Carnegie Mellon University
2021_005_001_734209.pdf (535.48 kB)

Foundation of Cyber Ranges

Download (535.48 kB)
This report details the design considerations and execution plan for building high-fidelity, realistic virtual cyber ranges that deliver maximum training and exercise value for participants. A cyber range is a fully interactive virtual instance of the IT infrastructure of a mid-to enterprise-level organization that is dedicated to cyberwarfare training and exercise. The Software Engineering Institute CERT Cyber Workforce Development (SEI/CERT/CWD) team at Carnegie Mellon University has provided a wide array of cyber ranges spanning various levels of complexity to the Department of Defense (DoD) since 2012. This report draws on tens of thousands of hours of experience and expertise in designing, developing, deploying, troubleshooting, maintaining, and improving cyber ranges. The most frequent use case for a cyber range is team exercise. Team exercises can focus on incident response, malware removal, network takeover, process improvement, and many other specialized use cases. This report summarizes the SEI/CERT/CWD current state of the art when it comes to delivering high-fidelity/realistic cyber ranges to DoD and non-DoD customers that support the complex operating environments required for their training and exercise purposes.


Publisher Statement

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.



Copyright Statement

Copyright 2021 Carnegie Mellon University. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at

Usage metrics


    Ref. manager