No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
The THREAT-ARREST Cyber Range Platform
Abstract
Emerging technologies are facilitating our daily activities and drive the digital transformation. The Internet of Things (IoT) and 5G communications will provide a wide range of new applications and business opportunities, but with a wide and quite complex attack surface. Several users are not aware of the underlying threats and most of them do not possess the knowledge to set and operate the various digital assets securely. Therefore, cyber security training is becoming mandatory both for simple users and security experts. Cyber ranges constitute an advance training technique where trainees gain hands-on experiences on a safe virtual environment, which can be a realistic digital twin of an actual system. This paper presents the cyber ranges platform THREAT-ARREST. Its design is fully model-driven and offers all modern training features (i.e. emulation, simulation, serious games, and fabricated data). The platform has been evaluated under the smart energy, intelligent transportation, and healthcare domains.
... In this context, CRXs are primarily developed for the education of students in cybersecurity curricula. Prominent examples are the cyber range platforms KYPO [5,22], CyTrone [3,20] and THREAT-ARREST [12]. CRXs on these platforms with hundreds of participants provide far-reaching insights into how cyber ranges contribute to acquiring practical cybersecurity skills in academic curricula. ...
The shortage of skilled cybersecurity professionals poses a significant challenge for organizations seeking to protect their assets and data. To address this shortage, onboarding and reskilling employees for cybersecurity positions becomes a daunting task for organizations. Cyber AQ1 ranges mirror digital infrastructures to provide a realistic yet safe environment for cybersecurity training. To date, the potential of cyber ranges has been leveraged primarily in academic education. This paper investigates how cyber range exercises (CRX) can enhance the onboarding and reskilling of cybersecurity professionals in organizations. To this end, we conducted semi-structured interviews with seven cybersecurity professionals from organizations in different industry sectors in Germany and India. Our findings indicate that the main potential of CRXs lies in conveying universal cybersecurity concepts that are transferable to the particular systems, technologies and tools of an organization. Thereby, CRXs represent a promising complement to existing organizational training strategies. Challenges to overcome were identified in establishing an organizational CRX infrastructure, building the necessary competencies to conduct the exercises, and ensuring the comparability of CRXs to validate personal competence development.
Humans can play a decisive role in detecting and mitigating cyber attacks if they possess sufficient cybersecurity skills and knowledge. Realizing this potential requires effective cybersecurity training. Cy-ber range exercises (CRXs) represent a novel form of cybersecurity training in which trainees can experience realistic cyber attacks in authentic environments. Although evaluation is undeniably essential for any learning environment, it has been widely neglected in CRX research. Addressing this issue, we propose a taxonomy-based framework to facilitate a comprehensive and structured evaluation of CRXs. To demonstrate the applicability and potential of the framework, we instantiate it to evaluate Iceberg CRX, a training we recently developed to improve cybersecurity education at our university. For this matter, we conducted a user study with 50 students to identify both strengths and weaknesses of the CRX. CCS CONCEPTS • Applied computing → Interactive learning environments; • Security and privacy → Social aspects of security and privacy.
Abstract—Healthcare ecosystems form a critical type of in-frasHealthcare ecosystems form a critical type of in-frastructures that provide valuable services in today societies.However, the underlying sensitive information is also of interest ofmalicious entities around the globe, with the attack volume beingcontinuously increasing. Safeguarding this complex computerizedsetting constitutes a major challenge for the involved organi-zations. This paper presents an incident handling system forhealthcare organizations and their supply-chain. The proposedapproach utilizes swarm intelligence in order to assess the currentsecurity posture in a continuous basis and respond to attacksin real-time. The overall solution is based on the related NIST800.61 standard and implements the operations of i) preparation,ii) detection and analysis, iii) containment, eradication, andrecovery, and iv) post-incident activity. The system is developedunder the EU funded project AI4HEALTHSEC and is appliedin the relevant healthcare pilots.Index Terms—Healthcare sector, incident handling, incidentresponse, response team, security, p (PDF) Incident Handling for Healthcare Organizations and Supply-Chains. Available from: https://www.researchgate.net/publication/365121773_Incident_Handling_for_Healthcare_Organizations_and_Supply-Chains [accessed Mar 10 2023].ructures that provide valuable services in today societies.However, the underlying sensitive information is also of interest ofmalicious entities around the globe, with the attack volume beingcontinuously increasing. Safeguarding this complex computerizedsetting constitutes a major challenge for the involved organi-zations. This paper presents an incident handling system forhealthcare organizations and their supply-chain. The proposedapproach utilizes swarm intelligence in order to assess the currentsecurity posture in a continuous basis and respond to attacksin real-time. The overall solution is based on the related NIST800.61 standard and implements the operations of i) preparation,ii) detection and analysis, iii) containment, eradication, andrecovery, and iv) post-incident activity.
