Next-Generation Cooperative Cyber Range

The outcome should contribute to:

• Reduce dependencies on non-European suppliers by boosting the EDTIB and promoting the development of a European solution.
• Strategic autonomy of EDTIB in the area of cooperative cyber ranges.
  • Fostering the technological cooperation of industries in the field of cooperative cyber ranges.
• Interoperability of EU Member States and EDF Associated Countries Armed Forces:
  • In the area of cyber defence for cyber mission planning and execution, including through the use of classified information and high-fidelity simulations such as digital twins within the training process;
  • Between civil and military actors;
  • Common requirements and harmonisation of capability development.

Cyber range technologies have seen notable uptake over the last decade. They form a cornerstone of cyber defence training and testing. The objective of this topic is to take further the ongoing cyber range technology roadmap by designing and implementing next-generation solutions. The key consideration is on the cooperative approach in developing and using those cyber range technologies, thereby facilitating joint capability development.

Technological investments and developments have so far mostly focused on various fundamental needs such as visualisation, scoring, realistic scenarios, and federation. Separate mature technological building blocks exist in modern cyber and IT solutions. However, these developments have yet to be consolidated into the context of cyber ranges for defence purposes, in a manner such as the PESCO project Cyber Ranges Federation.

Specific objective

This topic aims to address the remaining challenge on design and development of solutions that deliver notable progress vis-à-vis the current state-of-the-art, including in view of wider technology landscape. This means that focus has to shift from creating cyber ranges that fulfil basic needs to cyber ranges that target next-level capability requirements. Therefore, the specific objective is about the use of cyber ranges for trainings and exercises. The proposed solutions, however, can benefit also other cyber range use-cases such as product development and penetration testing. Therefore, considerations of such use-cases may be taken into account for developing the solutions.

The next-generation cooperative cyber range capability must address at least the following issues:

1. 1. Set up of trainings and exercises with classified information, especially for cross-border exercises by EU Member States and EDF Associated Countries.

Although the use of classified information in national exercises and trainings is not a new phenomenon, it is, firstly, still absent from the capabilities of many nations and, secondly, there is no existing solution that offers an EU-wide, cross-border classified capability. Such a capability could help various countries in using this functionality which they otherwise would not be able to use and it would provide a currently unavailable solution to conducting exercises across nations, including for topics such as information sharing and ensuring confidentiality of related data. This would also benefit the EU’s military structure, e.g., EU Military Staff, European Defence Agency and others.

Moreover, such a capability can be used by nations internally, e.g., for its different security agencies both in defence and national security to increase interoperability.

1. 1. Set up of trainings and exercises covering the entire chain of cyber defence operations from planning through conduct up to review, including by utilising realistic mission networks.

Most large-scale technical cyber exercises that are currently conducted do not sufficiently cover all relevant aspects of cyberspace operations. While such aspects are sometimes covered in non-technical exercises, these tend to not sufficiently well incorporate technical cyber defence teams. As a result, truly comprehensive and effective exercises are difficult to deliver.

The aspects that surround these technical activities (e.g., operation planning, legal considerations) and which complement incident management (e.g., intelligence activities) require different scenarios and different technical exercise environments in comparison to existing capabilities. The latter also includes the challenge of creating realistic federated mission networks for training purposes.

Key aspects in this entire chain are also the analysis of the performance of the cyber operators and the scoring of cyber security situational awareness.

1. 1. Leveraging Artificial Intelligence throughout the delivery of trainings and exercises (e.g., for Blue, Red, White and Green Teams)

The use of AI in different phases and parts of cyber exercises and trainings has been researched and developed to an extent. This includes, for example, AI-based scenario generation, and AI-based Red/Blue Teams with hybrid skills (human + AI-based attack/defend strategies (developed in different private companies). AI also plays a pivotal role in generating comprehensive situational awareness for the development of realistic federated missions.

In the area of federated missions, which employ multiple teams operating from different locations, AI technologies could help to identify the operational deficiencies within each team member, informing subsequent training customisation and generating tailored scenarios.

It is clear that AI can assist in these and in other parts of cyber capability development. The proposals are expected to provide AI-based solutions that target all major parts of cyber exercise and training delivery, as well as AI-based solutions for the performance evaluation of the trainees using the hybrid skills.

1. 1. Set up of trainings and exercises that leverage the concept of digital twins.

Digital twins as a concept has a long history. The use of such solutions in cyber exercises has also been targeted previously but not with results that have been sufficiently persistent or useful. Therefore, the challenge remains on developing digital twins or other high-fidelity simulations that have a reasonable cost-effectiveness – given that a common dilemma in such simulations is finding a balance between cost of creating such digital copies and the learning impact that those simulations can offer on top of more standardised ways for IT/OT system and network simulations. One possible avenue for successful balancing of these requirements may be witnessed in the space domain, given its increased need for simulations and testing.

1. 1. Develop or facilitate a framework for accreditation of training centres and personnel skill levels.

The solutions should include a proposal on how to establish certified practices for accreditation of training centres (cyber ranges) and skill levels (personal and team certificates). The solution should take into account EU-wide accreditation schemes. However, these should allow for national specificities. Where possible, existing standards, such as relevant NATO practices, should be used.

1. 1. Cross-cutting items

All solutions must address the challenge of sharing and pooling cyber range capabilities in a coordinated manner between cyber range providers. This challenge may be best addressed by using and enhancing existing initiatives and projects. Moreover, this sharing and pooling can be demonstrated, for example, via the implementation of the project’s solutions in different cyber ranges through federation. If federation as an approach is used, it is expected that the proposals also cover the business and management side of the federation. This could, for example, formalise in the development of model cooperation agreements that mimic actual needs and have been developed with processes similar to actual processes (twin environments).

