Objective:
Cyber range technologies have seen notable uptake over the last decade. They form a cornerstone of cyber defence training and testing. The objective of this topic is to take further the ongoing cyber range technology roadmap by designing and implementing next-generation solutions. The key consideration is on the cooperative approach in developing and using those cyber range technologies, thereby facilitating joint capability development.
Technological investments and developments have so far mostly focused on various fundamental needs such as visualisation, scoring, realistic scenarios, and federation. Separate mature technological building blocks exist in modern cyber and IT solutions. However, these developments have yet to be consolidated into the context of cyber ranges for defence purposes, in a manner such as the PESCO project Cyber Ranges Federation.
Specific objective
This topic aims to address the remaining challenge on design and development of solutions that deliver notable progress vis-à-vis the current state-of-the-art, including in view of wider technology landscape. This means that focus has to shift from creating cyber ranges that fulfil basic needs to cyber ranges that target next-level capability requirements. Therefore, the specific objective is about the use of cyber ranges for trainings and exercises. The proposed solutions, however, can benefit also other cyber range use-cases such as product development and penetration testing. Therefore, considerations of such use-cases may be taken into account for developing the solutions.
Scope:The next-generation cooperative cyber range capability must address at least the following issues:
Although the use of classified information in national exercises and trainings is not a new phenomenon, it is, firstly, still absent from the capabilities of many nations and, secondly, there is no existing solution that offers an EU-wide, cross-border classified capability. Such a capability could help various countries in using this functionality which they otherwise would not be able to use and it would provide a currently unavailable solution to conducting exercises across nations, including for topics such as information sharing and ensuring confidentiality of related data. This would also benefit the EU’s military structure, e.g., EU Military Staff, European Defence Agency and others.
Moreover, such a capability can be used by nations internally, e.g., for its different security agencies both in defence and national security to increase interoperability.
Most large-scale technical cyber exercises that are currently conducted do not sufficiently cover all relevant aspects of cyberspace operations. While such aspects are sometimes covered in non-technical exercises, these tend to not sufficiently well incorporate technical cyber defence teams. As a result, truly comprehensive and effective exercises are difficult to deliver.
The aspects that surround these technical activities (e.g., operation planning, legal considerations) and which complement incident management (e.g., intelligence activities) require different scenarios and different technical exercise environments in comparison to existing capabilities. The latter also includes the challenge of creating realistic federated mission networks for training purposes.
Key aspects in this entire chain are also the analysis of the performance of the cyber operators and the scoring of cyber security situational awareness.
The use of AI in different phases and parts of cyber exercises and trainings has been researched and developed to an extent. This includes, for example, AI-based scenario generation, and AI-based Red/Blue Teams with hybrid skills (human + AI-based attack/defend strategies (developed in different private companies). AI also plays a pivotal role in generating comprehensive situational awareness for the development of realistic federated missions.
In the area of federated missions, which employ multiple teams operating from different locations, AI technologies could help to identify the operational deficiencies within each team member, informing subsequent training customisation and generating tailored scenarios.
It is clear that AI can assist in these and in other parts of cyber capability development. The proposals are expected to provide AI-based solutions that target all major parts of cyber exercise and training delivery, as well as AI-based solutions for the performance evaluation of the trainees using the hybrid skills.
Digital twins as a concept has a long history. The use of such solutions in cyber exercises has also been targeted previously but not with results that have been sufficiently persistent or useful. Therefore, the challenge remains on developing digital twins or other high-fidelity simulations that have a reasonable cost-effectiveness – given that a common dilemma in such simulations is finding a balance between cost of creating such digital copies and the learning impact that those simulations can offer on top of more standardised ways for IT/OT system and network simulations. One possible avenue for successful balancing of these requirements may be witnessed in the space domain, given its increased need for simulations and testing.
The solutions should include a proposal on how to establish certified practices for accreditation of training centres (cyber ranges) and skill levels (personal and team certificates). The solution should take into account EU-wide accreditation schemes. However, these should allow for national specificities. Where possible, existing standards, such as relevant NATO practices, should be used.
All solutions must address the challenge of sharing and pooling cyber range capabilities in a coordinated manner between cyber range providers. This challenge may be best addressed by using and enhancing existing initiatives and projects. Moreover, this sharing and pooling can be demonstrated, for example, via the implementation of the project’s solutions in different cyber ranges through federation. If federation as an approach is used, it is expected that the proposals also cover the business and management side of the federation. This could, for example, formalise in the development of model cooperation agreements that mimic actual needs and have been developed with processes similar to actual processes (twin environments).
Where existing or new cyber range and cyber exercise standards (e.g., for scenario development and game net creation) are covered, the proposal must address the challenge of achieving a wide user-based of the standard. Proposing the use of any such standards without clearly addressing the way forward may invalidate the whole part of the proposal related to such standards because the success of a standard is as much dependent on the community as the standard’s actual content.
Types of activities
The following table lists the types of activities which are eligible for this topic, and whether they are mandatory or optional (see Article 10(3) EDF Regulation):
Types of activities (art 10(3) EDF Regulation) | Eligible? | |
(a) | Activities that aim to create, underpin and improve knowledge, products and technologies, including disruptive technologies, which can achieve significant effects in the area of defence (generating knowledge) | No |
(b) | Activities that aim to increase interoperability and resilience, including secured production and exchange of data, to master critical defence technologies, to strengthen the security of supply or to enable the effective exploitation of results for defence products and technologies (integrating knowledge) | Yes(optional) |
(c) | Studies, such as feasibility studies to explore the feasibility of new or upgraded products, technologies, processes, services and solutions | Yes(mandatory) |
(d) | Design of a defence product, tangible or intangible component or technology as well as the definition of the technical specifications on which such a design has been developed, including any partial test for risk reduction in an industrial or representative environment | Yes(mandatory) |
(e) | System prototyping of a defence product, tangible or intangible component or technology | Yes(mandatory) |
(f) | Testing of a defence product, tangible or intangible component or technology | Yes(mandatory) |
(g) | Qualification of a defence product, tangible or intangible component or technology | Yes(mandatory) |
(h) | Certification of a defence product, tangible or intangible component or technology | Yes(optional) |
(i) | Development of technologies or assets increasing efficiency across the life cycle of defence products and technologies | Yes(optional) |
Accordingly, the proposals must cover at least the following tasks as part of the mandatory activities:
In addition, the proposals should cover at least the following tasks:
The proposals may cover at least the following tasks:
The proposals should substantiate synergies and complementarities with foreseen, ongoing or completed activities, notably those described in the call topic EDF-2021-CYBER-D-IECTE on Improved efficiency of cyber trainings and exercises, as well as with activities conducted under Horizon Europe (e.g., DIGITAL-ECCC-2022-CYBER-03-CYBER-RESILIENCE).
Moreover:
and
For more information, please check section 6.
Functional requirements
The proposed solutions and technologies should meet the following functional requirements in support of cyber ranges capabilities:
The outcome should contribute to: