Abstract
Cybersecurity is an emergent need in educational and industrial contexts. There is an increase need to train skilled people, students and employees on cybersecurity techniques. Training is one of the weaknesses identified within the industry especially by practitioners, and the use of cyber ranges is motivated. Cyber ranges are envisaged as infrastructures for training purposes. This paper provides an overview of cyber ranges, and a cyber range exercise design process illustrated with an example. This exercise is used in academic sector and it can be extrapolated to industrial contexts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Thames, Lane, Schaefer, Dirk (eds.): Cybersecurity for industry 4.0. SSAM. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50660-9
Lezzi, M., Lazoi, M., Corallo, A.: Cybersecurity for industry 4.0 in the current literature: a reference framework. Comput. Ind. 103, 97–110 (2018). https://doi.org/10.1016/j.compind.2018.09.004
Lorenz, B., Kikkas, K., Sõmer, T., Laugasson, E.: Cybersecurity within the curricula of informatics: the Estonian perspective. In: Pozdniakov, S.N., Dagienė, V. (eds.) ISSEP 2019. LNCS, vol. 11913, pp. 159–171. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33759-9_13
The White House: National Cyber Strategy of the United States of America (2018). https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf
MITRE: Secure Code Review. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/secure-code-review. Accessed 23 Apr 2020
The European Parliament and of the Council: Directive 95/46/EC (General Data Protection Regulation) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
Larrucea, X., Santamaria, I., Fernandez-Gauna, B.: Managing security debt across PLC phases in a VSE context. J. Softw. Evol. Process (2019). https://doi.org/10.1002/smr.2214
Hicken, A.: Using Static Analysis to Achieve “Secure-by-Design” for GDPR. https://blog.parasoft.com/using-static-analysis-to-security-design-in-gdpr. Accessed 23 Apr 2020
Larrucea, X., Santamaria, I., Colomo-Palacios, R.: Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP. IET Softw. 13, 195–202 (2019). https://doi.org/10.1049/iet-sen.2018.5294
Larrucea, X., Moffie, M., Asaf, S., Santamaria, I.: Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Comput. Stand. Interf. 69, 103408 (2020). https://doi.org/10.1016/j.csi.2019.103408
Baines, T., Lightfoot, H.W.: Servitization of the manufacturing firm. Int. J. Oper. Prod. Manage. 34, 2–35 (2014)
Tropina, T.: Public–private collaboration: cybercrime, cybersecurity and national security. Self- and Co-regulation in Cybercrime, Cybersecurity and National Security. SC, pp. 1–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16447-2_1
Fenton, D., Traylor, T., Hokanson, G., Straub, J.: Integrating cyber range technologies and certification programs to improve cybersecurity training programs. In: Auer, M.E., Tsiatsos, T. (eds.) ICL 2018. AISC, vol. 917, pp. 632–643. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11935-5_60
Larrucea, X.: Modelling and certifying safety for cyber-physical systems: an educational experiment. In: 2016 42th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 198–205. IEEE, Limassol (2016). https://doi.org/10.1109/SEAA.2016.28
Korwin, A.R., Jones, R.E., et al.: Do hands-on, technology-based activities enhance learning by reinforcing cognitive knowledge and retention? J. Technol. Educ. 1(2), 26–33 (1990)
National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. https://csrc.nist.gov/publications/detail/white-paper/2017/12/05/cybersecurity-framework-v11/draft
Dawson, M., Taveras, P., Taylor, D.: Applying software assurance and cybersecurity NICE job tasks through secure software engineering labs. Procedia Comput. Sci. 164, 301–312 (2019). https://doi.org/10.1016/j.procs.2019.12.187
CCN-CERT: Cyber threats and Trends 2019. https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/4041-ccn-cert-ia-13-19-threats-and-trends-report-executive-summary/file.html. Accessed 02 July 2020
