THE CHALLENGES OF CYBERSECURITY TRAINING



Similar documents
CyberNEXS Global Services

Detect, Contain and Control Cyberthreats

CYBER SECURITY TRAINING SAFE AND SECURE

ARI 26/2013 (Translated from Spanish) 17 September Cyber cells: a tool for national cyber security and cyber defence

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Cyber Learning Solutions

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Advanced Threat Protection with Dell SecureWorks Security Services

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

FIRST IMPRESSION EXPERIMENT REPORT (FIER)

Symantec Cyber Security Services: DeepSight Intelligence

POLICIES TO MITIGATE CYBER RISK

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

NERC CIP VERSION 5 COMPLIANCE

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

The 5 Cybersecurity Concerns You Can t Overlook

Cyber Security Operations Associate

Risk and responsibility in a hyperconnected world: Implications for enterprises

Technical Testing. Network Testing DATA SHEET

The virtual battle. by Mark Smith. Special to INSCOM 4 INSCOM JOURNAL

The enemies ashore Vulnerabilities & hackers: A relationship that works

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

KUDELSKI SECURITY DEFENSE.

Bio-inspired cyber security for your enterprise

EY Cyber Security Hacktics Center of Excellence

Ty Miller. Director, Threat Intelligence Pty Ltd

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Security & privacy in the cloud; an easy road?

The Cyber Threat Profiler

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Cybersecurity The role of Internal Audit

A Primer on Cyber Threat Intelligence

CYBERSECURITY INDEX OF INDICES

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Cyber-Security. FAS Annual Conference September 12, 2014

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Building a Business Case:

Comprehensive Advanced Threat Defense

Customer Value Enhancement, Endpoint Security Products Global, 2011

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Defending Against. Phishing Attacks

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Comprehensive real-time protection against Advanced Threats and data theft

Challenges of Analytics

Protect Your Business and Customers from Online Fraud

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Protecting critical infrastructure from Cyber-attack

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Zak Khan Director, Advanced Cyber Defence

WRITTEN TESTIMONY OF

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Introduction to Cybersecurity Overview. October 2014

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Digital Evidence and Threat Intelligence

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

Eight Essential Elements for Effective Threat Intelligence Management May 2015

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Risk & Responsibility in a Hyper-Connected World: Implications for Enterprises

IBM Security Strategy

TRITON APX. Websense TRITON APX

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Elastic Application Platform for Market Data Real-Time Analytics. for E-Commerce

Report on CAP Cybersecurity November 5, 2015

Transcription:

THE CHALLENGES OF CYBERSECURITY TRAINING DR. JORGE LÓPEZ HERNÁNDEZ ARDIETA DR. MARINA SOLEDAD EGEA GONZÁLEZ Cybersecurity Research Group Cybersecurity& Privacy Innovation Forum Brussels Belgium 28-29 April 2015

AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 2

01. INTRODUCTION CURRENT SITUATION The constant evolution of technology requires from private and public sector a continuous adaptation of their information systems as well as a greater preparation in cyber security practices. Also, cyberattacks are increasingly becoming more sophisticated with impacts maximizing on a frequent basis, causing an urgent need for more rapid and effective responses. RESOURCES Experimentation and research of new technologies EVOLUTION OF ATTACKERS Hackers, motivated for curiosity but mainly benign Script kiddies, trying to cause harm and become famous but without clear objectives Cybercriminals, with commercial motivations (phishing, malware, bots, etc.) Professionals, cyber warfare, mafias, hacktivists with political or strategic objectives 1970 1980 1990 2000 2005 2010 THE CHALLENGES OF CYBER SECURITY TRAINING 3

01. INTRODUCTION CURRENT SITUATION For an effective implementation of cybersecurity, the organisations must have qualified personnel trained in operational and tactical aspects. Decision-makers should also be educated on risks and security matters at organisational level. Therefore, training and awareness in cybersecurity becomes a fundamental pillar for an adequate protection of cyberspace. THE CHALLENGES OF CYBER SECURITY TRAINING 4

01. INTRODUCTION CURRENT SITUATION Lack of highly skilled and trained cybersecurity professionals Current efforts and initiatives do not suffice: offer and demand imbalance, situation getting worse Recent explosion in the demand Knowledge entry barriers slow down training process and increase costs Requires hands-on training: significant trainer resources (high costs) Our aim is to identify some desirable propertiesthat solutions should have in order to provide effective cybersecurity training, detect which ones present technical challenges, and suggest novel approaches to achieve them THE CHALLENGES OF CYBER SECURITY TRAINING 5

AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 6

02. MAIN CHALLENGES DESIRABLE PROPERTIES REALISM GROWTH FLEXIBILITY The solutions shall provide exercises that use real information systems and communication networks that reproduce real-world scenarios with real-time feedback and operation. The student shall be able to learn from hands-on experiences, using and managing multiple defensive/offensive security solutions. The solutions shall have the capability of defining, creating and setting up new exercises with little or no technical nor procedural constraints, and according to the evolution and changes in the technology and the threat landscape ROLE ORIENTED The access to the solution shall be as less restrictive as possible, allowing the student the remote access with little or non technical limitation regardless when and from where they access. USABILITY The solutions shall have the capability of adapting the training dynamics to the role of the student (strategic, tactical, operational). The solution HMI and functionality shall be easy to use. THE CHALLENGES OF CYBER SECURITY TRAINING 7

