Abstract
Prior experience from the authors has shown that a heavily theoretical approach for cybersecurity training has multiple shortcomings, mostly due to the demanding and diversified nature of the prerequisites, often involving concepts about operating system design, networking and computer architecture, among others. In such circumstances, the quest for trainee engagement often turns into a delicate balancing act between managing their expectations and providing an adequate progression path. In this perspective, hands-on exercises and contact with high-fidelity environments play a vital part in fostering interest and promoting a rewarding learning experience. Making this possible requires having the ability to design and deploy different use case training scenarios in a flexible way, tailored to the specific needs of classroom-based, blended or e-learning teaching models. This paper presents a flexible framework for the creation of laboratory and cyber range environments for training purposes, detailing the development, implementation and exploration of a cyber range scenario, within the scope of a course on cyber-physical systems security. Moreover, the course structure, curricular aspects and teaching methods are also detailed, as well as the feedback obtained from the students.
Highlights
Despite the evolving nature of the cybersecurity field, as well as the progress achieved over the past years, the ever-changing landscape of threats, vulnerabilities and attack vectors means that there is still much work to be done, with new issues being disclosed on a regular basis
This scenario was entirely built by tapping into existing CANVAS assets and resources, including physical equipment, communications infrastructure, computing resources, Virtual Machine (VM) templates and template service sets
Note that both the cyber range and the course structure hereby presented have been developed and put into practice over the past 3 years in the scope of a subject (“Conception and Development of Secure Infrastructures”) that is part of the curricular plan of the MSc on Computer Security taught at the Department of Informatics Engineering of the University of Coimbra (PT)
Summary
Despite the evolving nature of the cybersecurity field, as well as the progress achieved over the past years, the ever-changing landscape of threats, vulnerabilities and attack vectors means that there is still much work to be done, with new issues being disclosed on a regular basis. On the organizational level, such efforts must be matched by appropriate investment in resources and infrastructures, way beyond the implementation of supervisory methodologies or surveybased quality management policies that often do little more than providing evidence to reinforce a diagnosis that has long been known: traditional teaching methods are often inadequate when it comes to motivating students Is this perspective, differentiation emerges as a key ingredient of a successful training strategy: with a wealth of online contents available, it is up to instructors to add value beyond the often passive nature of such resources, promoting proximity and accessibility, regardless of the learning model that is adopted. This paper documents how the cyber range is leveraged to foster engagement in course-level exploratory activities, providing trainees with first-hand experience acquired by dealing with a high-fidelity cyber-physical system In this perspective, a training plain is presented, designed to familiarize students with the terminology and technologies used in Industrial Control Systems (ICS), as well as with the several domain-specific risks, vulnerabilities and attack profiles. Sci. 2021, 11, 9509 from student performance assessment enquiries over the past three course editions, with Section 6 concluding the paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
