SCALABLE has invested over 20 years in the development and evolution of its network digital twin technology. Our comprehensive cybersecurity training platform, Network Defense Trainer (NDT) is a live-virtual-constructive (LVC) system for implementing sophisticated cyber range environments used to train all types of cyber warriors. Our LVC system allows professionals to gain cyber security training in a hyper-realistic emulation environment. Unlike most cyber ranges, which use interconnected virtual machines running various operating systems and applications to replicate a live environment, our NDT system leverages a true virtual network model that accurately emulates a distributed network system. Both live and virtual hosts can be connected to the virtual network model, and the system can be federated with other training simulators to create powerful training solutions.
SCALABLE’s NDT connects to both live and simulated hosts to create the most realistic training environment possible and is fully compatible with classical domain training exercises. The NDT exercise controller can combine live, virtual, and constructive elements into their scenario, which then offers integrated cyber-warfare effects. NDT simultaneously simulates the network and environments, runs live net-centric applications and cyber-attacks, and integrates with LVC components, yielding the most powerful and high-fidelity training simulation possible.
Additionally, a gateway permits other training systems to participate in the cyber training exercise using HLA or DIS. Potential links might include air traffic control, flight training, kinetic battlefield simulation, and similar constructive simulations, which provide advanced behavioral modeling for friendly and hostile entities. These constructed entities communicate directly over the emulated network and are subject to actual network dynamics, increasing the scenario’s realism.
NDT training scenarios account for actual network vulnerabilities, and they accurately simulate the broad impacts of a cyberattack. The standard NDT includes high-fidelity cybermodels for:
- Network security
- Port and network scanning
- Denial of Service
- Stimulate Intrusion Detection System
- Signals Intelligence
- O/S resource models
- Vulnerability exploitation
- Virus attacks
- Worm and virus propagation
- Backdoors, rootkits
- Host models
- Security logs and audit trails
- Coordinated attacks
- Adaptive attacks
NDT also integrates with other trainers and simulators, which can extend training scenarios further. These features allow for hyper-realistic simulations and industry-leading cyber awareness training.
SCALABLE’s NDT also offers unmatched reporting and analysis capabilities. The system records all trainee actions during the session, which can be reviewed for actionable feedback on performance allowing network professionals to gain critical insights into attack preparedness, and trainees to receive personalized feedback about how to improve.
Cyber-Attacks and “The Mission”
Cyber security training for any “mission”, whether it is keeping a bank’s website operational, running an airline operations center, or a fielding a military exercise, must be as realistic as possible in order to avoid “negative training” – that is, learning behavior or procedures that are actually ineffective in the real environment. In cyber defense training, this translates to having the behavior of the systems under cyber-attack perform in a repeatable manner consistent with how they would in the real world.
Hardware-based or VM-based cyber ranges which replicate information systems are limited in scale, costly, and time-consuming to configure. These ranges have little or no capability to simulate wireless networks with their inherent vulnerabilities. They also do not integrate the impact of a cyber-attack into an overall mission which is essential for realistic mission rehearsal.
SCALABLE’s Network Defense Trainer addresses all of these shortcomings with a new, unique approach to cyber defense. Our tools will enable your security team to develop a full cyber assessment of how prepared your organization is for cyber attacks.
- Kinetic and non-kinetic in the same space
- Integrated LVC + cyber training
- Use real system and train to recognize cyber-attacks
- Work through a degraded cyber environment
NDT in Action
During a training session, trainees work together to accomplish a singular mission. This mission can be almost anything: keeping a bank’s website operational, running an airline operations center, or fielding a military exercise, for instance. The key is to use a realistic scenario and to reinforce realistic, favorable responses.
Role players may be assigned to either red or blue stations. Red players use real or simulated malware and exploitations to attack the virtual network and the connected live components. At the same time, blue players use their standard tools and stations to defend against the attack while working toward their mission. Trainees can also work at live systems or from other simulators, depending on your scenario’s needs.
The exercise controller can review all of these stations in real-time to monitor responses. The controller can also playback individual trainee responses and generate detailed performance reports after the simulation has ended. As a result, trainees receive targeted feedback that accounts for real-world variables, maximizing the effectiveness of their training.
Advantage of Network Digital Twins for Training
Network Defense Trainer provides trainees with the opportunity to apply knowledge in realistic, stressful situations in a high fidelity synthetic environment. The system provides cyber security training for situational awareness and rapid correct responses and will reinforce lessons learned with After Action Reviews that show trainees and observers what actually happened and why. NDT offers these unique advantages to the trainee:
- Effectively represent mobile wireless equipment and applications (and the vulnerabilities they include) as they interoperate with wired backbone network infrastructure and fixed computing systems
- Accurately model the information transport fabric between servers and end-point systems in high fidelity to better demonstrate the effects of cyber-attacks
- Seamlessly integrate (federate) with other training systems such as air traffic control, flight training, and kinetic battlefield simulators
Management workstations can be any type of host that supports standard web browsers (such as Firefox, Chrome, Safari, IE, etc.). The various management functions include:
- Exercise Preparation allows the creation, modification, or selection of Lesson Plans, mission scenarios, network configurations, cyber-attacks, device mapping, role and trainee assignments, and sides and teams.
- Exercise Control is used to load and unload an exercise, control federation execution, freeze and unfreeze, launch cyber-attacks, take snapshots during the exercise and restore them (in case a trainee made an unrecoverable mistake), and communicate with trainees using chat and VoIP.
- The Cyber Operating Picture gives an indication of the state of the network and devices and can be used to launch cyber-attacks. An example is shown below.
- Performance Evaluation keeps track of trainees’ progress. The launching of attacks is logged, and trainee’s responses (views, keystrokes, clicks, and communication with others) are logged along with response times, to assist with scoring. It maintains databases of trainees and the exercises they have completed along with their scores.
- After Action Review plays back any player’s screenshots (“perceived truth”) and actions on a timeline with attacks, other players’ views, and the actual state of the network (the “ground truth”). An example screenshot is shown below.
Features & Outcomes
With NDT, trainees at every level of your company learn how to use their actual tools to react to a realistic cyberattack. The training is fast-paced to represent an actual attack, which helps employees hone their reaction time and practice correct actions in real-time. A typical NDT simulation requires trainees to:
- Detecting that something is going wrong with the network
- Quickly diagnose the problem
- Contain the attack (cyber for cyber)
- Take appropriate counter measures (cyber for cyber)
- Modify operations and accomplish mission (cyber for others)
- Review their performance and adjust for missteps
Key Management Features
- Create lesson plans, mission scenarios, network configurations, cyber-attacks, device mapping, role and trainee assignments, and sides and teams.
- Draw on a robust network of cyber models to represent wired and wireless network environments, a wide array of realistic cyberattacks, and key variables such as security systems and antivirus programs.
- Monitor network functioning in real-time throughout the simulation.
- Assess trainee’s views, keystrokes, clicks, and communications alongside response times and relevant scenario data.
- Review trainees’ perception of the network state against the attack timeline using After Action Review.
- Generate thorough performance reports based on critical metrics.