Work conducted within ÖvExCND during 2020

Authors:

  • Hannes Holm
  • Teodor Sommestad
  • Lars Helgeson
  • Fredrik Bissmarck
  • Erik Hyllienmark
  • Mats Persson
  • Oliver Johansson

Publish date: 2020-12-31

Report number: FOI-R--5079--SE

Pages: 43

Written in: Swedish

Keywords:

  • IT security
  • Cyber defence exercises
  • red teaming
  • automation
  • machine learning

Abstract

This report describes the work conducted within the project Övning och Experiment för Computer Network Defense-förmåga (ÖvExCND) during 2020. Most work was spent on the further development of the tool Lore, which can be used to automate the technical acitivities of human threat agents during cyber defence exercises. Work was spent on three overall tracks: (1) development of new software functionality for Lore and it's supporting tools, (2) comparisons of Lore to the activities that simulated threat agents conduct during cyber defense exercises to examine similarities and differences, and (3) development and application of an action reward system to improve the accuracy of Loreäs decisions. Progress was done in all three tracks, but alot of work still remain for Lore to completely satisfy the requirements of most cyber defense exercises.