To protect its platforms against cyber attacks, the Royal Canadian Navy (RCN) must train specialists in platform cyber security. These specialists will need to understand the offensive capabilities of their adversaries in order to defend these platforms and to develop more secure systems. As a result, these specialists will require an environment which can facilitate training in offensive cyber security techniques. Currently, no cyber security trainer exists for the RCN's Platform Management Systems (PMS), nor does one exist for any of the RCN's other platform systems. The aim of this research is to develop a PMS environment based on effective training techniques and capable of training RCN personnel in offensive cyber techniques. Effective training techniques in this context will reflect best practices from pedagogical literature. The training environment in this case is an offensive cyber security trainer which facilitates the training of personnel to execute cyber kill chains mapped from real attacker tactics, techniques, and procedures. Training cyber defenders to perform these kill chains will provide them with a greater understanding of how attacks can be executed against RCN platform systems. This in turn will enable the RCN to better defend against such kill chains. In order to accomplish this aim, an offensive cyber security trainer for a PMS is developed which utilizes a combination of simulation, emulation, and virtualization to provide an effective level of control and flexibility while also maintaining a high level of realism. This training also specifically leverages a Capture the Flag (CTF) framework to enhance personnel engagement within the environment. The functionality of this trainer is demonstrated by its ability to facilitate the training program and the execution of multiple kill chains against the PMS. The effectiveness of the trainer is validated on its application of current research methodology in effective gamified training environment design.
Software And Hardware