Researchers from Universidad Carlos III de Madrid (UC3M) and the Universidad de Málaga (UMA) have collaborated with the consulting and technology company Indra on the development of a new advanced simulator of training in cybersecurity, a system that teaches users how to carry out computer forensics, prevent cyber attacks and learn techniques of cyber defense.
The system, presented and tested in Sweden a few weeks ago at a forum of experts in this field (the KTH Royal Institute of Technology in Stockholm), is part of the SACO (Advanced Simulator for Organized Cyberdefense), a project from the INNPACTO subproject coordinated by Indra that trains professionals in the field of cybersecurity. “Every day new threats arise in the realm of information technology and it is necessary to have experts who can address and counteract these threats effectively,” said one of the researchers who works on this system, José María de Fuentes, from the UC3M Computer Security Lab.
The simulator has four areas of training: cyber attack, where users learn strategies for attacking a specific opponent or reaching a goal; cybersecurity, which teaches strategies of defense against an attack; cyber defense, where users go to combat in a technological context; and lastly, the area of computer forensics, where users acquire experience in the extraction and analysis of evidence that allows them to produce a forensic report in accord with research procedures appropriate for information technology.
The spectrum of possible students is very broad, from professionals who want to expand their knowledge on the subject, to companies seeking to strengthen their capabilities in this field, to members of police and military forces that specialize in cybersecurity.
The simulator poses a scenario in which there are one or several computers connected, be it on the same or on different networks. The description of the scenario and help materials are provided to the students. The system records each of the user’s actions and compares them with the solution of the exercise so that the student sees his/her progress. “One of the most interesting aspects from a formative point of view is that the tool itself, when it detects that a student is lost, gives directions in the form of clues. Thus, a very rich learning experience is guaranteed,” explained Indra cybersecurity expert Jorge López Hernández-Ardieta.
Another noteworthy aspect of the project is that the platform that is being developed is accessible through the browser. As such, any person with a computer and a connection to Internet can use the system. What the simulator does is set out the infrastructure, using what is called a system of “virtual machines.” “Because of them,” said José María de Fuentes, “no matter how much the tool is attacked, all of the consequences are confined to the platform.”
According to the developers, the SACO project is almost finished and it has already produced a working system ready to be put on the market, and one which Indra has begun to market around the world. The technology company is already defining new advanced capabilities that will be incorporated into second and later commercial versions. “There is no other way to triumph in a market as competitive as the cybersecurity market if one is not constantly innovating,” notes Jorge López Hernández-Ardieta. One especially outstanding innovation will consist of equipping the simulator with greater artificial intelligence to better react to and anticipate the student’s actions.