Skip to main content
SpringerLink
Log in

Cyber Range Exercises: Potentials and Open Challenges for Organizations

  • Conference paper
  • First Online:
Human Aspects of Information Security and Assurance (HAISA 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 674))

  • 507 Accesses

Abstract

The shortage of skilled cybersecurity professionals poses a significant challenge for organizations seeking to protect their assets and data. To address this shortage, onboarding and reskilling employees for cybersecurity positions becomes a daunting task for organizations. Cyber ranges mirror digital infrastructures to provide a realistic yet safe environment for cybersecurity training. To date, the potential of cyber ranges has been leveraged primarily in academic education. This paper investigates how cyber range exercises (CRX) can enhance the onboarding and reskilling of cybersecurity professionals in organizations. To this end, we conducted semi-structured interviews with seven cybersecurity professionals from organizations in different industry sectors in Germany and India. Our findings indicate that the main potential of CRXs lies in conveying universal cybersecurity concepts that are transferable to the particular systems, technologies and tools of an organization. Thereby, CRXs represent a promising complement to existing organizational training strategies. Challenges to overcome were identified in establishing an organizational CRX infrastructure, building the necessary competencies to conduct the exercises, and ensuring the comparability of CRXs to validate personal competence development.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.splunk.com/.

  2. 2.

    https://www.ibm.com/qradar.

  3. 3.

    https://www.microfocus.com/en-us/cyberres/secops/arcsight-esm.

  4. 4.

    https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html.

  5. 5.

    https://attack.mitre.org/.

References

  1. Accenture: Accenture Security ICS Cyber Range. https://www.accenture.com/us-en/services/security/cyber-resilience

  2. Airbus: Airbus cyberrange: An advanced simulation solution. https://www.cyber.airbus.com/cyberrange/

  3. Beuran, R., Tang, D., Pham, C., Chinen, K., Tan, Y., Shinoda, Y.: Integrated framework for hands-on cybersecurity training: cytrone. Comput. Secur. 78, 43–59 (2018). https://doi.org/10.1016/j.cose.2018.06.001

    Article  Google Scholar 

  4. Brilingaitė, A., Bukauskas, L., Kutka, E.: Development of an educational platform for cyber defence training. In: Proceedings of the 2017 European Conference on Cyber Warfare and Security, pp. 73–81. Academic Conferences International Limited (2017)

    Google Scholar 

  5. Čeleda, P., Čegan, J., Vykopal, J., Tovarňák, D.: Kypo-a platform for cyber defence exercises. M &S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence. NATO Science and Technology Organization (2015)

    Google Scholar 

  6. Chouliaras, N., Kittes, G., Kantzavelou, I., Maglaras, L., Pantziou, G., Ferrag, M.A.: Cyber ranges and testbeds for education, training, and research. Appl. Sci. 11(4) (2021). https://doi.org/10.3390/app11041809

  7. Collins, M., Hussain, A., Schwab, S.: Towards an operations-aware experimentation methodology. In: Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 384–393 (2022). https://doi.org/10.1109/EuroSPW55150.2022.00046

  8. Corbin, J., Strauss, A.L.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 4th edn. Sage, Thousand Oaks (2015)

    Google Scholar 

  9. Davis, J., Magrath, S.: A survey of cyber ranges and testbeds. Technical report, Defence Science and Technology Organisation Edinburg (Australia) Cyber and Electronic Warfare DIV (2013)

    Google Scholar 

  10. Furnell, S., Fischer, P., Finch, A.: Can’t get the staff? The growing need for cyber-security skills. Comput. Fraud Secur. 2017(2), 5–10 (2017)

    Article  Google Scholar 

  11. Glas, M., Vielberth, M., Pernul, G.: Train as you fight: evaluating authentic cybersecurity training in cyber ranges. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (2023, forthcoming)

    Google Scholar 

  12. Hatzivasilis, G., et al.: The threat-arrest cyber range platform. In: Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 422–427 (2021). https://doi.org/10.1109/CSR51186.2021.9527963

  13. IBM: IBM Security X-Force Cyber Range. https://www.ibm.com/services/security-operations-center

  14. (ISC)\(^2\): (ISC)\(^2\) Cybersecurity Workforce Study 2022 - A critical need for cybersecurity professionals persists amidst a year of cultural and workplace evolution. Technical report (2022)

