Cyber TASE Constructive Simulator (CCS)
Cyber Test Analysis and Simulation Environment (Cyber TASE) is a Test Resource Management Center (TRMC)-sponsored Central Test and Evaluation Investment Program (CTEIP) capability to conduct timely and accurate Cyberspace Test and Evaluation (T&E) for Department of Defense (DoD) networks and systems. Cyber TASE provides a Live-Virtual-Constructive (LVC) environment to model large-scale operational scenarios and a test capability to assess the ability of the System Under Test (SUT) to perform in a cyber-contested environment and to identify the cyber vulnerabilities of networks and applications. Cyber TASE also provides integrated instrumentation for the collection, analysis, and visualization of test data across multiple layers and sources to assess the impact of cyber threats on the mission.
SCALABLE has built upon the StealthNet capabilities to develop the simulation component of Cyber TASE, called Cyber TASE Constructive Simulator (CCS). The CCS leverages StealthNet’s library of high-fidelity models of network and cyber threats and defenses and the capability to model large-scale tactical networks. The CCS provides a platform for quickly setting up various SUT environments, exploring a wide range of scenarios for “What-if” analysis, and investigating the impact of cyber threats on mission assurance.
The CCS provides a GUI-based Scenario Designer with the following capabilities to support rapid configuration of mission scenarios on large-scale tactical networks.
- A comprehensive library of high-fidelity, customizable models of network components (devices, links, protocols, etc.) and applications, using which accurate models of the target network can be developed.
- Automated tools to import network topologies and router configuration files to faithfully replicate the target network.
- Tools to create accurate simulation models of real network traffic based on traffic flow statistics advertised in NetFlow packets. In addition, traffic flows can automatically be added to generate a desired background traffic load.
- Ability to design and configure mission timelines by specifying the chain of activities comprising a mission.
- Ability to configure the cyber characteristics of the target network by importing host configuration files that specify the software installed on the hosts in the network and their associated vulnerabilities.
- An intuitive way to design and configure cyber attacks as a chain of related attacks, where the choice of a subsequent attack depends on the outcome of the previous one. Individual attacks in the chain can be selected from a comprehensive library of active and passive cyber attack models that range across all layers of the protocol stack, from jamming models at the physical layer to man-in-the-middle threats and cyber, worms, and vulnerability exploitation at the transport and application layers.
The network, mission, traffic, and cyber attack components of a scenario can be designed in a hierarchical manner where composite objects can be designed from reusable lower level objects.
Designing Network Configuration (Top) and Configuring Cyber Attacks (Bottom) in Scenario Designer
The CCS also provides an LVC interface that enables interaction between live devices and either virtual or constructive devices. Thus, the live SUT can be extended or an LVC representation of the entire system (or system of systems) can be used for the simulation of cyber threats to the entire infrastructure. The LVC environment can be quickly and easily customized to support multiple simultaneous tests with large-scale operationally realistic scenarios.
The CCS provides tap points for instrumentation tools, such as Wireshark, through which data can be collected. Time-series data from the simulation can be collected in a statistics database. Measures of effectiveness (MoEs), measures of performance (MoPs), and mission metrics can be defined and collected. The impact of cyber threats on the SUT can be assessed and visualized by using the detailed reporting and visualization capabilities of the CCS which can depict the test events, test timeline, and cyber operating picture.
The CCS can be used to run scenarios to predict outcomes and to perform “What-if” analysis over a larger parameter space encompassing network topologies, traffic profiles, cyber threats, and cyber defense architectures than would be possible using only live assets. Since the CCS can be connected to live components, it can be used to extend the live SUT to assess the cyber resilience of DoD systems in a wider system of systems context. The CCS provides a zero-risk environment for assessing the impact of cyber attacks on the SUT: attacks can be launched on the SUT from the simulated network, but only the simulated devices and virtual representation of live SUT components inside the CCS are impacted by these attacks, without harming the live system. Furthermore, by incorporating hypothetical vulnerabilities in the model of the SUT and launching attacks to exploit these vulnerabilities, the impact of zero day attacks can be assessed. Similarly, the model of the SUT can be modified by including network changes, system patches, and new mitigation strategies, and their efficacy can be assessed by analyzing the behavior and performance of the modified system.
White paper: Assessing Cyber Resilience of Military Systems using LVC Models
White paper: Virtual Cyber Range for Cyber Warfare Analysis and Training
Check out this article to learn more about taking cyber test analysis and simulation to the next level.