Make UK: Cyber security and manufacturing: a briefing manufactureres. https://www.makeuk.org/-/media/cyber-security-and-manufacturing-a-briefing-for-manufacturers.pdf
Thames, L., Schaefer, D.: Industry 4.0: an overview of key benefits, technologies, and challenges. In: Thames, L., Schaefer, D. (eds.) Cybersecurity for Industry 4.0. SSAM, pp. 1–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50660-9_1
Jøsang, A., Ødegaard, M., Oftedal, E.: Cybersecurity through secure software development. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2015. IAICT, vol. 453, pp. 53–63. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18500-2_5
Salah, K., Hammoud, M., Zeadally, S.: Teaching cybersecurity using the cloud. IEEE Trans. Learn. Technol. 8, 383–392 (2015). https://doi.org/10.1109/TLT.2015.2424692
Network Emulation Testbed. https://www.emulab.net/
Cyber-Defense Technology Experimental Research Laboratory Testbed. http://deter-project.org/
Morelli, U., Nicolodi, L., Ranise, S.: An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 140–155. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_10
Scaffidi, C.: What Training is Needed by Practicing Engineers Who Create Cyberphysical Systems? August 2015. https://doi.org/10.1109/SEAA.2015.19
Corallo, A., Lazoi, M., Lezzi, M.: Cybersecurity in the context of industry 4.0: a structured classification of critical assets and business impacts. Comput. Ind. 114, 103165 (2020). https://doi.org/10.1016/j.compind.2019.103165
Kweon, E., Lee, H., Chai, S., Yoo, K.: The utility of information security training and education on cybersecurity incidents: an empirical evidence. Inf. Syst. Front. (2019). https://doi.org/10.1007/s10796-019-09977-z
Brilingaitė, A., Bukauskas, L., Juozapavičius, A.: A framework for competence development and assessment in hybrid cybersecurity exercises. Comput. Secur. 88, 101607 (2020). https://doi.org/10.1016/j.cose.2019.101607
Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020). https://doi.org/10.1016/j.cose.2019.101636
Ferrag, M.A., Ahmim, A.: Security Solutions and Applied Cryptography in Smart Grid Communications. IGI Global (2016)
Yao, W.-M., Fahmy, S.: Flow-based partitioning of network testbed experiments. Comput. Netw. 58, 141–157 (2014). https://doi.org/10.1016/j.comnet.2013.08.029
Fang, Binxing: Positions of states toward cyberspace and cyber-relating regulations. Cyberspace Sovereignty, pp. 243–320. Springer, Singapore (2018). https://doi.org/10.1007/978-981-13-0320-3_8
Beuran, R., Tang, D., Pham, C., Chinen, K., Tan, Y., Shinoda, Y.: Integrated framework for hands-on cybersecurity training: CyTrONE. Comput. Secur. 78, 43–59 (2018). https://doi.org/10.1016/j.cose.2018.06.001
Kitchenham, B., Charters, S.: Guidelines for Performing Systematic Literature Reviews in Software Engineering Version 2.3. Keele University and University of Durham, Keele University (2007)
Nair, S., de la Vara, J.L., Sabetzadeh, M., Briand, L.: Classification, structuring, and assessment of evidence for safety – a systematic literature review. In: 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation, pp. 94–103 (2013). https://doi.org/10.1109/ICST.2013.30
Larrucea, X., Fernandez-Gauna, B.: A mapping study about the standard ISO/IEC29110. Comput. Stand. Interf. (2019). https://doi.org/10.1016/j.csi.2019.03.005
Tecnalia: Tecnalia Cyber Range. https://www.cyberssbytecnalia.com/sites/cysstec.drupal.pulsartecnalia.com/files/LAB-CIBER-RANGES.pdf. Accessed 24 Apr 2020
Acknowledgements
This work has been partially funded by the Sendai - Segurtasun Integrala Industria Adimentsurako (KK-2019/00072) del programa Elkartek del Gobierno Vasco.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Larrucea, X., Santamaría, I. (2020). Designing a Cyber Range Exercise for Educational Purposes. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2020. Communications in Computer and Information Science, vol 1251. Springer, Cham. https://doi.org/10.1007/978-3-030-56441-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-56441-4_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-56440-7
Online ISBN: 978-3-030-56441-4
eBook Packages: Computer ScienceComputer Science (R0)