    Google Scholar 

  15. Kavallieratos, G., Katsikas, S.K., Gkioulos, V.: Towards a cyber-physical range. In: Proceedings of the 5th on Cyber-Physical System Security Workshop, CPSS 2019, pp. 25–34. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3327961.3329532

  16. Kim, J., Maeng, Y., Jang, M.: Becoming invisible hands of national live-fire attack-defense cyber exercise. In: Proceedings of the 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 77–84 (2019). https://doi.org/10.1109/EuroSPW.2019.00015

  17. Leitner, M., et al.: AIT cyber range: flexible cyber security environment for exercises, training and research. In: Proceedings of the European Interdisciplinary Cybersecurity Conference. EICC 2020. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3424954.3424959

  18. National Initiative for Cybersecurity Education (NICE): The Cyber Range: A Guide. Technical report (2020)

    Google Scholar 

  19. Oltsik, J., Lundell, B.: The life and times of cybersecurity professionals. Technical report, The Enterprise Strategy Group (ESG) and Information Systems Security Association International (ISSA) (2021)

    Google Scholar 

  20. Pham, C., Tang, D., Chinen, K., Beuran, R.: Cyris: A cyber range instantiation system for facilitating security training. In: Proceedings of the Seventh Symposium on Information and Communication Technology, SoICT 2016, pp. 251–258. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/3011077.3011087

  21. Vielberth, M., Glas, M., Dietz, M., Karagiannis, S., Magkos, E., Pernul, G.: A digital twin-based cyber range for SOC analysts. In: Barker, K., Ghazinour, K. (eds.) DBSec 2021. LNCS, vol. 12840, pp. 293–311. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81242-3_17

    Chapter  Google Scholar 

  22. Vykopal, J., Vizvary, M., Oslejsek, R., Celeda, P., Tovarnak, D.: Lessons learned from complex hands-on defence exercises in a cyber range. In: 2017 IEEE Frontiers in Education Conference (FIE), pp. 1–8 (2017). https://doi.org/10.1109/FIE.2017.8190713

  23. Yamin, M.M., Katt, B., Gkioulos, V.: Cyber ranges and security testbeds: scenarios, functions, tools and architecture. Comput. Secur. 88, 101636 (2020)

    Google Scholar 

Download references

Acknowledgement

We kindly want to thank all interviewees for sharing our enthusiasm for the topic and dedicating their time and effort to participate in our study. Without their valuable insights, this research would not have been possible. This work was performed under the INSIST project, which is supported under contract by the Bavarian Ministry of Economic Affairs, Regional Development and Energy (DIK0338/01).

Author information

Authors and Affiliations

  1. University of Regensburg, Regensburg, Germany

    Magdalena Glas & Günther Pernul

  2. Q_PERIOR AG, Munich, Germany

    Fabian Böhm & Falko Schönteich

Authors
  1. Magdalena Glas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabian Böhm
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Falko Schönteich
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Magdalena Glas .

Editor information

Editors and Affiliations

  1. University of Nottingham, Nottingham, UK

    Steven Furnell

  2. University of Plymouth, Plymouth, UK

    Nathan Clarke

Appendix: Interview Guideline

Appendix: Interview Guideline

Topic 1: Status Quo of onboarding and reskilling in cybersecurity

  • Q1.1: Is onboarding and reskilling of cybersecurity professionals a topic relevant to your organization, and what strategies are in place to address this need?

  • Q1.2: Have you received any hands-on cybersecurity training throughout your professional career?

Topic 2: Potential of CRXs

  • Q2.1: In your opinion, what specific target groups within an organization could benefit from participating in cyber range exercises, and why?

  • Q2.2: What specific skills and tools do you believe should be covered in a cyber range exercise?

Topic 3: Prospects on implementation and open challenges

  • Q3.1: When it comes to cyber ranges, what level of fidelity (i.e., realism) do you think is necessary to provide an effective training experience?

  • Q3.2: In terms of cyber range development, do you see more potential in in-house development or in utilizing cyber range as-a-Service offerings, and why?

  • Q3.3: What are challenges that organizations face when implementing a cyber range, and what strategies can be employed to overcome these challenges?

Rights and permissions

Reprints and permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Glas, M., Böhm, F., Schönteich, F., Pernul, G. (2023). Cyber Range Exercises: Potentials and Open Challenges for Organizations. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38530-8_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38529-2

  • Online ISBN: 978-3-031-38530-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation