Skip to main content

Designing a Cyber Range Exercise for Educational Purposes

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1251))

Included in the following conference series:

  • 3415 Accesses

Abstract

Cybersecurity is an emergent need in educational and industrial contexts. There is an increase need to train skilled people, students and employees on cybersecurity techniques. Training is one of the weaknesses identified within the industry especially by practitioners, and the use of cyber ranges is motivated. Cyber ranges are envisaged as infrastructures for training purposes. This paper provides an overview of cyber ranges, and a cyber range exercise design process illustrated with an example. This exercise is used in academic sector and it can be extrapolated to industrial contexts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Thames, Lane, Schaefer, Dirk (eds.): Cybersecurity for industry 4.0. SSAM. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50660-9

    Book  Google Scholar 

  2. Lezzi, M., Lazoi, M., Corallo, A.: Cybersecurity for industry 4.0 in the current literature: a reference framework. Comput. Ind. 103, 97–110 (2018). https://doi.org/10.1016/j.compind.2018.09.004

    Article  Google Scholar 

  3. Lorenz, B., Kikkas, K., Sõmer, T., Laugasson, E.: Cybersecurity within the curricula of informatics: the Estonian perspective. In: Pozdniakov, S.N., Dagienė, V. (eds.) ISSEP 2019. LNCS, vol. 11913, pp. 159–171. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33759-9_13

    Chapter  Google Scholar 

  4. The White House: National Cyber Strategy of the United States of America (2018). https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf

  5. MITRE: Secure Code Review. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/secure-code-review. Accessed 23 Apr 2020

  6. The European Parliament and of the Council: Directive 95/46/EC (General Data Protection Regulation) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

  7. Larrucea, X., Santamaria, I., Fernandez-Gauna, B.: Managing security debt across PLC phases in a VSE context. J. Softw. Evol. Process (2019). https://doi.org/10.1002/smr.2214

    Article  Google Scholar 

  8. Hicken, A.: Using Static Analysis to Achieve “Secure-by-Design” for GDPR. https://blog.parasoft.com/using-static-analysis-to-security-design-in-gdpr. Accessed 23 Apr 2020

  9. Larrucea, X., Santamaria, I., Colomo-Palacios, R.: Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP. IET Softw. 13, 195–202 (2019). https://doi.org/10.1049/iet-sen.2018.5294

    Article  Google Scholar 

  10. Larrucea, X., Moffie, M., Asaf, S., Santamaria, I.: Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Comput. Stand. Interf. 69, 103408 (2020). https://doi.org/10.1016/j.csi.2019.103408

    Article  Google Scholar 

  11. Baines, T., Lightfoot, H.W.: Servitization of the manufacturing firm. Int. J. Oper. Prod. Manage. 34, 2–35 (2014)

    Article  Google Scholar 

  12. Tropina, T.: Public–private collaboration: cybercrime, cybersecurity and national security. Self- and Co-regulation in Cybercrime, Cybersecurity and National Security. SC, pp. 1–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16447-2_1

    Chapter  Google Scholar 

  13. Fenton, D., Traylor, T., Hokanson, G., Straub, J.: Integrating cyber range technologies and certification programs to improve cybersecurity training programs. In: Auer, M.E., Tsiatsos, T. (eds.) ICL 2018. AISC, vol. 917, pp. 632–643. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11935-5_60

    Chapter  Google Scholar 

  14. Larrucea, X.: Modelling and certifying safety for cyber-physical systems: an educational experiment. In: 2016 42th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 198–205. IEEE, Limassol (2016). https://doi.org/10.1109/SEAA.2016.28

  15. Korwin, A.R., Jones, R.E., et al.: Do hands-on, technology-based activities enhance learning by reinforcing cognitive knowledge and retention? J. Technol. Educ. 1(2), 26–33 (1990)

    Article  Google Scholar 

  16. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. https://csrc.nist.gov/publications/detail/white-paper/2017/12/05/cybersecurity-framework-v11/draft

  17. Dawson, M., Taveras, P., Taylor, D.: Applying software assurance and cybersecurity NICE job tasks through secure software engineering labs. Procedia Comput. Sci. 164, 301–312 (2019). https://doi.org/10.1016/j.procs.2019.12.187

    Article  Google Scholar 

  18. CCN-CERT: Cyber threats and Trends 2019. https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/4041-ccn-cert-ia-13-19-threats-and-trends-report-executive-summary/file.html. Accessed 02 July 2020

  19. Make UK: Cyber security and manufacturing: a briefing manufactureres. https://www.makeuk.org/-/media/cyber-security-and-manufacturing-a-briefing-for-manufacturers.pdf

