Cyber-attacks are increasing in both sophistication and scale, revealing the extent at which critical infrastructures and other information and communication systems are exposed. More highly skilled cyber security professionals are needed with a deep understanding of cyber-security to deal with the fast growing number of cyber-threats. Cyber-security education and training are becoming more and more relevant as it is the only way in which such incidents can be prevented and handled adequately. A cyber-range (CR) is the environment in which cyber-security experts and professionals can practice technical and soft skills and be trained —in an isolated virtual environment emulating large-scale complex networks— on how to respond to cyber-attack scenarios within various domains. The more realistic the simulated scenarios, the more prepared the trainees will be to face real-world attacks.
The cyber-space offered by the CR infrastructure recreates the experience of responding to a cyber-attack, by replicating a security operations center environment, an organization’s network and the attack itself. CRs are considered to be the key towards strengthening the robustness and security of critical infrastructures; therefore, it is important that they provide a realistic, diverse, and dynamic simulation environment so as to properly prepare trainees for preventing and responding to all incidents of cyber-attacks. This is an area in which further advancements should be made: the generated scenarios are tightly coupled with the domain being modelled, often not easily modifiable to accommodate changes in an organization’s infrastructure or software and likewise not easily extendable to acquire knowledge regarding newly discovered vulnerabilities, threats and attackers’ tactics, techniques, and procedures. In the era of IoT, these limitations do not allow easy prevention, detection, and mitigation of hybrid attacks spanning many different domains.
This workshop focuses on both research and practical aspects of cyber ranges and aims at addressing the main challenges involved in their development and use in professional cyber security training, as well as in exploring the use of emerging technologies. Aligned with the interdisciplinary nature of cyber security, authors from academia, industry, and government are welcome to contribute.
Prospective authors are encouraged to submit previously unpublished contributions from a broad range of topics, which include but are not limited to the following:
› Cyber range integration and federation
› Emulation and simulation techniques (exercises, architecture, etc.)
› Hybrid system integration
› Emerging technologies in cyber ranges
› Econometric models in cyber security training
› Risk assessment frameworks for training
› Trainee evaluation and situational awareness
› Learning methods in cyber security training certifications
› Serious gaming and visualization
› Cyber-exercises and strategic decision making
Paper submission deadline: April 19, 2021
Authors’ notification: May 3, 2021
Camera-ready submission: May 10, 2021
Early registration deadline: May 31, 2021
Workshop date: July 26, 2021
The workshop’s proceedings will be published by IEEE and will be included in IEEE Xplore. The guidelines for authors, manuscript preparation guidelines, and policies of the IEEE CSR conference are applicable to CRST 2021 workshop. Please visit the authors’ instructions page for more details. When submitting your manuscript via the conference management system, please make sure that the workshop’s track 2T2 CRST is selected in the Topic Areas drop down list.
Cristina Emilia Costa
Giorgio Di Tizio
Diego R. Lopez
Vaclav (Vashek) Matyas
Raul Orduna Urrutia