Serious games seem to be a good alternative to traditional trainings since they are supposed to be more entertaining and engaging. However, serious games also create specific challenges: The serious games should not only be adapted to specific target groups, but also be capable of addressing recent attacks. Furthermore, evaluation of the serious games turns out to be challenging. While this already holds for serious games in general, it is even more difficult for serious games on security and privacy awareness. On the one hand, because it is hard to measure security and privacy awareness. On the other hand, because both of these topics are currently often in the main stream media requiring to make sure that a measured change really results from the game session. This paper briefly introduces three serious games to counter social engineering attacks and one serious game to raise privacy awareness. Based on the introduced games the raised challenges are discussed and partially existing solutions are presented.
Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation.
Cyber security research is quintessential to secure computerized systems against cyber threats. Likewise, cyber security training and exercises are instrumental in ensuring that the professionals protecting the systems have the right set of skills to do the job. Cyber ranges provide platforms for testing, experimentation and training, but developing and executing experiments and training sessions are labour intensive and require highly skilled personnel. Several cyber range operators are developing automated tools to speed up the creation of emulated environments and scenarios as well as to increase the number and quality of the executed events. In this paper we investigate automated tools used in cyber ranges and research initiatives designated to augment cyber ranges automation. We also investigate the automation features in CRATE (Cyber Range And Training Environment) operated by the Swedish Defence Research Agency (FOI).
Introduction
Today, cyber-security curricula are available across educational types and levels, including a vast array of programs and modules tailored to specific sectors of industry and audiences, to allow more targeted delivery of knowledge. Nonetheless, general agreement on best measures and methods for cybersecurity training has yet to be reached.
Objective
In this study, we seek to establish the current state-of-the-art in cyber-security training offerings for critical infrastructure protection and the key performance indicators (KPIs) that allow evaluating their effectiveness. Particular focus is given in this study on the aviation, energy and nuclear sectors.
Methodology
Accordingly, the article presents the findings of a systematic literature review that collected relevant literature produced after 2000. The identified sources have been examined according to a formal data extraction form, allowing the analysis of relevant training solutions, methodologies, target groups and focus areas.
Results
The results show that solutions that provide hands-on experience, team skills development, high level of real-life fidelity are often preferred to other options, with simulation-based solutions showing the highest amount of research and development. Nonetheless, researchers have not reached agreements on optimal training delivery methods and design of cybersecurity exercises.
Conclusion
Consequently, research on improving current cybersecurity training offerings should be conducted, to demonstrate whether integrating advantageous attributes from different delivery methods could produce more comprehensive and effective solutions.
In recent years, there has been a growing demand for cybersecurity experts, and, according to predictions, this demand will continue to increase. Cyber Ranges can fill this gap by combining hands-on experience with educational courses, and conducting cybersecurity competitions. In this paper, we conduct a systematic survey of ten Cyber Ranges that were developed in the last decade, with a structured interview. The purpose of the interview is to find details about essential components, and especially the tools used to design, create, implement and operate a Cyber Range platform, and to present the findings.
The railway transport system is critical infrastructure that is exposed to numerous man-made and natural threats, thus protecting this physical asset is imperative. Cyber security, privacy, and dependability (SPD) are also important, as the railway operation relies on cyber-physical systems (CPS) systems. This work presents SPD-Safe—an administration framework for railway CPS, leveraging artificial intelligence for monitoring and managing the system in real-time. The network layer protections integrated provide the core security properties of confidentiality, integrity, and authentication, along with energy-aware secure routing and authorization. The effectiveness in mitigating attacks and the efficiency under normal operation are assessed through simulations with the average delay in real equipment being 0.2–0.6 s. SPD metrics are incorporated together with safety semantics for the application environment. Considering an intelligent transportation scenario, SPD-Safe is deployed on railway critical infrastructure, safeguarding one outdoor setting on the railway’s tracks and one in-carriage setting on a freight train that contains dangerous cargo. As demonstrated, SPD-Safe provides higher security and scalability, while enhancing safety response procedures. Nonetheless, emergence response operations require a seamless interoperation of the railway system with emergency authorities’ equipment (e.g., drones). Therefore, a secure integration with external systems is considered as future work.
Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented.