02. MAIN CHALLENGES DESIRABLE PROPERTIES SIZE SCALABILITY SECURITY The solution shall be capable of reproducing large networks and scenarios with hundreds and even thousands of assets REPRODUCI- BILITY The solution shall allow the student to repeat, pause, resume and restore the exercises at any time. The solution, especially SaaS, shall be capable of transparently accommodate new users up to reasonable orders of magnitudes (hundreds, thousands) RICHNESS The solution shall have the capability of incorporating a wide array of scenarios, techniques, defensive and offensive tools, attackers profiles, configurations etc. The solution shall offer a high level of security, such as isolation from production environments, access control, use of secure software engineering for product development, etc. SUPERVISION The solution shall include the capability of supervising, monitoring and assessing the student s actions and performance, using either automated means (preferably) or human-based mechanisms. THE CHALLENGES OF CYBER SECURITY TRAINING 8

02. MAIN CHALLENGES DESIRABLE PROPERTIES PEDAGOGICAL ADAPTABILITY CONTROL The solution shall embed a variety and effective learning processes and pedagogical strategies, such as Observational learning (play automated exercises) Trial and error approaches (active attitude, capability to undo actions and take different courses of action, etc.) Quantitative scoring system and gamificationmechanisms to encourage competitiveness and self-improvement The solution shall include the capability of adapting to the level of difficulty of the training to the student s skills and performance, including dynamically. The solution shall include the capability of automatically (preferably) or manually controlling the execution of the exercise to unblock certain situations, execute alternative paths, know the progress and state of the exercise, etc. THE CHALLENGES OF CYBER SECURITY TRAINING 9

02. MAIN CHALLENGES DESIRABLE PROPERTIES INTELLIGENCE GUIDANCE CUSTOMIZABLE This property relates to the overall artificial intelligence of the solution that enhances many of the other features, such as: Have the capability to automatically and dynamically propose new challenges to the student Play automatically adversarial roles Improve the adversary skills for highly proficient students, etc. Reinforce certain attitudes The solution shall include the capability of providing guidance and tips to the student to help him during the training activity to enhance the learning process. The solution shall include the capability of easily adapting and customizing the exercises to the student needs, without the need to stick to predefined scenarios and exercises. THE CHALLENGES OF CYBER SECURITY TRAINING 10

02. MAIN CHALLENGES MATURITY LEVEL IN STATE-OF-THE-ART SOLUTIONS INCIPIENT REPRODUCIBILITY CUSTOMIZABLE ROLE ORIENTED GROWTH FLEXIBILITY SCALABILITY SECURITY SIZE REALISM RICHNESS USABILITY MATURE CHALLENGE ADAPTABILITY CONTROL GUIDANCE PEDAGOGICAL SUPERVISION INTELLIGENCE THE CHALLENGES OF CYBER SECURITY TRAINING 11

AGENDA THE CHALLENGES OF CYBER SECURITY TRAINING 12

03. NOVEL APPROACHES SIMULATION VERSUS EMULATION SIMULATOR software/hardware tool that models the state and internal properties of the simulated system, being able to produce identical (ideal simulator) observable effects and properties like those of the real system (performance, interactivity, etc.), that is, emulating the behaviour of the real system. Modeling is a requirement for simulation (M&S): Modelingcaptures the essence of the real system using symbology schemes The simulation exercises the model incorporating the temporal dimension EMULATOR software/hardware tool that seeks to mimic the observable properties (not the internal state) of the emulated system, in a manner that the behaviour is as close to the reality as possible. Emulators are typically used as substitutive elements of the real system, whilst simulators are mainly used for analysis, experimentation and training THE CHALLENGES OF CYBER SECURITY TRAINING 13

03. NOVEL APPROACHES BENEFITS OF THE SIMULATION Simulators have become a very valuable tool for training: PEDAGOGICAL COST SAVING AVAILABILITY TEMPORAL SCALE MANIPULATION RICHNESS IN SCENARIOS AND SITUATIONS BORDERLINE SITUATIONS CONTROL OVER THE EFFECTS, ENVIRONMENT, PROPERTIES THE CHALLENGES OF CYBER SECURITY TRAINING 14

03. NOVEL APPROACHES CATEGORIES OF SIMULATORS FOR TRAINING SIMULATORS COMBAT LIVE VIRTUAL CONSTRUCTIVE PERSONNEL SYSTEMS COMMANDS ENVIRONMENT Real Real Real Simulated Real Real Simulated Simulated Real Simulated Simulated Simulated Real Real Simulated Simulated Live simulators are those that ensure the highest physical and cognitive reliability. Cyber Ranges T&E hold the same properties THE CHALLENGES OF CYBER SECURITY TRAINING 15

03. NOVEL APPROACHES ADVANTAGES OF CYBER RANGES Integrated training systems with an adequate cost/benefit balance, incorporating the conceptual advantages of M&S but that resolve their limitations. PERSONNEL SYSTEMS Real Real defender, attacker, analyst, collaborator. (some may be simulated) (Hands-on) Learning at deepest level. Maximum applicability of the knowledge gathered in real situations. COMMANDS Simulated Richness in scenarios and situations. Borderline training. ENVIRONMENT Real Optimal learning. Maximum applicability of the knowledge gathered in real situations. THE CHALLENGES OF CYBER SECURITY TRAINING 16

CYBERSECURITY RESEARCH GROUP crg@indra.es Avda. de Castilla, 2 Edificio Kenia -PlantaBaja 28830 - San Fernando de Henares (Madrid), Spain F. +34 91 480 60 31 www.indracompany.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information