Where existing or new cyber range and cyber exercise standards (e.g., for scenario development and game net creation) are covered, the proposal must address the challenge of achieving a wide user-based of the standard. Proposing the use of any such standards without clearly addressing the way forward may invalidate the whole part of the proposal related to such standards because the success of a standard is as much dependent on the community as the standard’s actual content.

Types of activities

The following table lists the types of activities which are eligible for this topic, and whether they are mandatory or optional (see Article 10(3) EDF Regulation):

Accordingly, the proposals must cover at least the following tasks as part of the mandatory activities:

• Studies:
  • Identification of additional challenge(s) with a comparable level of complexity as those specifically listed above (scope, items 1-6).
  • Definition of capability statements for the solutions to all of the items in the scope (1-6).
  • Assessment of the feasibility of achieving the capability as per the capability statements.
  • Based on the feasibility assessment, definition of the most appropriate technical requirements for the solutions.
• Design:
  • Design of the solutions for each of the listed items in the scope (1-6).
• System prototyping:
  • Development of one or more system prototypes for each of the solution that target the items in the scope (1-6).
• Testing:
  • Testing of all of the prototypes developed under system prototyping.
  • Testing of one or more system prototypes at least in:
    • One new live-fire cyber demonstration with 3 or more EU Member states/EDF Associated Countries, organised by the consortium
    • One existing live-fire cyber demonstration with 3 or more EU Member states/EDF Associated Countries (e.g., in an exercise that is part of a series where at least one exercise has been held and where the exercises are held irrespective of the current topic).
• Qualification:
  • Qualification of the system, systems or system components for one or more of the system prototypes;

In addition, the proposals should cover at least the following tasks:

• Studies:
  • A supply chain analysis in the area of cooperative cyber range technologies, addressing critical dependencies for the EDTIB.
• Design:
  • Design of the solutions to items relevant for future cyber ranges beyond the mandatory items stated in the scope and in the mandatory tasks.
• Prototyping:
  • One or more prototypes of the designs to items relevant for future cyber ranges beyond the mandatory tasks.
• Testing:
  • Testing of the prototypes beyond the mandatory tasks in at least one live-fire cyber exercise.
• Certification:
  • Certification of the system, systems or system components which are used for the purpose of using classified information.
  • Certification of the system, systems or system components which are used for the purpose of delivering complete cyber operations trainings and exercises. Also, a proposal for accreditation schemes both for training centres and personal certificates (on skill) should be included.

The proposals may cover at least the following tasks:

• Qualification:
  • Qualification of any systems beyond the mandatory tasks.
• Certification, with the meaning of Validation, Verification & Evaluation (VV&E):
  • VV&E of the system, systems or system components which are used for the purpose of leveraging the concept of digital twins.
  • VV&E of the system, systems or system components which are used for the purpose of leveraging AI.
  • VV&E of system prototypes designed and delivered beyond the mandatory tasks.

The proposals should substantiate synergies and complementarities with foreseen, ongoing or completed activities, notably those described in the call topic EDF-2021-CYBER-D-IECTE on Improved efficiency of cyber trainings and exercises, as well as with activities conducted under Horizon Europe (e.g., DIGITAL-ECCC-2022-CYBER-03-CYBER-RESILIENCE).

Moreover:

• projects addressing activities referred to in point (d) above must be based on harmonised defence capability requirements jointly agreed by at least two Member States or EDF associated countries (or, if studies within the meaning of point (c) are still needed to define the requirements, at least on the joint intent to agree on them)
• projects addressing activities referred to in points (e) to (h) above, must be:
  • supported by at least two Member States or EDF associated countries that intend to procure the final product or use the technology in a coordinated manner, including through joint procurement

and

• • based on common technical specifications jointly agreed by the Member States or EDF associated countries that are to co-finance the action or that intend to jointly procure the final product or to jointly use the technology (or, if design within the meaning of point (d) is still needed to define the specifications, at least on the joint intent to agree on them).

For more information, please check section 6.

Functional requirements

The proposed solutions and technologies should meet the following functional requirements in support of cyber ranges capabilities:

• The proposal should meet the common requirements for next generation cooperative cyber range as defined by supporting armed forces.
• The proposal should enable use of classified information.
• The proposal should provide a complete cyber operations trainings and exercises environment.
• The proposal should be able to measure the performance of the cyber operators, as well as to allow for the scoring of cyber security situational awareness.
• The proposal should, by leveraging AI enabled technologies:
  • Be able to identify operational lacks within each team member before the organisation of the training exercise.
  • Be able to enrich the training environment by the use of Green/White/Blue/Red teams with features such as hybrid skills (human + AI), game net components, environment enriching user simulation, dynamic amendments of training deliveries, etc.
  • Be able to provide performance evaluation of the trainees using the hybrid skills;
• The proposal should leverage digital twins (may include cyber physical elements), as part of the realistic federated missions to be defined in the different trainings, enabling red teams with AI-based tools to attack the digital asset and blue teams with AI-based tools to defend the digital asset.
• The proposal should enable federating cyber ranges through:
  • Standard solutions to all challenges, which should contain functionalities for sharing and pooling of resources and federation of cyber ranges. For example, through concepts methods, tools, and standards such as HLA^[1], or as developed in the context of the call EDF-2021-CYBER-D-IECTE.

[1]