulation environments.
Training at individual and group levels about cyber defences, cyber-attack and forensic analysis for the Public Administration.
Support for awareness actions or generation of cybersecurity culture
In the event that public-private partnerships are encouraged, the testbed will enable conducting activities in order to support international events, to create scenarios for attracting talent or to promote the local companies as leaders in industrial cybersecurity.
Support platform for R + D + I projects: The facilities allow for the testing and experimentation in Cyber Ranges technologies and cybersecurity technologies for the detection, answer, resilience and recover.
Training: Training at individual and group levels about cyber defences, cyber-attack and forensic analysis for the Public Administration.
Support for awareness actions or generation of cybersecurity culture: the testbed will enable conducting activities in order to support international events, to create scenarios for attracting talent or to promote the local companies as leaders in industrial cybersecurity.
Security operations center:
It is composed by the equipment from which the Cyber-range is controlled. It has monitoring, supervision and prevention software for IPS, IDS and SIEM attacks.
It is composed by:
FortiSIEM FSM-2000F: SIEM-specific hardware with perpetual licensing for monitoring 100 devices and 1,000 events per second
3 workstations with Dell equipment, model Optiplex 3050 Mini Tower XCTO, with Dell 22 “monitors, with the following features each workstation: * Intel Core i5-6400 processor, 4Cores 2.7 GHz * DVD +/-RW * 4GB (1x4GB) 2400MHz DDR4 * hard drive 3.5 “500GB 7200rpm SATA * extra 1GB AMD Radeon R5 430 graphics card (DP/VGA) * USB keyboard Dell KB-522 * Dell MS116 USB Optical Mouse * O.S. Español Windows 10 Pro (64bits) * 2 monitors Dell 22 “S2218H-54, 6cm (21.5 “) Black.
Cyber-range master room:
The Cyber Range Master room is the place where Cyber Ranges are held. It allows to carry out Cyber Ranges in which up to a maximum of 10 people can participate.
Each participant has a Workstation with a double screen to carry out the Cyber Range.
The Cyber Range is monitored on a wall screen consisting of 10 screens of 55 “model Dell 55 Conference Room.
Equipment to create the Cyber Ranges scenarios as: -2 3D printers with different technology: FDM FlashForge Dreamer Printer and SLA Wanhao duplicator 7 printer -Virtual Reality Equipment (VR)/Augmented Reality (AR) composed by: * Alienware Area-51 with Monitor * Virtual reality glasses brand OCULUS * Virtual reality glasses brand HTC Live
The Cyber Range supports the use of different software for the execution of Cyber Ranges.