WHAT IS A CYBERDRILL?
A CyberDrill is a planned event during which an organization simulates cyberattacks, information security incidents and other types of disruption. With a CyberDrill we test the organization’s cyber capacity by measuring its ability to detect and respond to a security incident.
Additionally, it measures the ability of responding appropriately to an incident, minimizing any related impact. More specifically, CyberDrill Simulations are delivered through different scenarios.
A scenario is a self-contained piece of content, which combines a storyline, an interactive infrastructure and applications, competency objectives, user activity, tasks to perform and challenges to deal with ancillary contextual information assets, and more.
Since 2017 CYBER RANGES has been supporting the delivery of all the Regional CyberDrills organized by the United Nations’ International Telecommunication Union (ITU) in collaboration with national regulatory authorities all over the world.
These CyberDrills have engaged thousands of delegates from national CERTs, critical infrastructure operators, financial and telecom institutions, and more.
Sample CyberDrills delivered by Silensec for the ITU have been held in:
- 2014 - Zambia
- 2015 - Egypt, Montenegro
- 2016 - Mauritius, Tunisia, Ecuador
- 2017 - Qatar, Tanzania, Moldova
- 2018 - Argentina, Azerbaijan, Ivory Coast, Moldova, Cyprus, Kuwait
- 2019 - Romania, Uganda, Malaysia, Oman
BENEFITS OF CYBERDRILLS
- Testing your organization’s ability and validating its plans to respond to security incidents.
- Testing your organization’s Cyber Resilience.
- Assessing the cyber capacity and capabilities of a SOC team.
- Assessing the competence of your organization’s Red Team.
- Complying with regulatory and best-practice requirements.
- Testing the cyber proficiency of other Teams, e.g. Blue Team, DevOps, Comms, Legal.
- Testing your team’s current skill set and identifying any gaps and areas for improvement.
- Evaluating your team’s readiness and response reflexes against cyber-attacks.
- Testing the coordination, communications and information sharing of internal and external teams, stakeholders, ecosystem partners, third parties and other entities.
- Team building opportunities.
Each CyberDrill may contain one or more scenarios towards the specific objectives of the exercise. You can:
Choose from a wide range of realistic simulation environments.
From simple environments with just a few systems (VMs) to more complex environments with dozens of systems to allow teams with different roles to collaborate and/or compete against one another.
Customize your simulation environment.
Choose from an exhaustive library of commercial security systems and applications.
You may choose from pre-set environments, customize these or even replicate your full infrustructure.
Choose the attacks you want to simulate.
From simple attacks exploiting a single vulnerability, to more complex, sophisticated attacks simulating advanced threat vectors and exploiting both human and technical vulnerabilities.
Choose the difficulty level.
Turning each chosen attack into a search for the "needle in the haystack" by adding background user traffic, thousands of realistic event logs, multiple parallel attacks from different countries and much more depending on the skill levels of the participants.
The following figure illustrates the typical execution of a CyberDrill Scenario powered by CYBER RANGES. The CYBER RANGES Injector Engine is responsible for the simulation and automation of a wide range of cyber-attacks, user activities and background traffic. The CYBER RANGES Injector Engine is also used by the White Team to inject live attacks and traffic during an active scenario. This increases the difficulty of the scenario against the performance of the participants. Real attacks can be even carried out by an external Red Team connected to the CYBER RANGES simulation environment.
Using CYBER RANGES for National CyberDrills
National CyberDrills are organized by a National Contact Point that brings together organizations from across its nation’s critical infrastructure. With CYBER RANGES CyberDrills organization becomes streamlined and National Authorities gain the ability to easily plan the cost-effective execution of CyberDrills at desired regular time-intervals (every year down to every term) and to even organize multiple CyberDrills by theme or industry sector.
CYBER RANGES contributes to your CyberDrills with:
- End-to-End CyberDrill workflow management
- User registration and creation of teams
- Design, development and delivery of the CyberDrill Scenarios
- Assessment of skills, cyber capabilities and cyber resilience
- Learning paths to skills gap and cyber capability shortage remediation
- Library of CyberDrill Scenarios
- Library of Attack Simulations to replicate the latest cyber threats
- Seamless integration and support of Scenarios from Value-Added Third Parties
BENEFITS OF NATIONAL CYBERDRILLS
- Evaluating readiness and response abilities to coordinated cyber-attacks across the country.
- Assessing national cyber capabilities.
- Raising awareness of the latest cyber threats.
- Improving coordination, communications and sharing of cyber-threat intelligence among national stakeholders.
USING CYBER RANGES FOR YOUR CYBERDRILLS
With CYBER RANGES the National Authorities have an effective turnkey solution for the organization and delivery of all National CyberDrills.
CYBER RANGES offers Authorities the opportunity to obtain measurable outcomes and actionable assessment towards the continuous development of skills, cyber power and improvement of your organizations’ cyber resilience.
Through CYBER RANGES PORTABLE, a CyberDrill can be delivered to accommodate any location requirements (such as an oil rig, a military outpost, or a vessel at sea).
CORPORATE CYBERDRILLS AND TRAINING
CYBER RANGES can be used to address the security training needs of any organization through corporate CyberDrills, and to deliver company-specific, hands-on training scenarios over a highly realistic replica of its live IT, OT, ICS, IoT infrastructure.
CyberDrills are used to assess the organization’s cyber capabilities and cyber resilience at regular intervals while also identifying gaps in specific security skills. Sample scenario types include:
|RED TEAM VS BLUE TEAM||In this organizational scenario type players are divided into two teams, simulating respectively the attackers (red team) and the defenders (blue team). This scenario is ideal for testing and improving the communication and collaboration between an organization’s defence and attack teams.|
|LIVE-FIRE||In this scenario type participants are exposed to live attacks simulating different types of threat actors. The attacks are simulated automatically or live through the CYBER RANGES Injector Engine. This scenario is ideal for testing the detection and response capabilities of the SOC Team or for assessing the organization’s cyber resilience against specific cyber-attacks.|
|CAPTURE-THE-FLAG||This scenario type can be used to assess a wide range of hands-on security skills by targeting different security roles within the organization. Suck key roles being: Penetration Tester, SOC analyst, Malware Analyst, Threat Hunter and more.|
Each Scenario Type can be easily built on the replica of a specific corporate environment in order to train teams for identifying and responding to specific attack vectors.
The following Figure illustrates the typical application of CYBER RANGES CyberDrills in a corporate environment.
A Virtual CyberDrill is an online CyberDrill with no need for a physical venue to hold activities in.
CYBER RANGES is the ideal platform for the delivery of Virtual CyberDrills with a great number of participants, well above the typical industry average of 10-20 participants each time.
HOSTING A VIRTUAL CYBERDRILL ON CYBER RANGES – THE 'MAGNIFICENT 7'
CYBER RANGES HOSTED: for the secure private access to the CyberDrill scenarios and data
Customized Secure CyberDrill Registration Page
Design and development of custom CyberDrill scenarios
Integrated Webinar Technology for the online CyberDrill delivery and Expert Moderator tools
Live interactive experience of Scenarios and hands-on practice of the CyberDrill scenarios
Secure recording of the CyberDrill Sessions for post-delivery playback.
Expert Evaluation Report and Follow-on Consultancy