The CONCORDIA H2020 project releases the KYPO Cyber Range Platform (KYPO CRP) as open source. This activity aims to help solve the problem of many lacking cybersecurity experts by providing a platform for training, development, and execution. The release of an open-source cyber range is part of CONCORDIA strategy to build the European Trusted, Secure and Resilient Ecosystem for Digital Sovereignty of Europe.
KYPO Cyber Range Platform in a nutshell
Masaryk University has been developing KYPO Cyber Range platform since 2013. The platform builds on several years of experience using cyber ranges in education, training, and cyber defense exercises, including Czech technical cybersecurity exercises – the Cyber Czech, which were organized in cooperation with the Czech National Cyber and Information Security Agency (NCISA). The platform has been already used for teaching students in several courses at the Masaryk University and for training of cybersecurity professionals from the energy sector.
KYPO CRP is based on modern approaches such as containers, infrastructure as code (IaC), microservices, and open–source software, including its cloud provider technology – OpenStack.
With practical applications in mind, we emphasized repeatability, scalability, automation, and interoperability to minimize human intervention and make cyber trainings affordable and cost-efficient. We also focused on remote access to the cyber range platform, so it is possible to complete the training from anywhere in the world.
Being based on cloud the platform is highly scalable and it can operate from one server for testing to hundreds of servers depending on the needs. You can also utilize your hardware in more effective way, and the cyber range platform can host as many instances of the different types of content as the cloud environment can handle.
KYPO CRP uses the same open approach for the content as for its architecture to encourage creating a community of trainers and supporting the sharing of training building blocks. For that reason, virtual machines, networks, and trainings are entirely defined in human-readable data-serialization languages or use open-source software to build virtual machines and describing machine content.
What does it mean for Europe?
European Cybersecurity Strategy for Shaping Europe’s digital future states that we need more cybersecurity experts. “We can only ensure digital security if we have experts with the right knowledge and skills, and there are currently not enough.”
Cyber ranges are a suitable tool for education of future cybersecurity experts. Hands-on approach in cybersecurity education provides invaluable experience to learners and complements their theoretical background in cybersecurity topics.
Not all universities and organizations can afford to develop or purchase their own cyber range. In this context, the impact of the open-source cyber range can be significant for supporting cybersecurity education. Removing the high cost of most cyber range solutions enables the development of hands-on cybersecurity training, which can help close the skills gap that is getting wider every year.
What does it mean for organizations?
Every organization will be able to deploy a cyber range for teaching or training cybersecurity professionals for free. They can then focus on developing trainings and delivering them to their audience.
KYPO CRP is open source under the MIT license, which means that organizations can customize the cyber range or extend it for their needs.
The most important part of the cyber range is the content. Content development consumes a considerable amount of time. For this reason, the content for our cyber range platform is also based on open technologies and format, so organizations can reuse parts developed by others and/or share their own with the community.
CONCORDIA approach to cyber ranges
CONCORDIA’s approach to cyber ranges is based on cooperation through creating the content ecosystem rather than creating tight integration of cyber ranges. Content is also the most crucial part of the cyber range itself. Currently, these approaches are applied inside the consortium. CONCORDIA also promotes these approaches together with the idea of the open-source cyber range and open content format in CCN’s Cyber Range Focus Group.
CONCORDIA will provide an open-source cyber range platform, so all consortium partners can use it to develop and run content for cybersecurity education. CONCORDIA will also offer an open format for sharing the content, so it is easy to share it around the consortium.
Delivering of such an open-source cyber range is part of CONCORDIA mission towards the integration of Europe’s cybersecurity competencies into the network of expertise to build the European Trusted, Secure and Resilient Ecosystem for Digital Sovereignty in Europe.
We believe that with KYPO CONCORDIA is providing a significant contribution the cybersecurity community. Open-source cyber range makes hands-on cybersecurity education widely available for universities and organizations in Europe, as this is based on open infrastructure, open data, and open training formats, which provide a better chance of creating content. Furthermore, it can play the role of the basic instrument to form a new community around the platform that will exchange content and/or building blocks to improve training scenarios and make them reusable and available to everyone.