Cyber ranges

National Initiative for Cybersecurity Education (NICE) cyber range checklist

February 10, 2021 by Graeme Messina

Introduction

Today, we will look at the National Initiative for Cybersecurity Education (NICE) cyber range checklist. We will give a brief overview and discuss some of the most important points that it raises, as well as taking a look at the checklist that they have created. 

The document itself gives us a good definition of what a cyber range is and where they are used. It also gives us a rundown of who would benefit most from using a cyber range and what cyber ranges are used for. Finally, NICE has included a checklist to help guide you on selecting the best cyber range for your needs.

A brief overview

Cybersecurity has become an essential part of modern organizations. This means there is a high demand for skills development and training across all mediums, especially remote, over-the-internet methods. In order to keep up with high demand for cybersecurity professional skills, methods such as a cyber range are a chance to bridge this skills gap in the market. 

A cyber range is an interactive learning experience that simulates the most common platforms, network environments, tools, operating systems and applications. A cyber range can do the following for your team:

  • Offers a performance-based learning and assessment capability
  • Gives a simulated environment that your teams can log into and work in together
  • Has the ability to give instant feedback to your teams
  • Provides real-world simulations of scenarios that you are likely to encounter on the job
  • Creates an environment where risks can be taken to learn and test new ideas without affecting live systems or infrastructure

Why do we need cyber ranges?

Anyone pursuing a cybersecurity certification or workplace skills development will know firsthand how difficult it is to find a realistic simulation environment to learn new cybersecurity skills in. Traditional training seldom feels realistic, most companies don’t have the software or other resources for training and some of the exercises that you need to practice may have legal ramifications if performed on a live system. Cyber ranges help to create a realistic testing and training environment, which can be a mixture of hardware and software that is used to teach techniques and methods most commonly used in the real world.

Who are cyber ranges for?

It stands to reason that before you can decide on which cyber range is for you, you need to find out who cyber ranges are designed for in the first place. Below is a table of use cases that the NICE has identified as being the primary target audience of cyber range training.

Checklist components

At the end of this article, we will look at each item of the checklist and highlight the key elements of each one.

Use cases of a cyber range

NICE has identified the following key use cases of a cyber range and how you could use one in your own circumstances and personal situation.

  Cyber range use cases
1 Educators seeking to implement basic and advanced cybersecurity education courses and curricula
2 Organizations or individuals seeking training and continuing education for security operations, analysis and forensic specialists
3 Organizations seeking “situational operations” testing for new products, software releases and organizational restructuring
4 Organizations or individuals seeking cybersecurity skills validation to evaluate candidates for cybersecurity positions
5 Individuals seeking workforce training for people moving into cybersecurity related fields and positions

There are many different possibilities for how you could use a cyber range in your own workplace or training environment. You could help to improve key individuals or entire teams with specialized cyber ranges. 

This is also a good platform to test scenarios and procedures that are modelled around real-world security threats that you can expect to see on the network. These ranges can be customized to model your exact network environment so that you can practice with the most lifelike representation of the layout of your network that you can find.

Location of the range

The location of the range is an important aspect that needs to be looked at. Not all businesses currently have staff actively going into the office, and in those instances, remote training is the way to go. Other businesses might have a requirement that staff be in the office, and in those instances where there is an on-premises solution for the cyber range, then that is also an option. For other businesses, there is a hybrid solution that integrates both on-premises and cloud-based solutions.

Curriculum type

Sometimes, you might not need to spend extra time developing a customized cyber range for your team. Instead, a pre-packaged cyber range can quickly come into service and get your team members started in no time at all. 

Pre-packaged cyber ranges (with options) is a more customized cyber range with standard learning materials and a few custom modules specific to the company that requests it. An ad hoc curriculum is a solution that is designed with complete customization in mind.

Learning outcomes and standard alignment

The NICE checklist states that a cyber range should use either the NICE Framework within the course content or contain NSA/DHS National Centers for Academic Excellence Knowledge Units. This is an important aspect of a cyber range, as there are many important technical details that need to be included in the materials and exercises that your users will be undertaking when completing a cyber range.

Assessment and debriefing tools

You need feedback in order to learn how effective a training program is, and cyber ranges are no different. To achieve this, the NICE checklist recommends that you implement a way for users to provide constructive feedback about what they felt worked and what didn’t. With this kind of feedback, the organizer can look at the issues raised and address problems as they are reported.

Another useful data-gathering tool is a replay feature. This will allow the cyber range organizers to review what users did when they experienced issues. This removes the tedious work of trying to recreate an issue, as the playback defines what went wrong as it happened.

