With the implementation of the Industrial Internet of Things (IIoT) in modern manufacturing environments, Cybersecurity has become an outstanding challenge in the design and daily operation of networked Industrial Control Systems (ICS). While Cybersecurity is an expert domain on its own, designers and operators of such Cyber-physical Systems (CPS) need to acquire at least a fundamental understanding of Cybersecurity concepts in order to contribute to the integration of such concepts both in design and operational processes. The fact that such Cybersecurity concepts have been originally established in the Information Technology (IT) domain makes knowledge transfer to stakeholders in the mostly mechanical and Operational Technology (OT) an educational challenge on its own. This paper proposes a ludic approach to teaching fundamental Cybersecurity concepts to stakeholders without any or only little prior IT knowledge. The key methodology relies on designing game scenarios that help convey Cybersecurity terminology and concept knowledge in a ludic form before letting students actually apply them in a physical CPS environment. While this basic idea is not new, the originality of our proposed approach lies in the novel combination of existing, validated Cybersecurity teaching resources to design and implement such scenarios, and in complementing those with learning on real CPS environments. The feasibility of our approach has been demonstrated in a case-study that has delivered very promising results with respect to the potential power and effectiveness of our method.
Read full abstract