Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range

VYKOPAL, Jan, Martin VIZVÁRY, Radek OŠLEJŠEK, Pavel ČELEDA and Daniel TOVARŇÁK. Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range. In 2017 IEEE Frontiers in Education Conference. Indianapolis, IN, USA: IEEE. p. 1-8. ISBN 978-1-5090-5919-5. doi:10.1109/FIE.2017.8190713. 2017.

Basic information

• Original name: Lessons Learned From Complex Hands-on Defence Exercises in a Cyber Range
• Name in Czech: Zkušenosti z přípravy komplexních praktických obranných cvičení v kybernetických polygonech
• Authors: VYKOPAL, Jan (203 Czech Republic, guarantor, belonging to the institution), Martin VIZVÁRY (703 Slovakia, belonging to the institution), Radek OŠLEJŠEK (203 Czech Republic, belonging to the institution), Pavel ČELEDA (203 Czech Republic, belonging to the institution) and Daniel TOVARŇÁK (203 Czech Republic, belonging to the institution).
• Edition: Indianapolis, IN, USA, 2017 IEEE Frontiers in Education Conference, p. 1-8, 8 pp. 2017.
• Publisher: IEEE

Other information

• Original language: English
• Type of outcome: Proceedings paper
• Field of Study: 10201 Computer sciences, information science, bioinformatics
• Country of publisher: United States of America
• Confidentiality degree: is not subject to a state or trade secret
• Publication form: electronic version available online
• WWW: URL
• RIV identification code: RIV/00216224:14610/17:00094479
• Organization unit: Institute of Computer Science
• ISBN: 978-1-5090-5919-5
• ISSN: 1539-4565
• Doi: http://dx.doi.org/10.1109/FIE.2017.8190713
• UT WoS: 000426974900279
• Keywords in English: hands-on exercise; cybersecurity; cyber range; exercise design
• Tags: firank_B, rivok
• Tags: International impact, Reviewed

Abstract

We need more skilled cybersecurity professionals because the number of cyber threats and ingenuity of attackers is ever growing. Knowledge and skills required for cyber defence can be developed and exercised by lectures and lab sessions, or by active learning, which is seen as a promising and attractive alternative. In this paper, we present experience gained from the preparation and execution of cyber defence exercises involving various participants in a cyber range. The exercises follow a Red vs. Blue team format, in which the Red team conducts malicious activities against emulated networks and systems that have to be defended by Blue teams of learners. Although this exercise format is popular and used worldwide by numerous organizers in practice, it has been sparsely researched. We contribute to the topic by describing the general exercise life cycle, covering the exercise's development, dry run, execution, evaluation, and repetition. Each phase brings several challenges that exercise organizers have to deal with. We present lessons learned that can help organizers to prepare, run and repeat successful events systematically, with lower effort and costs, and avoid a trial-and-error approach that is often used.

Links

• VI20162019014, research and development project: Name: Simulace, detekce a potlačení kybernetických hrozeb ohrožujících kritickou infrastrukturu (Acronym: KYPO II)

Investor: Ministry of the Interior of the CR, Simulation, Detection, and Mitigation of Cyber Threats Endangering Critical Infrastructure