Digitalization has increased the significance of cybersecurity within the current highly interconnected society. The number and complexity of different cyber-attacks as well as other malicious activities has increased during the last decade and affected the efforts needed to maintain a sufficient level of cyber resilience in organisations. Due to Industry 4.0 and the advanced use of IT and OT technologies and the adaptation of IoT devices, sensors, AI technology, etc., cybersecurity can no longer considered to be taken lightly when trying to gain a competitive advantage in business.
When transferring from traditional reactive cybersecurity measures to proactive cyber resilience, cyber ranges are considered a particularly useful tool for keeping the organisation in the game.
With their background in defence research (e.g., DARPA NCP in 2008), cyber ranges are defined as interactive simulated platforms representing networks, systems, tools, and/or applications in a safe, legal environment that can be used for developing cyber skills or testing products and services. Cyber ranges can be considered vital in facilitating and fostering cybersecurity training, certification, and general education. Despite the definition, cyber ranges seem to be only used by military or so-called “technical people” when quite a few more organisations could benefit from them.
This article attempts to reveal the secrets behind cyber ranges and their use focusing on suitable target environments, common functions, and use cases.
Our main objective is to identify a classification of cyber ranges and skills related to these diverse types of ranges. We emphasise the cyber resilience of any type of organisation that demands the use of cyber range type of training. Different training scenarios improve different sets of organisational skills. The article is based on an extensive survey on cyber ranges, their use, and technical capabilities that was conducted in CyberSec4Europe project.
Jani Päijänen, Karo Saharinen, Jarno Salonen, Tuomo Sipola, Jan Vykopal, Tero Kokkonen
J. Päijänen, K. Saharinen, J. Salonen, T. Sipola, J. Vykopal, T. Kokkonen, “Cyber Range: Preparing for Crisis or Something Just for Technical People?”, Proceeding of the 20th European Conference on Cyber Warfare and Security (ECCWS 2021), 2021, pp. 322-330, doi: 10.34190/EWS.21.012.
Also available: https://urn.fi/URN:NBN:fi-fe2021111956073
This research was supported by the Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) project of the Horizon 2020 SU-ICT-03-2018 program, and by the ERDF project “CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence” (No. CZ.02.1.01/0.0/0.0/16_019/0000822).
The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.