JYVSECTEC’s cyber range RGCE has been in development since 2011 aiming to provide a realistic exercise environment for organizations of different sizes and industry sectors. In recent years, the development has focused on building multiple business sector specific organization environments, which mimic technical and business functions of real organizations. These environments also have realistic dependencies with each other, like the cloud provider depends on connectivity provided by the internet service provider. All of the organizations are connected to the global RGCE Internet where the customers, partners and threat actors exist.
In this post, I will briefly describe each of the organizational environments and how they can be used for practicing different cyber security scenarios.
NorthernBank – Financial Organization
NorthernBank is a financial organization providing online banking, loans, invoices, e-payments, point-of-sale systems, and cash services for corporations and private customers. NortherBanks e-payment system integrates with online web shops where customers can pay their purchases using their bank account. NorthernBank also provides point-of-sale systems for commerce.
The environment of NorthernBank includes the banking infrastructure, management, and monitoring systems for IT staff as well as support services for customers and internal staff.
Possible cyber security scenarios for exercises include detecting and responding to data exfiltration (e.g. credit card data theft), denial of service attacks, and fraudulent transactions.
Funnel and Watti – Industrial Organizations
Funnel is the provider for the road tunnel between Helsinki and Tallin. Funnel is responsible for operating the automation process for the tunnel’s traffic control systems and providing 24/7 monitoring for the tunnel’s systems. Watti is an electricity provider for Funnel’s road tunnel. Watti is responsible for operating the tunnel’s electricity systems and providing 24/7 monitoring of the tunnel’s electricity.
The environments of both organizations include separate segments for office and services as well as automation services. The automation environment consists of monitoring and engineering facilities, data center for Industrial Control Systems (ICS), ISP’s connectivity (MPLS-VPN) to the operation center and to the logic controllers (PLCs), which control the field devices located in the tunnel, and CCTV monitoring system for traffic and field device monitoring.
Possible cyber security scenarios for exercises include forging of sensor readings and disrupting or seizing the control of the ICS systems.
RNA – Internet Service Provider
RNA is a Finnish nationwide internet service provider serving both corporate and consumer customers. RNA’s core network provides basic Internet connectivity services for consumers (xDSL, fiber, cable). The core network is based on MPLS with traffic engineering and fast reroute capabilities. RNA’s corporate offerings include private L3 or L2 MPLS VPN connectivity and Distributed Denial of service (DDoS) protection with Arbor Networks Peakflow, TMS, and Pravail technologies for large corporations.
RNA operates its own data center that provides internal infrastructure services, customer and external services as well as hosting services. RNAs Network and Security operations center (NOC&SOC) is responsible for monitoring the core network and data center, as well as responding to fault reports and security incidents.
Possible cyber security scenarios for exercises include detecting and mitigating DDoS attacks, detecting and responding to spreading of malware or spam from consumer networks.
Satsuma – Cloud Service Provider
Satsuma is a Finnish Cloud Service Provider offering a cloud hosting solution for its customers. Satsuma offers both virtual private servers (VPSs) based on its Openstack platform and container service hosting service based on Openshift platform. Satsuma also provides different Software as a Service (SaaS) services for multiple customers. Most notable customers include the tunnel provider Funnel, the online shop XXS, electricity provider Watti and internet service provider RNA. Satsuma hosts the cloud platforms on its Helsinki datacenter along with its customer support and internal services.
Possible cyber security scenarios for exercises include responding to malicius user activity, vulnerabilities in the software platforms, data exfiltration, espionage, and denial of service attacks.
Conclusion
The RGCE organization environments cover a wide range of business sectors and enable organizations to practice with realistic tools and threat scenarios. The environments can also be scaled down based on the size or needs of the participating organization.
For more information about the RGCE cyber range, see JYVSECTEC Cyber Range Range whitepaper.
About the writer
Jani Hallberg
Laboratory Engineer
Institute of Information Technology at JAMK University of Applied Sciences
