Multi-National Cyber Security Exercise, Case Flagship 2

Cyber security is not merely about securing devices and focusing on software and hardware. Staff members with skills and know-how are among the most valuable assets in the context of cyber security. Globally, there is a lack of competent cyber security experts available and cyber security skills should be educated more widely.

One of the most effective practices for training cyber security experts is a cyber security exercise. During a cyber security exercise, the learning audience train their skills with a realistic scenario depicting a hectic and stressful cyber incident or cyber attack. In order to successfully implement a cyber security exercise, there must be sufficient technical infrastructure mimicking required systems and networks. The infrastructure should allow the use of realistic threat actors with realistic attack vectors and real malware without compromising any production environments. Facilities offering such infrastructure are widely known as the cyber ranges. There are two special requirements raised by modern cyber range exercises: (i) cyber range collaboration, including capabilities for sharing and pooling cyber range services, and (ii) on-line cyber security exercises without restrictions of being on-site on the exercise premises. The requirement of implementing on-line exercises has increased especially after the spread of COVID-19 pandemic.

In this study, we introduce Flagship 2, a multinational state-of-the-art on-line cyber security exercise based on cyber range federation.

We analyse the technical implementation of the cyber range federation and the learning outcomes of the exercise event based on a participant survey and relevant theories. The analysed results are explained with identified future research topics.


Tero Kokkonen, Jani Päijänen, and Tuomo Sipola

Cite as

Tero Kokkonen, Jani Päijänen, and Tuomo Sipola. 2023. Multi-National Cyber Security Exercise, Case Flagship 2. In Proceedings of the 14th International Conference on Education Technology and Computers (ICETC ’22). Association for Computing Machinery, New York, NY, USA, 292–298.



This research is funded by Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) project of the Horizon 2020 SU-ICT-03-2018 program. The authors thank colleagues at Masaryk University for implementing the virtual machines used in the external analyst assignments. The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.