Qatari research center chooses Leonardo for cyber range

Agnes Helou

BEIRUT — A Qatari cyber research center has selected Leonardo to provide a cyber range and training system to support security operations, the Italian firm announced Feb. 3.

The Qatar Computing Research Institute, or QCRI, was established by the Qatar Foundation for Education, Science and Community Development. The training platform ordered by the QCRI is capable of simulating cyberattacks so users can assess the resilience of digital infrastructure.

“The training is completely to be performed in Qatar, and it is expected, through an approach oriented to ‘train the trainers,' to provide courses to a significant number of operators involved in the cybersecurity framework,” Tommaso Profeta, managing director of Leonardo's Cyber Security Division, told Defense News.

He noted that training and exercise scenarios can be customized using a drag-and-drop graphical interface. The platform can also analyze and classify the results of simulated attacks based on data collected during real-world offensive campaigns. Scenarios can be used for individual training or classroom experiences, and they provide practice for security operations centers and incident response activities.

This training tool “will allow the QCRI to deliver a complete cyber training process, from the design of the learning path to specific training sessions. Users will be able to practice their skills in simulated attack and defense scenarios, employing both information technology (IT) and operational technology (OT). The training will produce qualified teams of operators equipped with up-to-date knowledge and techniques, ready to face ever-evolving cyber threats,” according to a company statement.

“The best cyber training/testing environments are in theory real production systems. But in practice for such environments, institutions, enterprises and organizations cannot easily experience critical situations without paying high, sometime unaffordable prices,” Profeta said. “Training and testing are therefore the two essential, human-driven processes that can effectively support the overall cyber ‘protection' loop, but only if they can cope with real threats and highly realistic systems in highly realistic situations.”

Cyber ranges provide a controlled environment where cybersecurity experts can practice their technical and soft skills in emulated complex networks and infrastructures to learn how to respond to real-world cyberattacks. In these environments, cyber tools can be stressed to reveal their limits and vulnerabilities before deployment into cyberspace. Leonardo's platform challenges such assets and provides digital twin environments for predeployment testing.

Asked whether other Gulf countries have expressed interest in this training system, Profeta said it “has already been presented to other high-level Middle East stakeholders, and a significant level of interest has been registered for the platform.”

What scenarios are available?

Those using the cyber range will try to defend against simulated but realistic cyberattacks. According to Profeta, these include:

• Man-in-the-middle attacks.
• Botnets.
• Exploitation of client and server vulnerabilities with lateral movements in search of sensitive data.
• Distributed denial-of-service attacks (HTTP flooding or domain name system reflection) designed to disrupt connections to a targeted server.
• Ransomware via multiple vectors, such as spear-phishing via email or drive-by downloads, relying on DNS-based covert channels.
• Data exfiltration of personally identifiable information and intellectual property.

Though it's difficult to measure the potential effectiveness of this platform for Qatar, the company official predicted the system will reduce the cost of and improve the user experience in cyber training.

Leonardo also supplies the NATO Computer Incident Response Capability, a cyber defense product.

https://www.c4isrnet.com/cyber/2021/02/03/qatari-research-center-chooses-leonardo-for-cyber-range