Nautilus: A Tool For Automated Deployment And Sharing Of Cyber Range Scenarios

In any cybersecurity training program, a non-marginal fraction of the activities are usually devoted to "hands-on" practice, typically in the form of vulnerable scenarios that the trainee must evaluate/penetrate. The manual setup and implementation of such training scenarios is a significant burden on trainers, and takes away valuable time. In order to automate this step and enable reuse of components or even entire scenarios, this paper proposes Nautilus, a Cyber Range with extended capabilities that at the same time provides a training environment and a "marketplace" platform to share scenarios, pre-implemented vulnerabilities/CVEs, scripts, etc. Nautilus leverages advanced cloud technologies to semi-automate deployment of vulnerable configurations of virtualized networks and systems, provides a graphical interface and a scenario description language, and integrates easy-to-use data/knowledge sharing facilities. In this respect, we believe that Nautilus can foster collaboration among different training teams and programs, and stimulate less skilled trainers, which alone would have perhaps prepared only basic scenarios, to access and reuse more advanced exercises prepared by others. Finally, we preliminary show the effectiveness and ease of use of the Nautilus Cyber Range via the results of a (so far) small-scale usability test conducted among different prospective trainers.