THE CHALLENGES OF CYBERSECURITY TRAINING

Transcription

1 THE CHALLENGES OF CYBERSECURITY TRAINING DR. JORGE LÓPEZ HERNÁNDEZ ARDIETA DR. MARINA SOLEDAD EGEA GONZÁLEZ Cybersecurity Research Group Cybersecurity& Privacy Innovation Forum Brussels Belgium April 2015

2 AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 2

3 01. INTRODUCTION CURRENT SITUATION The constant evolution of technology requires from private and public sector a continuous adaptation of their information systems as well as a greater preparation in cyber security practices. Also, cyberattacks are increasingly becoming more sophisticated with impacts maximizing on a frequent basis, causing an urgent need for more rapid and effective responses. RESOURCES Experimentation and research of new technologies EVOLUTION OF ATTACKERS Hackers, motivated for curiosity but mainly benign Script kiddies, trying to cause harm and become famous but without clear objectives Cybercriminals, with commercial motivations (phishing, malware, bots, etc.) Professionals, cyber warfare, mafias, hacktivists with political or strategic objectives THE CHALLENGES OF CYBER SECURITY TRAINING 3

4 01. INTRODUCTION CURRENT SITUATION For an effective implementation of cybersecurity, the organisations must have qualified personnel trained in operational and tactical aspects. Decision-makers should also be educated on risks and security matters at organisational level. Therefore, training and awareness in cybersecurity becomes a fundamental pillar for an adequate protection of cyberspace. THE CHALLENGES OF CYBER SECURITY TRAINING 4

5 01. INTRODUCTION CURRENT SITUATION Lack of highly skilled and trained cybersecurity professionals Current efforts and initiatives do not suffice: offer and demand imbalance, situation getting worse Recent explosion in the demand Knowledge entry barriers slow down training process and increase costs Requires hands-on training: significant trainer resources (high costs) Our aim is to identify some desirable propertiesthat solutions should have in order to provide effective cybersecurity training, detect which ones present technical challenges, and suggest novel approaches to achieve them THE CHALLENGES OF CYBER SECURITY TRAINING 5

6 AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 6

7 02. MAIN CHALLENGES DESIRABLE PROPERTIES REALISM GROWTH FLEXIBILITY The solutions shall provide exercises that use real information systems and communication networks that reproduce real-world scenarios with real-time feedback and operation. The student shall be able to learn from hands-on experiences, using and managing multiple defensive/offensive security solutions. The solutions shall have the capability of defining, creating and setting up new exercises with little or no technical nor procedural constraints, and according to the evolution and changes in the technology and the threat landscape ROLE ORIENTED The access to the solution shall be as less restrictive as possible, allowing the student the remote access with little or non technical limitation regardless when and from where they access. USABILITY The solutions shall have the capability of adapting the training dynamics to the role of the student (strategic, tactical, operational). The solution HMI and functionality shall be easy to use. THE CHALLENGES OF CYBER SECURITY TRAINING 7

8 02. MAIN CHALLENGES DESIRABLE PROPERTIES SIZE SCALABILITY SECURITY The solution shall be capable of reproducing large networks and scenarios with hundreds and even thousands of assets REPRODUCI- BILITY The solution shall allow the student to repeat, pause, resume and restore the exercises at any time. The solution, especially SaaS, shall be capable of transparently accommodate new users up to reasonable orders of magnitudes (hundreds, thousands) RICHNESS The solution shall have the capability of incorporating a wide array of scenarios, techniques, defensive and offensive tools, attackers profiles, configurations etc. The solution shall offer a high level of security, such as isolation from production environments, access control, use of secure software engineering for product development, etc. SUPERVISION The solution shall include the capability of supervising, monitoring and assessing the student s actions and performance, using either automated means (preferably) or human-based mechanisms. THE CHALLENGES OF CYBER SECURITY TRAINING 8

9 02. MAIN CHALLENGES DESIRABLE PROPERTIES PEDAGOGICAL ADAPTABILITY CONTROL The solution shall embed a variety and effective learning processes and pedagogical strategies, such as Observational learning (play automated exercises) Trial and error approaches (active attitude, capability to undo actions and take different courses of action, etc.) Quantitative scoring system and gamificationmechanisms to encourage competitiveness and self-improvement The solution shall include the capability of adapting to the level of difficulty of the training to the student s skills and performance, including dynamically. The solution shall include the capability of automatically (preferably) or manually controlling the execution of the exercise to unblock certain situations, execute alternative paths, know the progress and state of the exercise, etc. THE CHALLENGES OF CYBER SECURITY TRAINING 9

