Do you need a cyber range? The KYPO Cyber Range Platform is now available for free
Yes, it is true. We release the KYPO Cyber Range Platform (KYPO CRP) as open-source software to help develop cybersecurity skills in Europe. This activity aims to help solve the problem of many lacking cybersecurity experts by providing a platform for training, development, and execution. The release of an open-source cyber range is part of CONCORDIA strategy to build the European Trusted, Secure and Resilient Ecosystem for Digital Sovereignty of Europe.
KYPO Cyber Range Platform in a Nutshell
Masaryk University has been developing KYPO Cyber Range platform since 2013. The platform builds on several years of experience using cyber ranges in education, training and cyber defense exercises, including Czech technical cybersecurity exercises – the Cyber Czech, which were organized in cooperation with the Czech National Cyber and Information Security Agency (NCISA). The platform has been already used for teaching students in several courses at the Masaryk University and for training of cybersecurity professionals from the energy sector.
KYPO CRP is entirely based on state-of-the-art approaches such as containers, infrastructures as code, microservices, and open-source software, including cloud provider technology – OpenStack.
With practical applications in mind, we emphasized repeatability, scalability, automation, and interoperability to minimize human tasks and make cyber trainings affordable and cost-efficient. We also focused on remote access to the cyber range platform, so it is possible to complete the training from anywhere in the world.
The modern, cloud-based approach brings one more important advantage. It is possible to start with only one server for testing and then grow up to tens or hundreds of servers. You can also utilize your hardware to the maximum, and the cyber range platform can host as many instances of the different types of content as the cloud environment can handle.
KYPO CRP uses the same open approach for the content as for its architecture to encourage creating a community of trainers and supporting the sharing of training building blocks. For that reason, virtual machines, networks, and trainings are entirely defined in human-readable data-serialization languages or use open-source software to build virtual machines and describing machine content.
What Does it Mean for Your Organization?
The most important thing first, you can have your cyber range for teaching or training cybersecurity professionals for free. Of course, you have to have someone who will deploy the whole platform or ask us for help. After that, you can focus only on developing your trainings and delivering them to your audience. If you decide to share your content with others or help us develop the platform, we will be more than happy.
We had an open approach in mind, and our range is open-source under the MIT license, so you can customize the cyber range or develop parts you need just for your organization. As we all know, content is the most important part of the cyber range, and its development consumes a considerable amount of time. For this reason, the content for our cyber range platform is also based on open technologies and format, so you can use parts developed by others or share yours.
What Does It Mean for Europe?
European Cybersecurity Strategy for Shaping Europe’s digital future states that we need more cybersecurity experts. “We can only ensure digital security if we have experts with the right knowledge and skills, and there are currently not enough.” [1]
Cyber ranges are a suitable tool for education of future cybersecurity experts. They can be used for many learners and they are focused on practice. Hands-on approach in cybersecurity education provides invaluable experience to learners because it is simply not possible to learn cybersecurity only from books.
Not all universities and organizations can afford to develop or purchase their own cyber range. In this context, the impact of the open-source cyber range can be significant for activities in cybersecurity education. Removing the high cost of most cyber-range solutions enables the development of hands-on cybersecurity training, which can help close the skills gap that is getting wider every year[2].
Delivering of the open-source cyber range is part of CONCORDIA mission of the integration of Europe’s cybersecurity competencies into the network of expertise to build the European secure, resilient and trusted ecosystem for Digital Sovereignty in Europe.
Conclusion
We believe that open-source cyber range platform is significant to make hands-on cybersecurity education widely available for universities and businesses in Europe. Simply because open infrastructure, open data, and open training formats give a better chance of creating content. The community around the platform can exchange content or building blocks to improve training and make them more available. You can be part of it!
(By Jakub Čegan, Masaryk University)
References