Cyber ranges, threat intelligence, certification and standards, and skills and capacity building are all topics of central importance to four recently launched pilot projects which will work in close coordination to develop the European Cybersecurity Competence Network.
Incorporating a European Cybersecurity Industrial, Technology and Research Competence Centre and a Network of National Cybersecurity Coordination Centres, the network was proposed by the European Commission and will be fully established by 2021.
This article introduces the pilot projects and examines how each will address the topic of cyber ranges as a means of strengthening cybersecurity capacity in the European Digital Single Market.
Of the cyber ranges already in existence within the European market, many are broad in scope while others are very specific, focusing on one field only. ECHO (European network of cybersecurity centres and competence hub for innovation and operations) will create a marketplace of available ranges and promote their services to third parties via a Federated Cyber Range Portal (FCR).
As a cyber range broker, FCR will offer companies and cyber security specialists access to unique technologies and to virtual emulations of sector specific scenarios, thus enabling the development and demonstration of technology roadmaps, and the delivery of specific cyberskills training curricula.
The Cybersec4Europe consortium numbers forty-three partners including key players in cybersecurity competence and excellence in Europe who bring together research expertise and experience matured in over one hundred cybersecurity projects.
The consortium is building a lightweight cyber range as a prototype of the common portable virtual lab. The lab will facilitate the actual deployment of opensource tools, and support hands-on learning with gamification features, sample training materials, and guidelines for developers such as documentation, user interface, testing data, and APIs.
With a view to achieving better automated and custom-tailored training that corresponds to the actual and evolving cyber threat landscape, CONCORDIA is developing a directory of cybersecurity training facilities and cyber ranges across Europe, and enriching it with tools enabling different cyber ranges to share scenarios and scoring methods.
CONCORDIA will also formulate best practice guidelines for implementing and hosting cyber ranges, taking into account realistic simulation of network architecture and traffic composition, and the automation of adversary behavior to enable training session reproduceability. The weights of scoring components will be developed and continuously improved as scenarios evolve.
Positioned at the intersection of scientific excellence, technological innovation, and societal sciences in cybersecurity, SPARTA (Strategic Programs for Advanced Research and Technology in Europe) aims to foster the emergence of a thriving and responsible research and innovation model or roadmap which leverages Europe’s strengths and opportunities, across multiple disciplines, maturity levels, and geographical locations.
As regards cyber ranges specifically, the partners will categorise European cyber ranges in terms of their ability to handle the complexity of cybersecurity threats. They will also develop methods and solutions for predicting cyber threats in the early attack phase, and for exchanging threat intelligence information with respect to the GDPR.
Click here to download the Cyberwatching.eu white paper.