10th anniversary of the KYPO Cyber Range Platform
14 Apr 2023
- In the fast-paced world of cybersecurity, it's rare for a platform to remain relevant for a decade. Yet, the KYPO Cyber Range Platform has not only stood the test of time but has continued to evolve and innovate.
- With its 10th anniversary upon us, it's an excellent opportunity to reflect on the journey from its begining to present-day achievements.
- Join us as we explore the story of the KYPO Cyber Range Platform, highlighting key achievements and sharing our vision for the future of cybersecurity training.
large scale cybersecurity exercises
Thesis: 1 PhD, 39 Master, 56 Bachelor
It all started in 2009, in a small office at Masaryk University, with just a few IT experts, an old coffee machine, and a passion for cybersecurity. Over the years, our team CSIRT-MU was formed, we grew to more than 30 members, and we helped to solve hundreds of incidents, garnering expertise in the field.
As we progressed, our concern about society's dependence on IT was rising. We received calls from various organizations for professional help and witnessed the severity of the issue firsthand. A persistent long-term problem arose: the need for cybersecurity experts.
Born in the Cybersecurity Team of Masaryk University.
The KYPO project started at the Masaryk University.
We contacted the National Cyber and Information Security Agency (NÚKIB) to propose creating a cyber range platform, allowing professionals to learn cybersecurity in practice. The dialog turned into the "KYPO" research project, funded by the Ministry of the Interior of the Czech Republic in 2013.
The KYPO is an abbreviation for the project's official name, Cybernetic Polygon. In Czech, the word polygon means the training ground for some technology. This meaning is usual in the army.
We faced numerous obstacles in the project; however, in the end, we created a sophisticated virtual environment called the KYPO Cyber Range Platform (KYPO CRP).
In 2015, we successfully organized the first Czech technical exercise Cyber Czech, in cooperation with the NÚKIB powered by the platform. The aim was to prepare security personnel for work under the pressure of an ongoing massive cyber-attack.
The first Czech cybersecurity exercise – CyberCzech, was powered by the KYPO CRP.
Best Security Research Award by the Czech Ministry of the Interior.
After this, we received the award of the Minister of the Interior of the Czech Republic for security research.
Our successes led to the initiation of follow-up research and training activities. We trained hundreds of cyber security professionals and students using the KYPO CRP.
We felt this was insufficient globally, so we decided to make the platform available as open-source software to allow any organization to download and use it to create training for their employees or students.
Thanks to the H2020 CONCORDIA project, we successfully released it to increase the availability of hands-on cybersecurity education in 2020.
We released KYPO CRP as open-source.
Best Innovation in the Disruptive Technology.
Since that time, we have engaged in activities at the European level. As part of the cybersecurity competence pilot project, we have aimed our actions to boost European resilience.
The sign that our direction is right was the victory in the 7th edition of the European Commission's Innovation Radar competition in the Disruptive technology category in 2021.
We formed many new partnerships and promoted the platform a lot. Notably, we joined the REWIRE project to help create training for the European Cybersecurity Skills Framework and the CHESS project to transfer knowledge and cybersecurity training with Estonia.
However, we have also worked hard on the technology, resulting in several new platform versions bringing significant improvements. Even though the CONCORDIA project ended in March 2023, our initiative continues to pursue our mission.
We continue, driven by a mission of boosting the resilience of our society.
Our vision and challenges
Everybody can be part of the growing community
- We are convinced that Europe can be only stronger and more resilient together.
- For this reason, we are building a community of KYPO CRP users from academia, the public sector, and industry.
- Everybody can have something to add to our common goal. It can be a development force, new content, or promotion of our platform.
Foundation governing the KYPO CRP is established and running
- To support the development of the KYPO CRP, we are actively looking into creating a foundation governing the platform's future growth.
- It should also be responsible for negotiation on the highest levels and providing financing for future development.
- Hopefully, it will lead to the adoption of KYPO CRP by organizations like ENISA and ECCC.
Open content and supporting tools are available to everyone
- Open content means scenarios must be freely available, easily editable, and shared within the community.
- To fulfill this goal, KYPO CRP uses everything as code methodology. The practice of everything as code (EaC) is where policy files govern all aspects of software development, delivery, and management. It extends most organizations' scalable and repeatable approach to app development – where processes are defined, codified, and followed automatically – to other IT components, such as infrastructure and configuration.
- The EaC approach enables scenario developers to create training scenarios and infrastructure resources in a human-readable format that can be automatically verified and requires minimum manual tasks to deploy.
Utilization of other cloud platforms (AWS, MS Azure)
- KYPO CRP was developed with the main focus of being completely open-source, including all its dependencies.
- KYPO utilizes the OpenStack cloud platform for the deployment of sandbox environments. The OpenStack cloud platform is an open-source project that can be deployed without licensing fees on-premise or paid by usage with some public OpenStack cloud provider. The OpenStack requirement might be a limitation for some companies.
- To enable broader adoption by industry and community, we would like to introduce implementation for major cloud providers, primarily aiming at Amazon Web Services.
Setting up the marketplace for content directly accessible from the platform
- The European community needs a place where the content can be created, shared, exchanged, and made available for the users of a cyber range.
- It can be perceived as a marketplace where scenarios and building blocks (e.g., TTPs, Ansible roles, training levels, support tools, and other content) are freely available for download.
- The sharing platform should also be carefully curated by a selected group of administrators and focus on modern approaches such as continuous integration and continuous delivery to ensure high content quality and hassle-free distribution of scenarios to already deployed platforms around Europe.
CyberRangecz – a new brand for our services
- We created a physical and virtual space designed to develop cybersecurity practices and train professionals to boost the resilience of digital society.
- It serves as a stage for extensive cybersecurity exercises, technology testing, and community building.
- CyberRangecz services are powered by the KYPO Cyber Range Platform.