Using an emulation testbed for operational cyber security exercises

The detection, coordination and response capabilities of Critical Infrastructure (CI) operators, e.g., Network Service Providers, are the main factors that will determine the impact of disruptions to the economy and society during a contingency. Therefore, the execution of operational cyber security exercises is an integral part of preparedness activities. In this paper, our starting point is the hypothesis that emulation testbeds, e.g. based on the Emulab software, could be used as a platform to conduct operational multi-party cyber-exercises. We re¿ne this idea by investigating how an Emulab-based testbed can be adapted to meet the requirements for such operational exercises and human-in-the-loop testing. We present our experiences and proposals towards three directions: a) enabling the use of voice communication during exercises by simulating a PSTN network; b) support for secure access of multiple and remote participants; c) provision of an automated and feature-rich monitoring interface. Furthermore we discuss as a use case a very simple exercise scenario involving a BGP man-in-the-middle attack. Such exercises could be very informative about the actions taken by the human operators in the case of security incidents, typical response times, level of coordination needed etc. Our experiences indicate that both at a theoretical and practical level, the use of emulation testbeds for the execution of operational multi-party cyber-exercises is a very promising approach that deserves further investigation.

PEREZ GARCIA Andres;  SIATERLIS Christos;  MASERA Marcelo; 

2011-11-30

Springer

JRC63500

https://publications.jrc.ec.europa.eu/repository/handle/JRC63500,   

10.1007/978-3-642-24864-1_13,