10 02. MAIN CHALLENGES DESIRABLE PROPERTIES INTELLIGENCE GUIDANCE CUSTOMIZABLE This property relates to the overall artificial intelligence of the solution that enhances many of the other features, such as: Have the capability to automatically and dynamically propose new challenges to the student Play automatically adversarial roles Improve the adversary skills for highly proficient students, etc. Reinforce certain attitudes The solution shall include the capability of providing guidance and tips to the student to help him during the training activity to enhance the learning process. The solution shall include the capability of easily adapting and customizing the exercises to the student needs, without the need to stick to predefined scenarios and exercises. THE CHALLENGES OF CYBER SECURITY TRAINING 10

11 02. MAIN CHALLENGES MATURITY LEVEL IN STATE-OF-THE-ART SOLUTIONS INCIPIENT REPRODUCIBILITY CUSTOMIZABLE ROLE ORIENTED GROWTH FLEXIBILITY SCALABILITY SECURITY SIZE REALISM RICHNESS USABILITY MATURE CHALLENGE ADAPTABILITY CONTROL GUIDANCE PEDAGOGICAL SUPERVISION INTELLIGENCE THE CHALLENGES OF CYBER SECURITY TRAINING 11

12 AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 12

13 03. NOVEL APPROACHES SIMULATION VERSUS EMULATION SIMULATOR software/hardware tool that models the state and internal properties of the simulated system, being able to produce identical (ideal simulator) observable effects and properties like those of the real system (performance, interactivity, etc.), that is, emulating the behaviour of the real system. Modeling is a requirement for simulation (M&S): Modelingcaptures the essence of the real system using symbology schemes The simulation exercises the model incorporating the temporal dimension EMULATOR software/hardware tool that seeks to mimic the observable properties (not the internal state) of the emulated system, in a manner that the behaviour is as close to the reality as possible. Emulators are typically used as substitutive elements of the real system, whilst simulators are mainly used for analysis, experimentation and training THE CHALLENGES OF CYBER SECURITY TRAINING 13

14 03. NOVEL APPROACHES BENEFITS OF THE SIMULATION Simulators have become a very valuable tool for training: PEDAGOGICAL COST SAVING AVAILABILITY TEMPORAL SCALE MANIPULATION RICHNESS IN SCENARIOS AND SITUATIONS BORDERLINE SITUATIONS CONTROL OVER THE EFFECTS, ENVIRONMENT, PROPERTIES THE CHALLENGES OF CYBER SECURITY TRAINING 14

15 03. NOVEL APPROACHES CATEGORIES OF SIMULATORS FOR TRAINING SIMULATORS COMBAT LIVE VIRTUAL CONSTRUCTIVE PERSONNEL SYSTEMS COMMANDS ENVIRONMENT Real Real Real Simulated Real Real Simulated Simulated Real Simulated Simulated Simulated Real Real Simulated Simulated Live simulators are those that ensure the highest physical and cognitive reliability. Cyber Ranges T&E hold the same properties THE CHALLENGES OF CYBER SECURITY TRAINING 15

16 03. NOVEL APPROACHES ADVANTAGES OF CYBER RANGES Integrated training systems with an adequate cost/benefit balance, incorporating the conceptual advantages of M&S but that resolve their limitations. PERSONNEL SYSTEMS Real Real defender, attacker, analyst, collaborator. (some may be simulated) (Hands-on) Learning at deepest level. Maximum applicability of the knowledge gathered in real situations. COMMANDS Simulated Richness in scenarios and situations. Borderline training. ENVIRONMENT Real Optimal learning. Maximum applicability of the knowledge gathered in real situations. THE CHALLENGES OF CYBER SECURITY TRAINING 16

17 CYBERSECURITY RESEARCH GROUP Avda. de Castilla, 2 Edificio Kenia -PlantaBaja San Fernando de Henares (Madrid), Spain F