Understanding the effects of individual awareness on epidemic phenomena is important to comprehend the coevolving system dynamic, to improve forecasting, and to better evaluate the outcome of possible interventions. In previous models of epidemics on social networks, individual awareness has often been approximated as a generic personal trait that depends on social reinforcement, and used to introduce variability in state transition probabilities. A novelty of this work is to assume that individual awareness is a function of several contributing factors pooled together, different by nature and dynamics, and to study it for different epidemic categories. This way, our model still has awareness as the core attribute that may change state transition probabilities. Another contribution is to study positive and negative variations of awareness, in a contagion-behavior model. Imitation is the key mechanism that we model for manipulating awareness, under different network settings and assumptions, in particular regarding the degree of intentionality that individuals may exhibit in spreading an epidemic. Three epidemic categories are considered—disease, addiction, and rumor—to discuss different imitation mechanisms and degree of intentionality. We assume a population with a heterogeneous distribution of awareness and different response mechanisms to information gathered from the network. With simulations, we show the interplay between population and awareness factors producing a distribution of state transition probabilities and analyze how different network and epidemic configurations modify transmission patterns.
Measurement of software security is an ongoing research field. Privacy is also becoming an imperative target as social networking and ubiquitous computing evolve and users exchange high volumes of personal information. However, security and privacy alone don't guarantee proper data protection; software must also be dependable. Several standards typify the main concepts and protection mechanisms for these three properties, and measurement methodologies can quantify the provided protection level. However, security, privacy, and dependability are usually dealt with in isolation. To solve this problem, researchers have proposed a practical, easy-to-use methodology that measures a software system's overall security, privacy, and dependability (SPD) on the basis of the standards for each property. The nSHIELD (New Embedded Systems Architecture for Multi-layer Dependable Solutions) project is applying the SPD methodology to evaluate configurable embedded software in a social-mobility scenario.
This study aims to gain insight into some of the factors that determine the transfer of training to the work context. The present research examined the relationship between three types of predictors on transfer of training, including training design, individual characteristics and work environment. Data was collected at two points in time from 182 employees in a large grocery organization. The results indicated that transfer design, performance self-efficacy, training retention and performance feedback were significantly related to transfer of training. Contrary to expectation, supervisory support was not significantly related to transfer of training. These results suggest that in order to enhance transfer of training, organizations should design training that gives trainees the ability to transfer learning, reinforces the trainee's beliefs in their ability to transfer, ensures the training content is retained over time and provides appropriate feedback regarding employee job performance following training activities.
Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model. We then validate the training program for IS security policy compliance training through an action research project. The action research intervention suggests that the theory-based training achieved positive results and was practical to deploy. Moreover, the intervention suggests that information security training should utilize contents and methods that activate and motivate the learners to systematic cognitive processing of information they receive during the training. In addition, the action research study made clear that a continuous communication process was also required to improve user IS security policy compliance. The findings of this study offer new insights for scholars and practitioners involved in IS security policy compliance.
Transfer of training is of paramount concern for training researchers and practitioners. Despite research efforts, there is a growing concern over the "transfer problem." The purpose of this paper is to provide a critique of the existing transfer research and to suggest directions for future research investigations. The conditions of transfer include both the generalization of learned material to the job and the maintenance of trained skills over a period of time on the job. The existing research examining the effects of training design, trainee, and work-environment factors on conditions of transfer is reviewed and critiqued. Research gaps identified from the review include the need to (1) test various operationalizations of training design and work-environment factors that have been posited as having an impact on transfer and (2) develop a framework for conducting research on the effects of trainee characteristics on transfer. Needed advancements in the conceptualization and operationalization of the criterion of transfer are also discussed. ABSTRACT FROM AUTHOR Copyright of Personnel Psychology is the property of Blackwell Publishing Limited and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts)
Cyber ranges are virtual environments used in several contexts to enhance the awareness and preparedness of users to cybersecurity threats. Effectiveness of cyber ranges strongly depends on how much realistic are the training scenarios provided to trainees and on an efficient mechanism to monitor and evaluate trainees’ activities. In the context of the emulation environment of the THREAT-ARREST cyber range platform, in this paper we present a preliminary design of our work in progress towards the definition of a model-driven approach to monitor and evaluate the trainee performance. We enhance the platform emulation environment with an agent-based system that checks trainees’ behavior in order to collect all the trainee’s actions performed while executing a training exercise. Furthermore, we propose a modular taxonomy of the actions that can be exploited for the description of the trainee’s expected behavior in terms of the expected trace, i.e., the sequence of actions that is required for the correct execution of an exercise. We model the expected and actual trainee activities in terms of finite state machines, then we apply an existing algorithm for graph matching to score the trainee performance in terms of graph distance.
Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game CyberSecurity Awareness Quiz provides a quiz on recent variants to make employees aware of new attacks or attack variants in an entertaining way. While the gameplay of a quiz is more or less generic, the core of our contribution is a concept to create questions and answers based on current affairs and attacks observed in the wild.
Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cy-berSecurity Awareness Quiz provides a quiz on recent variants to make employees aware of new attacks or attack variants in an entertaining way. While the gameplay of a quiz is more or less generic, the core of our contribution is a concept to create questions and answers based on current affairs and attacks observed in the wild.
