Analysis of the Implementation of an Interactive Kinetic Cyber

Range Component
Brendan Lawless, Jason Flood and Anthony Keane
Institute of Technology Blanchardstown, Dublin, Ireland
brendan.lawless@itb.ie
jasoneflood@gmail.com
anthony.keane@itb.ie

Abstract: Securing the operational resilience of devices within the Internet of Everything (IOE) requires new and innovative
approaches to cyber threats. One approach is to allow end-users to personally experience the impact of an attack on any IOE
component using a scale model of a personal, corporate or national infrastructure using a Cyber Range. This paper looks at
the implementation of individual Cyber Range components and analyses the methodologies and tools of the attacks on the
components from Cyber Challenge CTF competitions.

Keywords: cyber-range, kinetic, analysis, cyber, attack

1. Introduction
To enable the measuring of the realistic impact from new technologies on an existing network Cyber Ranges
have started being developed around the world. This idea allows for the creation of scale model of entire city
deployments or large-scale corporate networks or even a scale model of the internet in which Cyber
Defenders can hone their tool kits and experience in a safe and realistic environment. This allows for the testing
of new products in a safe trusted environment which can simulate what the product or device may have to face
when it joins the internet. It is the intention of this paper to analyse the attack vectors an implemented Cyber-
Range component might face by examining the documented results of recent cyber researchers data and to
draw conclusions on how to better these devices for the purpose of better educating future Cyber Defenders.

Analysing the threats that were encountered during a recent CTF (Capture the Flag) tournament and assessing
the volume of attacks, and the approach of the Cyber Attackers during the CTF. Cyber Attackers man possess a
broad set of abilities which enables these results to shed light onto what a Cyber Range component will need to
be capable of facing to survive and be of educational benefit in a Cyber Range. While it does indicate what a
Cyber Range Component will need for its initial defence, initial analysis of these results demonstrates the
approach and most common tactics in use by the average attacker which can be harnessed and used to create
predictions around the likelihood of a breach for a specific Cyber Range component based on the technology it
utilises, for example if it relies on a common technology like ssh for communication, this would be detected
by an attacker at the early stages of their investigations with each component on a Cyber Range.

Finally this research looks at how this analysis will affect our future work on Cyber Ranges and how this analysis
will be used strategically to improve the Cyber Range as a platform for training Cyber Defenders in a genuine
and challenging way.

2. The need for cyber ranges

At a government level there is recognition with the need for cyber ranges. There are a number of cyber ranges
in the USA, it is the intention of DARPA to create a scale model version of the internet with the National Cyber
Range they are constructing, the project is described as costing at least $500m (DARPA 2015). The advantage
of constructing this government funded cyber range is to test new devices and products in a real world style
setting that is still safe. There is also a cyber range in Michigan created by a non-profit organisation, which utilizes
red team versus blue team exercises to educate its user on how to effectively defend against cyber attacks
(Graubart, R., & Heinbockel, W. 2013). This range is used by government and civilian groups alike to up skill in
security and current threats.

At an educational level a third US cyber range created in partnership between the Hawaii Department of Defence
and the University of Hawaii (Pooihe Cyber Security Exercise 2014) which enabled for training of industry
members and the government alike, as well as students at the facility. This last US cyber range to be discussed
is an example of how utilising a cyber range not only grants the ability to test a new products against potential

389