Back to search

IKTPLUSS-IKT og digital innovasjon

AI-Based Scenario Management for Cyber Range Training

Alternative title: AI-støttet scenarioutvikling for cybersikkerhetstrening.

Awarded: NOK 12.0 mill.

Project Number:

329062

Project Period:

2021 - 2025

Location:

Society faces a pronounced cybersecurity workforce shortage and skills gap. The increasing frequency of cyberattacks has seen organizations fiercely compete to recruit skilled professionals, leaving the market depleted of available expertise. According to the recent European Network and Information Security Agency (ENISA) report on cybersecurity skills development, there is a 94 precent increase in cybersecurity job postings in Europe since 2013, and it takes 20 percent more time to fill those jobs compared to other IT jobs. The ASCERT project aims to narrow this gap by developing computer support for the design, execution and evaluation of cybersecurity training exercises. ASCERT’s backdrop is grim. In an increasingly digitized world our institutions and critical infrastructure is vulnerable. Over 90 percent of all malware is delivered by e-mail. This is a stark reminder that the weakest link in any security posture is usually people and that the first line of defence remains education. Effective cybersecurity training needs to span three organizational levels: (1) the strategic level, where attacks on critical infrastructure must be anticipated and planned for, (2) the tactical level, where national IT services must be upheld, and (3) the operational level, where particular IT-system must be defended. ASCERT will develop a single unified learning tool that spans all three levels. Well-studied learning principles and performance metrics will be embedded to promote effective, long-term learning. ASCERT is an interdisciplinary project that draws on methods and results from symbolic AI, cybersecurity, simulation-based training and learning theory. It is a partnership between the Norwegian Computing Center, the NTNU Cyber Range, the Norwegian Directorate for Civil Protection and Pilotech AS. All results will be developed in close cooperation between these partners to ensure that the solutions reflect actual needs in the private and public sectors.

According to the recent European Network and Information Security Agency (ENISA) report on cyber-security skills development, there is a 94 % increase in cybersecurity job postings in Europe since 2013, and it takes 20 % more time to fill those jobs compared to other IT jobs. This poses a major concern for both economic development and national security in the digital age. The development of highly effective cybersecurity training frameworks that ensure exceptional cybersecurity skills is in other words a fundamental prerequisite for the digital transformation of society. Effective cybersecurity needs to span three organizational levels: (1) the strategic level, where societal services are subject to attacks and decisions are taken at an executive level; (2) the tactical level, where various parts of a National IT network are affected; (3) the operational level, where focus is on one concrete system. It is crucial to enhance cybersecurity skills at each level specifically as well as to coordinate training across levels. The ASCERT project will develop an AI-supported architecture for cybersecurity training that 1) supports the design, execution and assessment of training scenarios across organisational levels, and that 2) incorporates skill-building principles and performance metrics to promote deliberate incremental learning. Using attack-defence trees as a graphical user-facing representation, ASCERT will develop a formal semantics that translates such trees into AI planning languages for the purpose of generating and executing training scenarios. Based on case studies and interviews with domain experts, the project will build up a library of simple offensive and defensive moves annotated with additive metrics and skills to support automatic goal-based and skill-oriented scenario design. These library elements will then be mapped onto a multi-agent system on the NTNU Cyber Range to yield an integrated platform for simulation-based training.

Publications from Cristin

No publications found

No publications found

No publications found

No publications found

Activity:

IKTPLUSS-IKT og digital innovasjon