A Secure Architecture for the Range-Level Command and Control System of a National Cyber Range Testbed

In recent years, cyber security researchers have become burdened by the time and cost necessary to instantiate secure testbeds suitable for analyzing new threats or evaluating emerging technologies [1]. To alleviate this, DARPA initiated the National Cyber Range (NCR) program to develop the architecture and software tools needed for a secure, self-contained cyber testing facility. Among NCR’s goals was the development of a range capable of rapid and automated reconfiguration of resources, broad scalability, and support for running simultaneous experiments at different security levels [2].

In this paper we present our architecture for the Range-level Command & Control System (RangeC2) developed as part of the Johns Hopkins University Applied Physics Laboratory’s implementation of the NCR [3]. Our discussion includes the RangeC2’s functional and non-functional requirements, the rationale behind its partitioning into layered subsystems, an analysis of each subsystem’s fundamental mechanisms, and an in-depth look at their processing paradigms and data flows.

To meet the demands of this range, the RangeC2 was required to perform three primary jobs: 1) management of all range resources; 2) management of numerous concurrent experiments; and 3) enforcement of each experiment’s resource security and perimeter isolation. Our discussion of the architecture will show how these requirements were met while overcoming the RangeC2’s most critical challenges.