TY - JOUR KW - Crisis Response KW - cyber range KW - Cybersecurity KW - Hybrid Security KW - resilience KW - Standard Operating Procedures AU - George Sharkov AU - Christina Todorova AU - Georgi Koykov AU - Georgi Zahariev AB -

The current cybersecurity landscape is conducive to the enhancement of the traditional cyber-exercising paradigm and instruments. Considering the complex nature of the cyberattacks and their cascading impact, moving away from purely technical or entirely decision-making exercises is becoming paramount for realistic exercising of emergency response. Complex cyber-hybrid scenarios, exercising effective collaboration at the technical, operational, and higher decision-making levels, are increasingly employed to prepare to face emerging hybrid threats. Such scenarios simulate seemingly independent incidents in different locations, businesses, or systems that may quickly escalate to a sectoral or a national crisis. Unfortunately, such diverse scenarios remain inaccessible due to the lack of proper simulation infrastructure and expertise to adapt them to various contexts. The current contribution presents the authors’ experience in designing a Composite Cyber Range, following a Systems-of-Systems approach for the dynamic activation or incorporation of playgrounds and on-the-run integration of custom-made emulation or overlay ranges to support an “exercise-as-a-service” model for the provision of adequate and accessible cyber-hybrid mechanisms for crisis response training and preparation.

BT - Information & Security: An International Journal DO - https://doi.org/10.11610/isij.5029 IS - 2 N2 -

The current cybersecurity landscape is conducive to the enhancement of the traditional cyber-exercising paradigm and instruments. Considering the complex nature of the cyberattacks and their cascading impact, moving away from purely technical or entirely decision-making exercises is becoming paramount for realistic exercising of emergency response. Complex cyber-hybrid scenarios, exercising effective collaboration at the technical, operational, and higher decision-making levels, are increasingly employed to prepare to face emerging hybrid threats. Such scenarios simulate seemingly independent incidents in different locations, businesses, or systems that may quickly escalate to a sectoral or a national crisis. Unfortunately, such diverse scenarios remain inaccessible due to the lack of proper simulation infrastructure and expertise to adapt them to various contexts. The current contribution presents the authors’ experience in designing a Composite Cyber Range, following a Systems-of-Systems approach for the dynamic activation or incorporation of playgrounds and on-the-run integration of custom-made emulation or overlay ranges to support an “exercise-as-a-service” model for the provision of adequate and accessible cyber-hybrid mechanisms for crisis response training and preparation.

PY - 2021 SP - 129 EP - 148 T2 - Information & Security: An International Journal TI - A System-of-Systems Approach for the Creation of a Composite Cyber Range for Cyber/Hybrid Exercising VL - 50 ER -