A Cyber Range is a controlled, interactive technological environment where users can learn and test how to detect and mitigate cyber-attacks using the same equipment they encounter at work. Cyber Ranges can simulate IT systems without burdening existing networks. This increases the technical knowledge of cyber response to attacks.
KPN helps companies and uses this method of testing for its own IT infrastructure. What are the advantages of a Cyber Range and what are the aspects and specialists involved in such an approach?
As the threat of cyber-attacks increases, it becomes increasingly difficult for companies and governments to adequately protect themselves against them. Good staff is in demand and personnel who are not bought off must be constantly trained and kept up to date with current developments. This requires testing and simulating existing or future systems of companies during various burglary scenarios. The use of Cyber Ranges offers a solution here. Cloud computing plays a key role in this, because it offers the possibility to create virtual infrastructures on which Cyber Ranges are based. However, setting up and managing Cyber Ranges is a costly and time-consuming affair. KPN offers companies and organizations support in this area. The company uses Cyber Ranges to test its internal infrastructures, but also deploys them for companies and governments that come to them for a wide variety of issues.
For Mark and Maresa, respectively Team Leader Ethical Hacking and Security Researcher at KPN, cyber-attacks are daily business. As Ethical hacker and KPN RED team member, Mark is mainly testing the internal systems for vulnerabilities, while Maresa does a lot of research and tries to guide external customer questions as best as possible. ‘KPN is embedded in society in many ways because our network is related to many different services that are used by “BV NL”. You could say that in terms of cyber security KPN has a very high degree of maturity, which enables us to focus on exceptions in the critical infrastructure of the Netherlands. If we see irregularities, we report them immediately', says Maresa. ‘If, for example, during an investigation we come across a vulnerability of a large health insurance company, even if they are not our customers at the time, we will of course always report it.’
Internal and external testing is increasingly taking place in a Cyber Range. KPN has set up a lab for this in Utrecht. In this lab, KPN offers a controlled, interactive technological environment, where cyber security specialists, whether in training or not, can learn safely and completely shielded how to detect and mitigate cyber-attacks with the same equipment they use at work. This controlled environment can carry out the most severe attacks on IT infrastructure, networks, software platforms and applications. The underlying infrastructure may consist of a network, storage, computers (servers), switches, routers, firewalls and so on. In some cases, it is built using an open-source platform such as OpenStack.
‘It depends on the customer demand’, says Mark. ‘Suppose a company has a new upgrade, they can safely test it to see what the impact is on the current infrastructure. But it can also be a panic test. In that case, you look at how a department of a company reacts in the event of a major attack. The technique behind Cyber Ranges is not new. Mark: 'We have been doing simulations for years and with the expertise that we have built up, we work with and on technologies of the future. For example, we are testing equipment from vendors that will only be on the market in 1.5 years' time.’ Maresa: 'The way we work now with scenarios that are deployed in the cloud with templates is relatively new. It is faster and more cost-efficient. It allows us to test a lot of different cases.’