Cyber Ballistics

> Wake up!
> You are the next target ^C
> ^C
> ^C
> ^C
>

Conceptually, cyber ballistics is not that different from its physical-world cousin. Both need a safe and controlled environment for evaluation, practice and study, relevant equipment and necessary knowledge. We specialize in just that.

What we do

Compliance

Compliant enclaves for regulated data processing in the cloud (AWS, Azure), on-premises, or hybrid

Practice

Cyber ranges

Education

Courses, events, curricula, practicums.

Cybersecurity is a new discipline, which is neither well-defined nor sensibly delineated. In different settings, it means different things to different people. Beneath its grand label hides a jumble of electrical engineering, networking, cryptography, psychology, and social sciences.
project SCEPTRE

Creating and maintaining environments where Cybersecurity of complex systems with integrated cyber-physical devices*, can be safely and reliably tested is not trivial. Cyber Ballistics aims at giving every aspect of cybersecurity full attention in an integral manner, by combining technology, practice, analytics and education.

* Devices that are difficult to virtualize because of their interactions with the physical world. e.g. Industrial Control Systems (ICS), IoT or medical devices devices; actuators and sensors.

Place

Cyber Ranges
(cloud-based or on-premises, bare-metal)

Equipment

Cyberinfrastructure Targets • Exploit Libraries • Hacker Toolsets • Analytical Systems

Practice

Calibration • Testing • Forensics • Offense • Defense • Events

Education

Workforce Training or Academic Programs • Curricula • Practicums

Areas of Expertise

Cybersecurity

> platforms for evaluation and training <
> platforms for regulated data processing <
> on-premises specialized hardware or cloud environments <
> cyber-physical, embedded, or fully virtualized systems <

Cyber Ranges

Bare-metal or virtual environments for cybersecurity target practice

Industrial Control System

Design and cybersecurity evaluation

Internet of Things

Sensors, embedded systems

Regulated Data

Cloud-based, on-premises, or hybrid data processing enclaves

Special Services

Embedded design, development, and prototyping

Personal Testimonials

CRACR at the College of Professional Studies
The George Washington University

Professor,
Just wanted to personally thank you for that midterm exam. While I’m disappointed in my performance, I am excited that we FINALLY got an exceptional technical examination. Thats [sic] the challenge I was looking for in this program. I wish there was more of this in the program and that we had you as a Professor sooner. I know where my weaknesses are now and what I need to work on. I am very excited to see what you have in store for us the rest of this semester. Bravo, Professor!!

Hi Professor,
I just wanted to say that I’m very grateful to have had the opportunity to learn from you these past two years. I’m sorry that this semester has been extremely difficult for you surrounding the class but it has truly been a pleasure and I really had fun in your classes. I wish more professors would adopt your approach to teaching. Thanks to the awesome learning environment we were given, it has sparked my curiosity into learning how to automate configuration management and the deployment of multiple servers/environments. :)
Wish you the best,

Company

...

Jaroslav Flidr

CTO and Founder

Veteran engineer and entrepreneur with two decades of hands-on experience in delivering complex solutions in cybersecurity, electrical engineering, embedded devices design, programming, and networking to clients and collaborators from the government sector (e.g., DoD, DARPA, DoE, NSF), industry and academia.

Contact Us

Please direct your inquiry to: info@<this site's domain without www>
We are located in Arlington, Virginia.

Cyber Ranges

We design, build, deploy, and operationalize Cyber Ranges, develop curricula and practicums, provide workforce training.

Scope

In the workforce training mode, Cyber Range provides a powerful and adaptable platform where the students learn Cybersecurity techniques, such as attacks, defenses, incident mitigation, or forensics. Cybersecurity concepts are taught and practiced in a secure environment but with actual production tools and cyber weaponry and are applied to real-world cyberinfrastructure scenarios.

For Cybersecurity professionals, Cyber Range serves as a workbench where new equipment - both physical and digital - can be tested, calibrated, and benchmarked.

Functionality

- design and rapid deployment of arbitrary cyberinfrastructures mirroring the functionality of their physical-world equivalents

- isolated in secure environments

- a single user or a multi-user, replicated modes

- a wide range of secure accessibility options (from the classroom, lab, or a remote location

- training environments ranging from a simple practicum designed to illustrate a Cybersecurity concept, to a full-scale, complex system such as a hospital, a power plant, or a government facility

NOTES:

  • cyberinfrastructure: a collection of various elements such as routers, computers, firewalls, networks, or storage arrays orchestrated into a functional system. In most of the cases, the deployed cyberinfrastructure components are identical to those of their real-world equivalents.
  • environment: a secure, isolated, and independent enclave containing a cyberinfrastructure. An environment is deployed either as a single instantiation or replicated to support simultaneous exercises and practicums.

