Federated infrastructure: Hands-on-Labs and Cyberranges
7th Feb 2021
On its way to Europe’s Digital Strategic Autonomy, the EU highlights the need to establish a Cybersecurity Competence Network (CCN) that covers public and private sectors, all member states, their critical infrastructures, and their value chains. SPARTA is one of the European Pilots designed to explore, test, and validate the most suitable approaches to establish and maintain such a network.
One of the main pillars of the CCN is to be able to have a high-performance infrastructure with which to interact. One main challenge is to maintain sufficient technical resources to solve complex problems, allowing access to unique assets for experimentation, learning and training with the breadth and depth required by the technological development of cybersecurity solutions.
All the infrastructure proposed by SPARTA is based on the establishment of a distributed assets network (Joint Competence Centre Infrastructure) that, being managed, operated and updated by the members of the network, can offer the most appropriate solutions to each problem. Access to the available computing infrastructure is no exception and can also be offered through JCCI [1], using the IaaS philosophy (Infrastructure as a Service).
The SPARTA network of Partners and Associates makes available to end users, by this way, a set of machines and networks that present particular use cases on which they can interact with some freedom. The two main objectives pursued by this type of resource is to facilitate the execution of Hands-on-labs to learn and experiment with a certain type of equipment, methodology, cyberattack or countermeasure, as well as performing training exercises in a Cyber Range format [2] [3].
Interactive access to this equipment can be offered in different flavors and degrees of integration with the common infrastructure, from the publication of an endpoint that allows customized secure connections (SSH or VPN) that will be negotiated outside the system, to total integration with JCCI authentication and authorization modules [4]. In this last case, the system allows dynamic access control based on roles and temporary privileges to be applied over the web and using single sign on in the federated infrastructure. In addition, when the situation requires it, and as long as the asset managers make it possible, it will be possible to carry out experiments or shared scenarios between more than one organization using VPN tunnels.
In this way, a federated and totally decentralized network is obtained which makes available to end users a large amount of specific equipment, either physical or virtual, to carry out and validate technological developments. This philosophy is aligned with and supports the European initiative of European Digital Innovation Hubs (e-DIH), since it is prepared to integrate with them through membership as a partner or associate, following the SPARTA CCN approach.
[1] Gemalto, “Digital identity - 5 forces that shape 2019-2020,” 2019. [Online]. Available: https://www.gemalto.com/govt/identity/digital-identity-services/trends.
[2] Deloitte, “Introduction to Cyber War Games”, 2914. [Online]. Available:
https://deloitte.wsj.com/cio/2014/09/22/an-introduction-to-cyber-war-games/
[3] CCDCOE, “Cyber defence exercises” [Online]. Available:
http://ccdcoe.org/event/cyber-defence-exercises.html
[4] I. E. T. F. (IETF), “OAuth.” [Online]. Available: