AI-based scenario management for cyber range training

Society is facing a precarious shortage of cybersecurity professionals and the gap between the demand and the availability of qualified labour is widening. The rapidly increasing number of computer attacks leads to fierce competition, frequently depleting the labor market of expertise.  

According to the latest report on cybersecurity from the European Network and Information Security Agency (ENISA), there is a 94 percent increase in advertised positions in cybersecurity in Europe since 2013, and it takes 20 percent more time to fill these positions compared to other IT positions. The ASCERT project will help close this gap by developing a software framework for designing, implementing and evaluating cybersecurity exercises. 

ASCERT’s backdrop is gloomy. In an increasingly digitalized world, our institutions and our critical infrastructure are vulnerable. Over 90 percent of all malicious software is delivered via email. This is a stern reminder that the weakest link in a security posture is often people and that the first line of defense therefore remains education and training. 

Effective cybersecurity training must span three levels of organization:

1. the strategic level, to anticipate the consequences of critical infrastructure attacks
2. the tactical level, to maintain national IT services, and
3. the operational level, to resist attack on a specific IT system.

ASCERT will develop a comprehensive work surface that includes all three levels. Well-studied learning principles and skill metrics will be used as a basis for promoting effective, long-term learning. 

ASCERT is an interdisciplinary project that uses methods and results from symbolic AI, cyber security, simulation-based training and learning theory. The project is a partnership between the Norwegian Computing Center, NTNU Cyber Range, the Directorate for Civil Protection and EcoOnline AS. All results will be developed in close collaboration between these partners so that the solutions reflect real needs in the private and public sector. 

Publications:

• Hannay, Jo Erskine, Audun Stolpe, and Muhammad Mudassar Yamin. “Toward AI-based scenario management for cyber range training.” HCI International 2021-Late Breaking Papers: Multimodality, eXtended Reality, and Artificial Intelligence: 23rd HCI International Conference, HCII 2021, Virtual Event, July 24–29, 2021, Proceedings 23. Springer International Publishing, 2021.
• Yamin, Muhammad Mudassar, et al. “ADAPT-Automated Defence TrAining PlaTform in a Cyber Range.” International Conference on Information Systems and Management Science. Cham: Springer International Publishing, 2022.
• Stolpe A, Rummelhoff I, Hannay JE. A logic-based event controller for means-end reasoning in simulation environments. SIMULATION. 2023;99(8):831-858.
• Balto, K. E., Yamin, M. M., Shalaginov, A., & Katt, B. (2023). Hybrid IoT Cyber Range. Sensors, 23(6), 3071.
• Færøy, F. L., Yamin, M. M., Shukla, A., & Katt, B. (2023). Automatic Verification and Execution of Cyber Attack on IoT Devices. Sensors, 23(2), 733.
• Yamin, Muhammad Mudassar, Ali Shariq Imran, and Basel Katt. “Towards a Digital Twin for Lifelong Learning.” 2023 4th International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). IEEE, 2023.
• Shukla, Ankur, Basel Katt, and Muhammad Mudassar Yamin. “A quantitative framework for security assurance evaluation and selection of cloud services: a case study.” International Journal of Information Security (2023): 1-30.