A System-of-Systems Approach for the Creation of a Composite Cyber Range for Cyber/Hybrid Exercising
Publication Type:Journal Article
Source:Information & Security: An International Journal, Volume 50, Issue 2, p.129-148 (2021)
Keywords:Crisis Response, cyber range, Cybersecurity, Hybrid Security, resilience, Standard Operating Procedures
The current cybersecurity landscape is conducive to the enhancement of the traditional cyber-exercising paradigm and instruments. Considering the complex nature of the cyberattacks and their cascading impact, moving away from purely technical or entirely decision-making exercises is becoming paramount for realistic exercising of emergency response. Complex cyber-hybrid scenarios, exercising effective collaboration at the technical, operational, and higher decision-making levels, are increasingly employed to prepare to face emerging hybrid threats. Such scenarios simulate seemingly independent incidents in different locations, businesses, or systems that may quickly escalate to a sectoral or a national crisis. Unfortunately, such diverse scenarios remain inaccessible due to the lack of proper simulation infrastructure and expertise to adapt them to various contexts. The current contribution presents the authors’ experience in designing a Composite Cyber Range, following a Systems-of-Systems approach for the dynamic activation or incorporation of playgrounds and on-the-run integration of custom-made emulation or overlay ranges to support an “exercise-as-a-service” model for the provision of adequate and accessible cyber-hybrid mechanisms for crisis response training and preparation.