The Council for Scientific and Industrial Research (CSIR) is promoting its wide array of cyber defence and security offerings, including a cyber test range, network simulator and cyber vulnerability detector.
The Council’s Cyber Range is a virtualised environment with sensors that collect network data, hardware and software behaviour and user interactions as a test bed for cyber experts – or as a training simulator for incoming cybersecurity engineers. As a user interacts with virtualised computer machines, data is generated and then analysed.
The Range provides real-life experience in participating in cyber-attack simulations, determines hardware and product performance, and allows for custom-designed scenarios to be tested. It allows for Red and Blue Team Exercises, software development skills assessments and incident response.
Main uses of the range include evaluating the security aspects of software applications before buying them, testing the effectiveness of a newly developed security process, and assessing employee capabilities.
The CSIR said its Cyber Range provides these offerings within a safe and isolated environment, without the need for costly hardware, software an administration or training costs. It is useful to government organisations, the private sector, as well as academic institutes who support national cybersecurity readiness.
Similar to the Cyber Range is the CSIR’s Network Emulation and Simulation Laboratory (NESL), which provides a platform for the replication of existing or planned networks through a mixture of physical and virtual devices.
It provides a platform for training and skills development as well as various cyber challenges within a secure isolated virtualised network. NESL is a South African developed product with the infrastructure hosted by the CSIR. The system also allows multiple users to interact with the same network simultaneously allowing classroom type exercises to be created.
NESL allows users to quickly design, create and access an isolated simulated network through a web browser by using a drag and drop interface. NESL provides the functionality for the user to inject realistic network traffic into their network to evaluate how the network links and nodes behave under different defined conditions. This traffic simulation component also provides a malware lab capability to allow the users to make use of the latest security vulnerabilities in their test.
NESL enables users to integrate third party tools into their simulated network to assess the use of devices within their network. All simulation and emulation components in NESL are open source, which enables users working on NESL to add additional capabilities, like custom protocols and services and to expand the open source tools used within the system.
The user can freely conduct security testing without risk of infecting or spreading to external networks.
The CSIR noted that cyber security is a growing concern within the South African environment as the country is in the top 40 out of 117 countries with a rise in cybercrime. “There is a large market opportunity to provide practical training within South Africa, as many university institutions are starting to offer cybersecurity degrees or modules as part of the curriculum,” the CSIR said.
Another cyber security product offered by the CSIR is its Cyber Vulnerability Detection System, which is used to monitor the cyber landscape of regions, or nations. The system detects vulnerabilities within devices conneted to the Internet and provides network owners with advance warning of vulnerabilities to address.
The Cyber Vulnerability Detection System combines cyber security data from a number of publically available sources into a vulnerability assessment report or presentation. All devices connected to a network are identified based on publically available cyber security search engines such as Shodan, Censys and ZoomEye. The system then links these devices to vulnerabilities found in the Common Vulnerability and Exposure database – an web database managed by Mitre in the USA – allowing identification of vulnerabilities per device. It also geo-locates the devices, to that the vulnerable devices are visible on a map.
The configuration and structure of all the components make this software technology unique and novel, the CSIR said.
The Cyber Vulnerability Detection System can be used as a situational awareness cyber security tool. The tool can also be integrated with existing cyber vulnerability scanners such as NESSUS, OPENVAS, and many others.
Applications include the banking sector, defence forces and manufacturers of devices.