We use our own, in-house developed software to orchestrate the range and to run exercises, practicums, and events. We have a large portfolio of cybersecurity curricula and practicums addressing everything from Attack Tools and Techniques to Network Security and Operating Systems Defenses. These resources were developed during our previous workforce training engagements and helped hundreds of students acquire advanced cybersecurity knowledge.

Our platform of choice is an on-premises, bare-metal deployment. Such an environment allows for arbitrary configuration of network, storage, and computational resources thus providing the most optimal and flexible substrate for the desired scenarios. In addition, it makes it possible to include actual cyber-physical components such as ICS PLCs, or medical devices. The downside of this approach is its large, upfront cost both in equipment, collocation, and expertise. Typically, we deploy OpenStack running on top of Cisco UCS platform integrated with the ceph storage clusters.

A potentially cheaper alternative is an instantiation of the range in Public Cloud environments such as AWS or Azure. Its downside is the scope of the exercises or toolsets allowed by the underlying cloud infrastructure. Having their own cybersecurity in mind, the limitations imposed by the cloud could be severe. Last but not least, when used intensively - e.g., ~500 virtual machines per class - and at a high duty cycle, the cost would rise very rapidly and match the cost of the on-premises, bare-metal systems.

Industrial Control Systems

In the context of Cyber Range or standalone, we deploy ICS systems and evaluate cybersecurity of their interfaces and communication protocols.

Scope

First and foremost, Industrial Control Systems are the most critical components of the national infrastructure. Yet, its cybersecurity has always been an afterthought resulting in somewhat haphazard approach to its deployment and integration with other commodity cyberinfrastructures. To evaluate it correctly is a challenging task, especially because of the wide range of technologies hiding behind the label.

ICS is a general term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations that are often found in the industrial sectors and critical infrastructures, such as programmable logic controllers (PLC). An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy).

Components of an ICS system - SCADA, PLCs, sensors, and actuators - employ a multitude of interfaces and communication protocols. Some are common and widely used (e.g., Bluetooth, USB, Ethernet) while others, such as modbus, profinet, or RJ485 are proprietary or legacy ones. Often, in order to integrate with modern communication infrastructures, the proprietary and legacy protocols are encapsulated in the current, commodity ones. A good example would be modbus over TCP/IP, profinet over Ethernet, or RJ485 over an arbitrary network protocol.

We focus is on the evaluation of these interfaces and communication protocols in the context of their cybersecurity posture with respect to the interaction with general cyberinfrastructures from the perspective of cybersecurity.

Internet of Things

We provide and evaluate cybersecurity of devices that are capable of connecting to the network.

Sensors • Smart Devices • Embedded Systems

Scope

The problem space is very similar to that of ICS. Like in the ICS case, IoT uses a wide variety of interfaces and communication protocols. Unlike ICS, these devices are ubiquitous and their lowest-common-denominator communication protocols and interfaces use cheap commodity components. Quite often, cybersecurity of these devices has never been addressed. Even though IoT devices tend not to play critical roles in the national infrastructure directly, they do provide a large attack surface and can be exploited to gain control of systems that are much more important.

Regulated Data Enclaves

We architect and deploy data processing environments that meet regulatory compliance standards.

Scope

We focus on delivering and deploying accreditation-eligible infrastructures.

Environments: Cloud (AWS, Azure), on-premises (bare-metal, OpenStack, or their combination (hybrid)

Standards: HIPAA, CUI, FISMA, NIST SP 800 family

Because some organization-specific controls lie outside of the scope of what can be addressed externally, we can assist the client with the accreditation process but are not able to complete it independently

Embedded Devices

Design and prototyping of embedded devices to the client's specification

Scope

For projects that explore new approaches to cybersecurity of ICS or IoT, we can design project-specific embedded devices to the client's specification and prototype them. Whenever necessay, we will write drivers for these devices.

We have a limited capacity to design electronic circuitry based on client's specifications, produce the corresponding PCBs, assemble and test the resulting prototypes. In general, we limit ourselves to simple circuits with microcontrollers, embedded processors, SoC, and their corresponding interaces.