Live exercise is an exercise that is based on real events to increase the realism on selected scenario. The exercise include active adversary team (Red Team) that conducts objective campaign against exercise training audience.
Live exercises often includes multiple organizations (i.e. service providers, subcontractors, internal and external partners) that are depend on each other for providing business services. Live exercises are planned together with customer to provide realistic and suitable exercise scenario.
Exercise's planning and control group that is responsible for creating scenario, injects, and cyber events for the exercise. They also control the execution of the live exercise.
Blue Team (BT) is the training audience of the exercise. Exercise can include multiple Blue Teams from one organization or from multiple organizations. BT can include personnel from multiple levels of the organization.
Red Team (RT) is a skilled and organized group acting as different adversaries and enemies. Plans and carry out attacks for Blue Team(s) to defend.
Exercise steps and duration
The amount of actual working days required for live exercise from initiation to review depends on scale and complexity of the exercise. The duration options on calendar days are presented below.
Set objectives, form and type, high-level scenario, participating organizations and establish planning group.
Specify participants, develop scenario and injects&events, prepare environments, set schedule.
Execute scenario and injects, counterplay, conduct incident handling, protect environment, report events and incidents, debrief.
Evaluate exercise that include:
Analyze collected findings and development areas, conduct after action review, and lessons learned.
Live exercise in realistic environment
All the exercises are held in our state-of-the-art cyber range. Realistic Global Cyber Environment (RGCE) is a fully functional live cyber range and functions the same way as the real digital world. Cyber Range contains fictional business sector specific organizations and can be extended to contain custom-made tailored environment to represent training audiences’ real-life production environment.
Tailored cyber exercises
Tailored cyber exercises are a tool for organizations to train their personnel and develop capabilities in a realistic environment that has been created especially for organization's needs. Tailored exercise includes custom technical environment that represents organization business domain and architecture and custom adversary campaigns that matches the risks of organization. Customized exercises can include multiple organizations that have realistic interdependences and relations between each other. The scale and scoping of the tailored enviroment and scenario is done case-by-case with customer. The process of tailoring requires information from the customer but the process has been created as agile as possible.
The scope of exercise and organization's environment and services is selected
The replication of the services and functionalities are done by JYVSECTEC
The building of the exercise consist the tailored exercise environment and services
The tuning includes customized threat scenarios based on organization's risks, security controls & supporting systems (e.g. ticketing systems, Incident Response), and processes
The tailored exercise includes comprehensive exercise event for participants to handle modern cyber attacks in realistic exercise
Air Navigation Services Finland Oy (ANS Finland) cybersecurity exercise in 2018
Kaisanet prepares for cyber-attacks with exercises