Nowadays, we are immersed in a global digitization that has caused a huge change in all areas of our daily life. The adoption of technology in social and business environments brings many transdisciplinary benefits. On the one hand, in the social environment, we are able to extend knowledge without limits, accelerate our productivity because of a multitude of technological tools, improve our communication using efficient tools or applications, increase our creativity by having new exploration capabilities, and easily collaborate to achieve a common goal (among others). On the other hand, in the business environment, the application of technology provides a cost reduction by optimizing resources, an increased productivity by achieving more agile processes and, an increased engagement with customers by streamlining the response and real time direct contact. For an organization, these benefits become a higher turnover.

Nonetheless, the negative impacts that this adoption of technological advances must be considered. Digitisation requires investment in any field, it never ends because technology is changing and improving rapidly and it is necessary to adapt and learn to work with it. But, one of the critical points that cannot be underestimated is that digitisation requires the interconnection of systems and devices to the Internet, a factor that can expose sensitive personal and organizational information. To successfully achieve a global digital transformation, it is important that the systems provide privacy, reliability and security. Before COVID-19, it was already important to protect these systems; multiple daily cyber-attacks put companies and people at risk. But the pandemic has caused an acceleration of the digital transformation that, now more than ever, requires the application of cybersecurity to persevere.

And here lies the opportunity and the problem: There is a global raising demand for cyber professionals and there is a skills gap to be covered to prepare professionals for the digitalisation of current and future systems. A complete and competent training can cover these needs. Furthermore, it should be focused not only on newcomers to the sector, but also on updating the knowledge of senior profiles who need to catch up. There are different ways of transmitting knowledge, different types of learning; from traditional methods based on lectures to the application of active methodologies where the students cooperate in their learning. In recent years, the use of Cyber Ranges has proliferated.

The concept of a Cyber Range can be quite difficult to comprehend as many sources define it in a different manner [1-4]. In some cases, this concept is linked with a professional development solely while others put more emphasis on its educational side. After evaluating various definitions from both government agencies and companies in the sector, we can define a Cyber Range as follows:

A Cyber Range is a simulated environment where situational operations training, testing, research, and educational development can be performed. Therefore, the scope of Cyber Ranges is not only limited to organizations and professionals but also students and educational entities.

The technology utilized for the creation of such environments is vast and it can be hardware, software, or a combination of both. This environment is closed and risk-free which allows real-life scenarios to take place. Gaining hands-on skills, testing services or products, and performing security testing are the main use cases for Cyber Ranges.

The following table (Table 1) sums up the main characteristics of a Cyber Range [1-7]:

As we have observed, a Cyber Range is more than a tool for businesses, but also a source of knowledge for newcomers to the cybersecurity field. One of the reasons why Cyber Ranges have become relevant is that it can take many shapes and forms, and, also, has multiple use cases.

By means of the REWIRE Project, the objective is to provide the infrastructure and expert knowledge for activities utilizing Cyber Ranges and provide the trainings and relevant certification schemes on selected occupational profiles (selected by other Work Packages).

In fact, our goal is to create the REWIRE Cyber Range platform for the design, exchange and implementation of cyber-exercises for different levels and profiles considering the skills to be acquired. Currently, we are involved defining the methodology and roadmap for the design, implementation and maintenance of Cyber Ranges.

Additionally, in later stages, the curricula, training framework and materials will be developed to perform Vocational Open Online Courses (VOOC) and also, determine the Cybersecurity Skills Certification Scheme to help to unify the verification of knowledge at European level.

Authors

Julia Sanchez Rodriguez, Program Coordinator – Telematics at La Salle Campus BCN – Ramon Llull University

Alan Briones Delgado, Project Manager and Researcher at La Salle Campus BCN – Ramon Llull University

References

1. Nist.gov. 2021. The Cyber Range: A Guide. [online] Available at: https://www.nist.gov/system/files/documents/2020/06/25/The%20Cyber%20Range%20-%20A%20Guide%20%28NIST-NICE%29%20%28Draft%29%20-%20062420_1315.pdf
2. Ariessecurity.com. 2021. What is a Cyber Range? A Definitive Guide and Definition | Aries Security. [online] Available at: https://www.ariessecurity.com/what-is-a-cyber-range-a-definitive-guide-and-definition/
3. CloudShare. 2021. What Is a Cyber Range? | CloudShare. [online] Available at: https://www.cloudshare.com/virtual-it-labs-glossary/what-is-a-cyber-range/
4. Cyberwiser.eu. 2021. What is a Cyber Range? | CYBERWISER.eu. [online] Available at: https://www.cyberwiser.eu/content/what-cyber-range
5. Deckard, G. M. (2018). Cybertropolis: Breaking the paradigm of cyber-ranges and testbeds. 2018 IEEE International Symposium on Technologies for Homeland Security, HST 2018, 1–4. https://doi.org/10.1109/THS.2018.8574134
6. Karjalainen, M., & Kokkonen, T. (2020). Comprehensive Cyber Arena; the Next Generation Cyber Range. Proceedings – 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, 11–16. https://doi.org/10.1109/EuroSPW51379.2020.00011
7. Urias, V. E., Stout, W. M. S., Van Leeuwen, B., & Lin, H. (2018). Cyber Range Infrastructure Limitations and Needs of Tomorrow: A Position Paper. Proceedings – International Carnahan Conference on Security Technology, 2018-Octob, 1–5. https://doi.org/10.1109/CCST.2018.8585460