Emulytics

Pursuing scientific understanding of complex, distributed cyber systems

Introduction

Emulytics Logo

Despite the criticality of cyber systems to national and global stability, cyber defenders lack the rigorous scientific techniques needed to make high-consequence decisions with confidence. The Emulytics™ team at Sandia National Laboratories is focused on using cyber emulation, mathematical modeling, and data analysis methodologies to produce quantitative knowledge about these critical systems, enabling substantiated risk assessment and mitigation strategies.

The term “Emulytics” was coined by practitioners to capture the intent of these efforts – a holistic approach to cyber emulation and analytics.

Transforming Cyber Experimentation

Emulytics™ experiments have provided safe, isolated environments to study and test networked information systems and train cyber staff for nearly two decades. Our tools and methodologies support analysis for a wide range of systems including enterprise, industrial control, Internet of Things, mobile networks, and other bespoke national security systems. Emulytics™ environments are highly scalable and can be deployed on a system as small as a laptop or on clusters with hundreds of high performance servers.

Image of DataCyber-1

In recent years, Sandia has begun applying its long history of expertise in mathematical modeling and data science to Emulytics™. Using novel combinations of virtualization, simulation, physical test beds, uncertainty quantification, and stochastic methods, our researchers are discovering more robust ways to apply the scientific method to cyber and design rapid, reliable, and repeatable experiments.

Applications

Sandia’s Emulytics™ experts orchestrate experiments to enable solutions across several application areas:

Image of PerformanceAnalysis-3

Performance Analysis

Test the security or resilience of a system of interest without having to impact actual operations.

Image of DevelopmentTestbed-2

Development Test Beds

Rapidly compare and test system design alternatives using virtualized proofs of concept.

Image of Training-1

Exercise & Training Support

Create cyber training environments designed to prepare staff to meet specific mission needs.

Image of DeceptionNetworks-3

Deception Networks

Virtualize key components of networks to provide dynamic and/or moving target defense.

Image of MitigationAnalysis-1

Defense Optimization

Explore how defensive tactics, techniques, and procedures perform in a wide variety of circumstances, configurations, and environments.

Image of Experimentation-1

Risk & Consequence Studies

Run controlled experiments that reveal complex system behavior and its cascading effects under rare or malicious circumstances.

Software Tools

Emulytics™ aggregates a variety of tools developed by Sandia to support the workflows needed for rigorous cyber experimentation. Follow the links for open-source versions.

minimega

minimega is a tool for launching and managing virtual machines. It can run on your laptop or distributed across a cluster. minimega is fast, easy to deploy, and can scale to run on massive clusters with virtually no setup.

More information: https://www.sandia.gov/minimega/

SCEPTRE

SCEPTRE provides a comprehensive ICS/SCADA modeling and simulation capability that captures the cyber-physical impacts of targeted cyber events on critical infrastructure and control systems. Open source packages can be found on Sandia’s GitHub.

Firewheel

Firewheel is a cyber experiment design and control platform that provides infrastructure to test large-scale, realistic, and complex network topologies and rapidly run experiments under a variety of of parameters.

More information: Firewheel GitHub

Dakota

Dakota delivers both state-of-the-art research and robust, usable software for optimization and UQ. Broadly, the Dakota software’s advanced parametric analyses enable design exploration, model calibration, risk analysis, and quantification of margins and uncertainty with computational models.

More information: https://dakota.sandia.gov/

Pyomo

Pyomo is a Python-based open-source software package that supports a diverse set of optimization capabilities for formulating, solving, and analyzing optimization models.

More information: http://www.pyomo.org/