News Brief #2: Publication of policy brief “Cyber Ranges for a Resilient Europe”

As cyber-attacks are increasing and targeting organisations of all sizes as well as critical infrastructures and the public sector, there is a growing need for good cybersecurity training, for experts as well as non-experts. Fast-developing attacks and an increasing amount of cybercrime call for improved and innovative training opportunities.

To tackle this challenge, FORESIGHT worked together with the projects CONCORDIA and SPIDER on the publication of the policy brief “Cyber Ranges for a Resilient Europe”, which was published in August 2022. The policy brief addresses the main challenges in the area of cybersecurity training in general and cyber ranges in particular, and proposes several recommendations to tackle these identified challenges.

Challenges identified

As cyber ranges are a valuable resource for the education and training of staff, experts as well as non-experts, the need for their use is increasing. Furthermore, the importance of innovative training methods and the greater usage of online tools also call for a growing use of cyber ranges. However, there are several challenges that need to be addressed in this context, which have been identified in the policy brief:

  • The lack of identification of proper skills and roles for cybersecurity training;
  • The lack of models for cybersecurity economics;
  • Low accessibility and usage of cyber ranges;
  • Difficulties in generating evidence-based cybersecurity simulation scenarios;
  • The lack of integration of soft skills, technical side and management side.

Recommendations

In order to successfully tackle these challenges, the following recommendations for an improved usage of cyber ranges in Europe have been defined:

  • Making cyber ranges more accessible: Cyber ranges should be based on open source solutions, and open cloud based cyber range environments should be developed and adopted.
  • Cybersecurity training is not just an IT issue: Currently, cybersecurity is mostly seen as an ICT challenge instead of a business risk. However, cybersecurity training is needed not only for professionals, but also for non-experts to successfully handle attacks.
  • Open cybersecurity training and exercises: An open format of cybersecurity training and exercises should be supported within the EU, and interoperability between already operational cyber ranges should be provided.
  • European cybersecurity training and exercise community: In order to ensure the best amount and quality of training, collaboration between different actors is needed.

The full policy brief can be read here.

FORESIGHT