Fighting against cyberattacks is at the forefront of many research expeditions, especially regarding critical infrastructures such as power grids and water treatment plants. However, a common issue is not having a way to experiment with attacks in a hands-on way.
“In order to conduct cyberattack/defense experiments for quantitative evaluation, the ideal way would be to utilize the real system infrastructure,” said ADSC Principal Research Scientist Daisuke Mashima. “However, with critical infrastructure, because of the potential negative impact on stability and availability of essential lifeline services, it is almost impossible.”
A second option would be using an isolated testbed using real devices and hardware, but there are limits such as cost and accessibility. "To overcome such challenges virtual, software-based testbed[s] (I.e., cyber range) [have] been attracting interest. However, many [implementations have been] one-off and proprietary, and thus are not available to [the] public,” Mashima said.
Illinois at Singapore (ADSC) is creating a way for researchers to conduct their experiments through a smart grid cyber range. “The project aims at developing a user-friendly, cloud-based framework to help users to instantiate smart grid cyber range and conduct cyber attack experiments with minimal effort,” said Mashima. This testbed would allow training without expensive development and maintenance or in-depth domain knowledge.
“The Cyber Range as a Service (CRaaS) framework to be developed is expected to enhance flexibility, usability, and accessibility of cyber range for broader user base,” said Mashima. As initial deployment, CRaaS is planned to be deployed in cloud-based testbed infrastructure, NCL [National Cybersecurity R&D Laboratory] (https://ncl.sg), and to be shared with multiple users of NCL. Because NCL already has the capability to provision multiple environments for cybersecurity experimentation very quickly and provide simultaneous access to it for a large number of users.
ADSC created the smart grid cyber range modelling language, SG-ML, in addition to a toolchain for processing it. “These are the building blocks for this project, and we will extend the SG-ML framework to establish a novel, additional service for NCL so that users can upload the model to be instantiated on the NCL nodes as well as interact with the cyber range for various experiments,” said Mashima.
They are also developing a way for users to know how hackers operate outside of the lab using a “honeypot.” “...its purpose is to attract real-world attackers into it to collect information about them,” said Mashima. “We plan to use the data collected from our honeypot to develop a cyber-attack emulator tool so that the user of cyber range can easily reproduce real-world cyber-attacks for their experiments.” CRaaS) framework to be developed is expected to enhance flexibility, usability, and accessibility of cyber range for broader user base,” said Mashima.
This research is supported by the National Research Foundation, Singapore (through the National Cybersecurity R&D Lab grant office at the National University of Singapore) via a grant (NCL-2022-01) awarded under the “National Cybersecurity R&D Lab Grant 2021”. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of National Research Foundation, Singapore and the National Cybersecurity R&D Lab grant office at the National University of Singapore.