Bit Sentinel is the beneficiary of a grant to implement the project “Cyber Ranges Resiliency Networks – CYRESRANGE”, under the grant contract no. 101128088. The project is funded by Digital Europe, under the call DIGITAL-ECCC-2022-CYBER-03, action type: DIGITAL JU SME Support Actions.
The project coordinator is the Maritime University of Constanta. The beneficiaries of the project, besides Bit Sentinel, are:
- The Romanian National Cyber Security Directorate – DNSC
- Cyber Security Cluster of Excellence – CYSCOE
- Cyber Dacians
- The National Institute for Research & Development in Informatics – ICI Bucharest
- Orange Romania
The proposed CYRESRANGE project addresses concerns and European directives in the field of cyber security.
The project focuses on the creation of new paradigms regarding the creation, interconnecting and strengthening cybersecurity ranges at national and regional level with great capabilities in the European realm, including critical infrastructures, not limited only to sectors covered by the NIS Directive.
Moreover, the project pursues the main aims of the EU Cybersecurity Strategy in all three areas of action:
1. resilience, technological sovereignty and leadership;
2. operational capacity to prevent, deter and respond;
3. cooperation to advance a global and open cyberspace.
The main objectives of the CYRESRANGE project
The main objective of CYRESRANGE is to foster capabilities of existing cyber ranges in order to create a network of Cyber Security Centers of Excellence at the national and regional level based on interconnected cyber ranges, with a focus on improving experience for scenario developers and introducing a comprehensive gamified experience for students.
The ambition is to create the premises of building a community of content creators that will create the premises of a new job in cyber security and professionals that will develop their cybersecurity skills and expertise in key technologies.
To achieve this main objective, the CYRESRANGE project has a number of specific objectives:
Objective #1
Strengthening the capacity of cyber security actors in the EU to interconnect independent and federated cyber ranges in EU join CYRESRANGE’s network using an innovative connector (CyberEDU Range Connector), optimized for fast onboarding, cross-range content & scenario management and security of the shared resources while maintaining a cross-cluster repository of scenarios.
The CyberEDU Range Connector, will allow for the streamlined incorporation of additional cyber ranges. As an added bonus, this will make it easier for the CYRESRANGE network to bring on new partners at low cost, which will boost the network’s overall resilience and the capacities of its members to organize large-scale exercises and provide the groundwork for a unified response to large-scale cyberattacks.
Objective #2
The project beneficiaries have more than 10 years of experience in organising complex cyber security exercises and developing content for hands-on training and simulations. The main challenge is the lack of specialists to help develop scenarios and content for these activities.
Thus, CYRESRANGE aims to develop a marketplace of crowdsourced structured trainings & certifications schemes, based on an incentive system for content creators and cyber ranges to combine existing resources in new ways or develop new scenarios. This is done using an innovative scenario builder and unified language, agnostic to cyber range technology, optimized for large scale, cross-range exercises able to share knowledge and cybersecurity threat intelligence between stakeholders in the Member States. This ensures more effective monitoring of cyber threats and joint response to cyber attacks
Objective #3
Support a progressive adoption path for the CYRESRANGE platform, services, community and gamification system through extensive validation and the organization of large scale exercises within and across critical infrastructures, key technologies and application sectors considering the important role of the Computer Security Incident Response Teams (CSIRTs) network and of the Cyber Crisis Liaison Organization Network (CyCLONe).
To achieve this ambition, the consortium will update, develop and improve a minimum 100 training modules, a minimum 15 large-scale or cross-range exercises, and will aim to involve at least 30 cyber security content creators for the entire duration of the project. Content will be created in such a way that it can be easily replicated, extensible and adaptable to other industries and/or technologies.
Moreover, the end goal is to create a Regional Resilience Network of at least 100 individuals combining infrastructure and technology hosted in different regions and a pool of cyber security experts trained and with expertise on the same methodology and processes to provide support on incidents.
Objective #4
To develop an innovative self-assessment engine that will combine personality traits and technical skills, optimized by a state-of-the-art machine learning model developing cybersecurity skills and expertise in key technologies (e.g. 5G, Internet of Things, Cloud, Artificial Intelligence, Industrial Control Systems).
Objective #5
Whilst the offensive cybersecurity industry is especially focusing on developing capabilities for Windows-based systems, threat actors are stepping up their innovation in all system types, seeing an uptick in SCADA and Linux malware recently.
The CYRESRANGE project is looking to improve the capability of cyber ranges and their operators to approach advanced types of cyber attacks, such as the ones done by APTs, through ongoing real attacks simulations built specifically for underserved technologies in the offensive cybersecurity space in various application sectors (e.g. health, energy, finance, transport, telecommunication, agri-food production, resource management) including consideration to cascading effects across sectors.
Objective #6
To define and effectively exploit the business plan, CYRESRANGE’s concepts and tools for market entry, to contribute particular project results to relevant standardization bodies, and to ensure wide communication and scientific dissemination of the CYRESRANGE results to the research, academic, and ICT community, not limited to sectors covered by the NIS Directive.
The impact of the CYRESRANGE project
The project aims to achieve the following KPIs:
- Number of cyber ranges created: minimum 4;
- Number of cyberranges interconnected: minimum 6;
- Maturity analysis pre and post implementation to measure the change in capacity of the cyberranges of the beneficiaries using pre and post implementation surveys: minimum 4;
- Number of sectors covered by specific cyberranges: minum 3 critical sectors;
- Number of common data repositories created: minimum 1 sharing content and labs between cyber ranges;
- Number of large-scale and cross-sector scenarios developed: minimum 15;
- Number of supported structured training and cybersecurity exercises for public or private organizations too: minimum 100 training modules;
- Number of exercises organized: at least 5 exercises with minimum 500 participants and at least 3 training programs.
The activities developed under the project umbrella will target the following categories of groups:
- SMEs and public sectors entities in the field of cybersecurity;
- Organizations that are interested in developing their own cyber range infrastructure and are willing to contribute to the national cyber range network;
- Stakeholders who are interested in using the tools that we are developing during the project and want to contribute to it in terms of feedback and improvements.
Considering the results of the proposed project, it is imperative to note that the project will contribute with several key benefits for society, such as:
- Improved security: Cyber ranges can be used to identify and mitigate vulnerabilities, reducing the risk of cyber-attacks and other security incidents.
- Increased resilience: By simulating different types of cyber-attacks and other security incidents, cyber ranges can help organizations to prepare for and respond to these incidents more effectively.
- Training and education: Cyber ranges can be used to provide training and education to cybersecurity professionals.
- Research and development: Cyber ranges can be used to conduct research and development in the field of cybersecurity and critical infrastructure protection.
- Economic benefits: By improving the security and resilience of critical infrastructure systems and energy systems, a network of cyber ranges can help to protect the economy from the impacts of cyber-attacks and other security incidents. It also can help to create jobs in the field of cybersecurity.
- International cooperation: By creating a network of cyber ranges, you can facilitate international cooperation in the field of cybersecurity and critical infrastructure protection, which can help to share knowledge, best practices and to develop common standards and protocols.
- Better preparedness to face cyber-attacks: By creating advanced adversarial capabilities for multiple systems, technical personnel of regular organizations and critical infrastructure can prepare in responding efficiently to APT attacks.
For more details about the CYRESRANGE project, visit this link or contact a Bit Sentinel specialist.