Social engineering is the clever manipulation of human trust. While most security protection focuses on technical aspects, organisations remain vulnerable to social engineers. Approaches employed in social engineering do not differ significantly from the ones used in common fraud. This implies defence mechanisms against the fraud are useful to prevent social engineering, as well. We tackle this problem using and enhancing an existing online serious game to train employees to use defence mechanisms of social psychology. The game has shown promising tendencies towards raising awareness for social engineering in an entertaining way. Training is highly effective when it is adapted to the players context. Our contribution focuses on enhancing the game with highly configurable game settings and content to allow the adaption to the player’s context as well as the integration into training platforms. We discuss the resulting game with practitioners in the field of security awareness to gather some qualitative feedback.
The goal of this study is to examine the effects of learner control on information security (ISec) training effectiveness. While organizations recognize the importance of education and training in security and invest in such efforts, the design of these programs often lacks theoretical grounding and the outcomes are often not critically evaluated. This paper attempts to fill these gaps by (1) identifying desirable characteristics for the design of such training programs, (2) using these characteristics as guidelines to design a web-based information security training (3) experimentally evaluating the effectiveness of the training using critical outcomes such as training satisfaction, security training performance, self-efficacy, perceived threat severity and susceptibility. We find that web based ISec training that incorporates learner control positively affects training reactions and learning outcomes.
In this paper, we introduce a hybrid approach for certifying security properties of cloud services that combines monitoring and testing data. The paper argues about the need for hybrid certification and examines some basic characteristics of hybrid certification models.
This study aims to gain insight into some of the factors that determine the transfer of training to the work context. The present research examined the relationship between three types of predictors on transfer of training, including training design, individual characteristics and work environment. Data was collected at two points in time from 182 employees in a large grocery organization. The results indicated that transfer design, performance self-efficacy, training retention and performance feedback were significantly related to transfer of training. Contrary to expectation, supervisory support was not significantly related to transfer of training. These results suggest that in order to enhance transfer of training, organizations should design training that gives trainees the ability to 282 International Journal of Training and Development transfer learning, reinforces the trainee's beliefs in their ability to transfer, ensures the training content is retained over time and provides appropriate feedback regarding employee job performance following training activities.
AI-driven composition and security validation of an IoT ecosystem
- hatzivasilis
Hatzivasilis, G., et al.: AI-driven composition and security validation of
an IoT ecosystem. Applied Sciences -Special Issue on Smart City and
Multi-Agent Systems, MDPI Open Access Journal, August 2020, vol. 10,
issue 14, article 4862, pp. 1-31.
Computer security incident handling guide
- cichonski
Online cyber security & hacking courses
- Stationx
SPD-Safe: Secure administration of railway intelligent transportation systems. Electronics -Special Issue on Advances in Public Transport Platform for the Development of Sustainability Cities
- G Hatzivasilis
Hatzivasilis, G., et al.: SPD-Safe: Secure administration of railway
intelligent transportation systems. Electronics -Special Issue on
Advances in Public Transport Platform for the Development of
Sustainability Cities, MDPI Open Access Journal, January 2021, vol. 10,
issue 1, article 92, pp. 1-26.
CYRA: A Model-Driven Cyber Range Assurance Platform. Applied Sciences -Special Issue on Security Management of 5G and IoT Ecosystems
- I Smyrlis
Smyrlis, I., et al.: CYRA: A Model-Driven Cyber Range Assurance
Platform. Applied Sciences -Special Issue on Security Management of
5G and IoT Ecosystems, MDPI Open Access Journal, June 2021, vol. 11,
issue 11, article 5165, pp. 1-28.
- C Braghin
Braghin, C., et al.: Towards the Monitoring and Evaluation of Trainees'
Activities in Cyber Ranges. 2 nd Model-driven Simulation and Training
Environments for Cybersecurity (MSTEC), ESORICS, Guildford, UK,
September 2020, Springer, LNCS, vol. 12512, pp. 79-91.
Develop security skills
- Cybrary
Cybrary: Develop security skills. https://www.cybrary.it/.
[12] StationX:
Online
cyber
security
&
hacking
courses.
https://www.stationx.net/.
- L Goeke
Goeke, L., et al.: PROTECT -An Easy Configurable Serious Game to
Train Employees Against Social Engineering Attacks. 1 st Model-driven
Simulation and Training Environments for Cybersecurity (MSTEC),
ESORICS, Luxembourg, September 2019, Springer, LNCS, vol. 11981,
pp 156-171.
- S Pape
Pape, S., et al.: Conceptualization of a CyberSecurity Awareness Quiz.
2 nd Model-driven Simulation and Training Environments for
Cybersecurity (MSTEC), ESORICS, Guildford, UK, September 2020,
Springer, LNCS, vol. 12512, pp. 61-76.