  20. Thames, L., Schaefer, D.: Industry 4.0: an overview of key benefits, technologies, and challenges. In: Thames, L., Schaefer, D. (eds.) Cybersecurity for Industry 4.0. SSAM, pp. 1–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50660-9_1

    Chapter  Google Scholar 

  21. Jøsang, A., Ødegaard, M., Oftedal, E.: Cybersecurity through secure software development. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2015. IAICT, vol. 453, pp. 53–63. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18500-2_5

    Chapter  Google Scholar 

  22. Salah, K., Hammoud, M., Zeadally, S.: Teaching cybersecurity using the cloud. IEEE Trans. Learn. Technol. 8, 383–392 (2015). https://doi.org/10.1109/TLT.2015.2424692

    Article  Google Scholar 

  23. Network Emulation Testbed. https://www.emulab.net/

  24. Cyber-Defense Technology Experimental Research Laboratory Testbed. http://deter-project.org/

  25. Morelli, U., Nicolodi, L., Ranise, S.: An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 140–155. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_10

    Chapter  Google Scholar 

  26. Scaffidi, C.: What Training is Needed by Practicing Engineers Who Create Cyberphysical Systems? August 2015. https://doi.org/10.1109/SEAA.2015.19

  27. Corallo, A., Lazoi, M., Lezzi, M.: Cybersecurity in the context of industry 4.0: a structured classification of critical assets and business impacts. Comput. Ind. 114, 103165 (2020). https://doi.org/10.1016/j.compind.2019.103165

    Article  Google Scholar 

  28. Kweon, E., Lee, H., Chai, S., Yoo, K.: The utility of information security training and education on cybersecurity incidents: an empirical evidence. Inf. Syst. Front. (2019). https://doi.org/10.1007/s10796-019-09977-z

  29. Brilingaitė, A., Bukauskas, L., Juozapavičius, A.: A framework for competence development and assessment in hybrid cybersecurity exercises. Comput. Secur. 88, 101607 (2020). https://doi.org/10.1016/j.cose.2019.101607

    Article  Google Scholar 

  30. Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020). https://doi.org/10.1016/j.cose.2019.101636

    Article  Google Scholar 

  31. Ferrag, M.A., Ahmim, A.: Security Solutions and Applied Cryptography in Smart Grid Communications. IGI Global (2016)

    Google Scholar 

  32. Yao, W.-M., Fahmy, S.: Flow-based partitioning of network testbed experiments. Comput. Netw. 58, 141–157 (2014). https://doi.org/10.1016/j.comnet.2013.08.029

    Article  Google Scholar 

  33. Fang, Binxing: Positions of states toward cyberspace and cyber-relating regulations. Cyberspace Sovereignty, pp. 243–320. Springer, Singapore (2018). https://doi.org/10.1007/978-981-13-0320-3_8

    Chapter  Google Scholar 

  34. Beuran, R., Tang, D., Pham, C., Chinen, K., Tan, Y., Shinoda, Y.: Integrated framework for hands-on cybersecurity training: CyTrONE. Comput. Secur. 78, 43–59 (2018). https://doi.org/10.1016/j.cose.2018.06.001

    Article  Google Scholar 

  35. Kitchenham, B., Charters, S.: Guidelines for Performing Systematic Literature Reviews in Software Engineering Version 2.3. Keele University and University of Durham, Keele University (2007)

    Google Scholar 

  36. Nair, S., de la Vara, J.L., Sabetzadeh, M., Briand, L.: Classification, structuring, and assessment of evidence for safety – a systematic literature review. In: 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation, pp. 94–103 (2013). https://doi.org/10.1109/ICST.2013.30

  37. Larrucea, X., Fernandez-Gauna, B.: A mapping study about the standard ISO/IEC29110. Comput. Stand. Interf. (2019). https://doi.org/10.1016/j.csi.2019.03.005

    Article  Google Scholar 

  38. Tecnalia: Tecnalia Cyber Range. https://www.cyberssbytecnalia.com/sites/cysstec.drupal.pulsartecnalia.com/files/LAB-CIBER-RANGES.pdf. Accessed 24 Apr 2020

Download references

Acknowledgements

This work has been partially funded by the Sendai - Segurtasun Integrala Industria Adimentsurako (KK-2019/00072) del programa Elkartek del Gobierno Vasco.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xabier Larrucea .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Larrucea, X., Santamaría, I. (2020). Designing a Cyber Range Exercise for Educational Purposes. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2020. Communications in Computer and Information Science, vol 1251. Springer, Cham. https://doi.org/10.1007/978-3-030-56441-4_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-56441-4_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-56440-7

  • Online ISBN: 978-3-030-56441-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics