Towards Customized Cyber Exercises using a Process-based Lifecycle Model

Tobias Pfaller (Autor:in und Vortragende:r), Florian Skopik, Paul Smith, Maria Leitner

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung

Abstract

Cyber exercises enable the effective training of cyber security skills in a simulated, yet realistic, environment for a wide variety of professional roles. However, planning, conducting, and evaluating customized (i.e., non-standard) cyber exercise scenarios involves numerous time- and resource-intensive activities, which are still mostly carried out manually today. Unfortunately, the high costs related to these activities limit the practical applicability of cyber exercises to serve widely as a regular tool for skill development. Today, the flow of cyber exercise scenarios usually consists of predefined and meticulously planned injects (e.g. events) that are sequentially rolled out and thus drive the exercise. The composition of such injects resembles a linear process in its simplest form. Therefore, we argue that the utilization of existing, standardized, and well-researched methods from the business process domain provides opportunities to improve the quality of cyber exercises and at the same time reduce the workload necessary for planning and conducting them. This paper reviews the challenges related to conducting customized cyber exercises and introduces a process-based cyber exercise lifecycle model that leverages the power of process modeling languages, process engines, and process mining tools to transform cyber exercises into transparent, dynamic, and highly automated endeavors. We further describe the application of this lifecycle model in course of a proof-of-concept implementation and discuss lessons learned from its utilization at a large-scale national cyber exercise together with CERTs and authorities. While the state of the art mostly focuses on optimizing individual tasks or phases within the cyber exercise lifecycle, our contribution aims to offer a comprehensive integrated framework that spans across the phases, providing interfaces between them, and enhancing the overall effectiveness and maintainability of cyber exercises.
OriginalspracheEnglisch
TitelEICC '24: Proceedings of the 2024 European Interdisciplinary Cybersecurity Conference
Redakteure/-innenShujun Li, Kovila P L Coopamootoo, Michael Sirivianos
Herausgeber (Verlag)Association for Computing Machinery (ACM)
Seiten37 - 45
ISBN (Print)979-8-4007-1651-5
DOIs
PublikationsstatusVeröffentlicht - 5 Juni 2024
VeranstaltungEICC 2024: European Interdisciplinary Cybersecurity Conference - Xanthi , Xanthi , Griechenland
Dauer: 5 Juni 20246 Juni 2024

Konferenz

KonferenzEICC 2024: European Interdisciplinary Cybersecurity Conference
Land/GebietGriechenland
StadtXanthi
Zeitraum5/06/246/06/24

Research Field

  • Cyber Security

Fingerprint

Untersuchen Sie die Forschungsthemen von „Towards Customized Cyber Exercises using a Process-based Lifecycle Model“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren