This report details the design considerations and execution plan for
building high-fidelity, realistic virtual cyber ranges that deliver
maximum training and exercise value for participants. A cyber range is a
fully interactive virtual instance of the IT infrastructure of a mid-to
enterprise-level organization that is dedicated to cyberwarfare
training and exercise. The Software Engineering Institute CERT Cyber
Workforce Development (SEI/CERT/CWD) team at Carnegie Mellon University
has provided a wide array of cyber ranges spanning various levels of
complexity to the Department of Defense (DoD) since 2012. This report
draws on tens of thousands of hours of experience and expertise in
designing, developing, deploying, troubleshooting, maintaining, and
improving cyber ranges. The most frequent use case for a cyber range is
team exercise. Team exercises can focus on incident response, malware
removal, network takeover, process improvement, and many other
specialized use cases. This report summarizes the SEI/CERT/CWD current
state of the art when it comes to delivering high-fidelity/realistic
cyber ranges to DoD and non-DoD customers that support the complex
operating environments required for their training and exercise
Publisher StatementThis material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.
This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100
NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING
INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON
UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR
PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE
OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY
WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK,
OR COPYRIGHT INFRINGEMENT.
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Copyright StatementCopyright 2021 Carnegie Mellon University.
Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.
External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at firstname.lastname@example.org.