The study found thirty-nine cybersecurity practice environments (cyber ranges) in Europe. The largest number of national cyber ranges was reported in Finland, or seven in total. The Finnish cyber ranges are operated by JAMK's research, development and training centre for cybersecurity (JYVSECTEC), VTT Technical Research Centre of Finland, the University of Tampere, Turku University of Applied Sciences, Rugged Tooling Oy and two actors who wish to remain anonymous. There are four cyber ranges in Sweden and three in Germany and Greece, while the rest are equally distributed across Europe.

The study found that the cyber ranges were mainly used by companies and public organisations as well as students in engineering, Bachelor's and Master’s degree programmes.

“Companies and organisations use these environments to improve their personnel’s skills and to develop the continuity and resilience of their operations in the event of cyber incidents. The cyber practices arranged in the ranges vary from short sessions to national cyber incident exercises that last several days, whereas participants in practices organised in international cooperation involve organisations from different countries”, says Project Manager Jani Päijänen from JAMK’s Institute of Information Technology.

Many cyber ranges model industry-specific systems, which are often related to critical infrastructure, including industrial and process automation, IoT environments and logistics. Few of the cyber ranges have been modelled from the perspective of realistic Internet use.

“Somewhat unexpectedly, the study found that traditional office infrastructure and information network infrastructure systems were under-represented in practice situations. We also noticed that international terminology related to cyber practices and ranges is inconsistent”, says Päijänen.

Interviews were conducted to explore the possibilities of building interoperable cyber ranges. The technical capabilities for interconnecting cyber ranges were considered a challenge, while collaboration was seen as necessary. Interconnecting the cyber ranges would offer a more extensive and realistic experience for those participating in a cyber practice.

A specification of requirements for interconnecting cyber ranges was drawn up. It can be used to connect several different cyber ranges into a uniform practice environment. Both open source code and commercial products can be used.

“The idea behind the specification of requirements is to facilitate companies’ and organisations’ participation in more extensive cybersecurity practices. This combination would offer the users features that a single operator would not be able to provide”, explains JAMK expert Juha Piispanen, who drew up the specification.

The connection mode created on the basis of the specification will be tested in January 2021 as a two-day cyber security practice intended for project partners is organised at JAMK’s Institute of Technology. Due to the restrictions imposed during the pandemic, the participants join the practice from their home countries using an access protocol compatible with the specifications.

The study was produced as part of the CyberSec4Europe research and development project, which involves 43 actors from 20 EU Member States and two associated countries. The Finnish participants in the project are JAMK University of Applied Sciences and VTT Technical Research Centre of Finland. It is funded by the Horizon 2020 research programme.

To read the full report, visit the CyberSec4Europe project website at:
https://cybersec4europe.eu/wp-content/uploads/2020/09/D7.1-Report-on-existing-cyber-ranges-and-requirement-specification-for-federated-cyber-ranges-v1.0_submitted.pdf