Adding Realism to Cyber Security Exercises – Populating RGCE environment

Our Realistic Global Cyber Environment (RGCE) is a feature rich live cyber range that brings together a realistic global world and organization environments in an isolated private cloud. RGCE’s global world functions the same way as the real Internet; however, it is fully controlled by JYVSECTEC. The Internet of RGCE has similar counterparts as the real Internet. The structures, services, and functionalities are made as similar as it is possible in a closed environment.

Healthcare Cyber Range (HCCR) project’s development target is to secure continuity in patient safety and care in the context of digital healthcare. How will the target be reached? Among other things, by developing healthcare actors’ competencies through cyber training and education. To achieve this, HCCR project extends the existing RGCE to the healthcare sector, focusing on modelling healthcare systems and processes.

Stork -adding population to RGCE

When modeling the healthcare sector in a digital context, in this case in the RGCE cyber range, it became clear rather quickly that we need to be able to generate people to the environment, as realistically as possible. There already exists for example organizations, social media channels, a news channel, and a bank in RGCE; however, the automation of creating fictional users for these services needed further development. We discovered that we need some sort of a Digital and Population Data Services Agency (former Population Register Centre) to be created as part of our RGCE. In our context the “agency” needed is slightly wider in scope than the one in Finland administrating e.g. a national register that contains basic information about Finnish citizens. In addition to personal information, i.e. birth dates, social security numbers and mailing addresses we have added bank account details, health information, social media accounts etc. to the program.

As all parts of RGCE, also the personal information generator we named Stork is as realistic as it can be.

Why realistic?

Professionals attending cyber security exercises spot illogicality or anomalies easily from the data they see: “this is not an IBAN of our bank” or “there is something strange in this identity number”. “Can I trust the information I see?” We do not want the attendees to get confused about the strange information; is this a part of the exercise or a flaw in the program?

Well, what does realism in this case mean then?

For example, bank account details such as IBAN and BIC numbers match. Credit card details pass validations and map to correct providers. The generated persons have valid social security numbers that match with their gender. People live and businesses reside in addresses that are tied to their real-life counterparts (Piippukatu in the real world is located at the same location inside RGCE). Object identifier (OID) numbers are used just like in the real world, and so on.

Depending on the context and profile needed, the generated person may be a decent citizen or a person with a criminal background, why not a cyber attacker?

Generating a person in Stork user interface

Stork user interface (work in progress)

The visible fields (see picture) in Stork can be either filled in or left blank, if left blank Stork randomly generates appropriate information to the field. Social security number is always generated automatically. Fields for postal address, bank details, phone number and email are to be added to Stork as the work progresses.

HCCR pilot Cyber Security Exercise

HCCR project will organize a pilot cyber security exercise for healthcare actors at JAMK University of Applied Sciences premises in Autumn 2021. Stork and other healthcare specific implementations will be tested in practice for the first time in this three-day event.

Healthcare Cyber Range (HCCR) project is funded by the European Regional Development Fund (ERDF), leverage from the EU 2014-2020.


Elina Suni

Specialist
Institute of Information Technology, JAMK University of Applied Sciences

Teemu Kontio

Technical Specialist and Software Developer
Institute of Information Technology, JAMK University of Applied Sciences

Share: