Open Cyber Range (OCR)

Description

The project contributes to the programme outcome 1: “Increased competitiveness of Estonian companies within focus areas Green Industry Innovation, ICT and Welfare Technology”.

Open Cyber Range is a virtual environment that is used for cybersecurity training and cybertechnology development. It provides tools that help strengthen the stability, security and performance of cyberinfrastructures and IT systems leading to secure and trustworthy products and well-educated personnel.

The main objectives of this project are to create a platform for companies to develop, test and validate their innovative products, create a launch pad for new products to emerge to the market, promote security thinking in private sector and educate better workforce for the private companies.

The  project will create an environment for companies to test, experiment and validate newly developed products to meet the growing need for enhanced cybersecurity. Activities will include:

• creating a platform for (new) cybersecurity companies to develop, test and validate innovative products;
• create a launch pad for new products to emerge to the market;
• promote security thinking in private sector and
• educate better workforce for the private companies.

The platform will include tools and products that are not part of standard cloud service (automation tools, simulations, red and blue team tools, situational awareness, hybrid systems etc.). The SMEs that develop and test the products in OCR will be provided with a fast setup of testing and validation environment, reduced initial cost for the environment, and also support from academia and government, mentors and test-clients from other SMEs.

Summary of project results

Project addressed the development of a cyber range that would simplify the process of creating cyber exercises as well as making it more cost effective.

Based on experience in the field of defense and security, OCR offers cost-effective cyber training and a platform for the development of new technologies for institutions and private companies. The Cyber ​​Security Act (KüTS) obliges a certain number of companies, including vital service providers (ETOs), to develop their readiness to respond to cyber incidents and to ensure the continuity of their services even in the event of a cyber incident. Part of this is employee training. Most of the companies covered by KüTS are small, and most of the time they don''t even have an IT specialist, let alone a security specialist. As a result, the preparedness of these companies is low, and this contributes to the situation where important or vital services are disrupted in the event of cyber incidents. In the spring of 2024, SA CR14 successfully applied for the cyber security support of the Ministry of Economic Affairs and Communications to create a collective training platform for IT specialist teams of small and medium-sized companies to solve a similar concern.

From the point of view of cyber security of the private sector, another concern is the readiness of new start-ups. Estonia is known for a strong start-up network and a supportive environment that encourages the creation of many start-ups. A large part of Estonian start-ups operate in the IT field or use IT solutions. OCR creates an opportunity for start-ups to validate their technologies, if desired and if necessary, also with the help of the capabilities of the cyber training ground.

During the project all main milestones and tasks were completed. Platform was developed as a cooperation project with complex work tasks and objectives. As a result, a new platform was created for cybersecurity companies to develop, test and validate innovative products and a launch pad was created for new products to emerge to the market. Throughout the activities, the security thinking in private sector was promoted as well as workforce trained to enable the full use of the platform.

Since June 2024, the OCR platform as a whole is ready - using it, the customer can fully design the exercise themselves, using the purpose-built software platform and the scenario definition language (SDL). Platform provides national and bilateral cyber defence training and is the home base for the world''s largest international cyber exercises, such as Locked Shields and Crossed Swords.

OCR is open source in the Github environment. This means that the use of OCR does not require a paid license and is available to everyone on the web with documentation about OCR and instructions for using the software. In addition, the OCR solution is designed to be compatible with other popular open source software so that functionality missing from OCR can be added through other software solutions.

Summary of bilateral results

The project collaboration had both achievements and problems. The collaboration among partners might have been more successful from the beginning with full responsibilities from all parties. Clearer responsibility differentiation among stakeholders, or other clear end goals from the start would have significantly improved coordination and clarity throughout the project. Although the late-stage feedback was valuable, these feedbacks highlighted the importance of earlier and more regular communication in order to better match efforts and expectations. Key learning points include the importance of setting clear roles and responsibilities early, ensuring all partners are actively engaged from the start, and maintaining open lines of communication throughout the project to mitigate risks and enhance collective output.