Scalability and elasticity

Cyber ranges differ in functionality, scalability and elasticity. What this means is that not all cyber ranges work in the same way. The NICE checklist identifies this and makes the following distinctions between different cyber ranges in terms of both the number of users that they cater for and the time that are allocated to them. 

They are classified as limited users with a limited time period, a limited number of users with an unlimited time period, unlimited users with a limited time period and unlimited users with unlimited time periods. These distinctions are important if you are trying to allocate resources to people without overbooking and over-utilizing your resources and leaving users without training.

If you can use the NICE checklist to familiarize yourself with the limited resources at your disposal, then you have a far greater chance of successfully implementing a cyber range within your organization.

Training and support

If you are offering a cyber range with complicated and complex subjects and exercises, then the chances of something going wrong is quite high. There are infrastructure considerations and software-based issues as well. If an exercise within a cyber range doesn’t quite work as expected, then you need to have support to help and troubleshoot and fix the issue.

The NICE checklist takes these considerations further and helps you to identify the type of support that you need. The types that are listed include: initial support and training (hand-holding), periodic support and training (maintenance) and on-call support and training (break and fix). You need to make sure that the support that you require is available when you need it, and the NICE checklist outlines this very well.

The special sauce

This spicy section outlines the part of the cyber range that makes it unique to your requirements. You may have customizations that are specific to your niche in the market or in your industry. These requirements should be catered for in your cyber range if they are crucial to training your users. 

The orchestration layer is largely responsible for the dynamic responsiveness of the cyber range. This can be a commercial product or an in-house solution that is developed internally by your developers. Other items that you should think about are scheduling components and whether or not you need a specialized LMS or RLMS solution for your cyber range.

The checklist

Below is the checklist as it is found here on the NIST website.

Features Considerations & options
Use Case(s) of the Cyber Range The Cyber Range is focused on the following audiences and/or use cases (more than one selection is possible) –

  • Educators seeking to implement basic and advanced cybersecurity education courses and curricula
  • Organizations or individuals seeking training and continuing education for security operations, analysis, and forensic specialists
  • Organizations seeking “situational operations” testing for new products, software releases, and organizational restructuring
  • Organizations or individuals seeking cybersecurity skills validation to evaluate candidates for cybersecurity positions
  • Individuals seeking workforce training for people moving into cybersecurity-related fields and positions
Location of the Range The Cyber Range is located –

  • On-Premises (fixed or limited users)
  • On-Premises (with cloud capability)
  • Cloud-Based
  • Hybrid (blend of on-premises and cloud-based)
Curriculum Type The activities and assessments of the Cyber Range are –

  • Pre-Packaged (no customization)
  • Pre-Packaged with Options (some customization)
  • Ad-Hoc (full and significant customization)
Learning Outcomes & Standard Alignment The Cyber Range aligns with or utilizes the following standards or certifications –

  • The NICE Framework
  • NSA/DHS National Centers for Academic Excellence Knowledge Units
  • Other _____________________________________
  • Other _____________________________________
Assessment & Debriefing Tools The Cyber Range utilizes the following functions to aid in assessment and debriefing of users –

  • Recording and Replay Functionality
  • Assessment or Rating/Scoring Functionality
  • Assessment of Team Performance Functionality
  • Assessment of Individual Performance Functionality
Scalability & Elasticity The Cyber Range is able to support –

  • Limited Number of Users for a Limited Time Period
  • Limited Number of Users for an Unlimited Time Period
  • Unlimited Number of Users for a Limited Time Period
  • Unlimited Number of Users for an Unlimited Time Period
Training and Support The Cyber Range operator or vendor provides –

  • Initial Support and Training
  • Periodic Support and Training
  • On-Call Support and Training
The Special Sauce The Cyber Range includes other features and capabilities such as –

  • Industry-Specific Customization
  • A Scheduling Component
  • Specialized LMS or RLMS
  • Other _____________________________________
  • Other _____________________________________
  • Other _____________________________________
  • Other _____________________________________
  • Other _____________________________________

Conclusion

The NICE checklist exists because cybersecurity training is becoming more and more important for the normal operations of an organization. Cyber ranges are a crucial part of hand-on cyber security training and there are many different types of cyber ranges to choose from. The NICE checklist helps to synthesize the important components that you need to implement a successful cyber range of your own. 

The great thing about cyber ranges is that they are good for training new users and experts alike. Studying for a certification is still a viable way to learn cybersecurity skills, but nothing quite beats real-world experience and realistic cyber range exercises. 

The key takeaway from the NICE checklist is that it outlines the most common stumbling blocks for starting up your own cyber range, and offers insight into the minutia of how to create and implement a cyber range of your own.

Posted: February 10, 2021
Articles Author
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.

Leave a Reply

Your email address will not be published. Required fields are marked *