FORESIGHT: Identify the needs and requirements to improve the cybersecurity preparedness of organisations

To address increasing cyberattacks among different domains such as aviation, naval and power-grid environments the FORESIGHT project aims to improve the number of talented cybersecurity professionals at all levels by delivering a platform that will extend the capabilities of exiting cyberranges. To this end, interviews within the FORESIGHT consortium were used to identify the security requirements of end users, which ultimately led to the respective gaps.

The FORESIGHT project’s main objective is to develop a federated cyber-range solution that will enhance the preparedness of cybersecurity professionals at all levels. As cyberattacks become more sophisticated, cybersecurity experts must improve their prevention, detection, reaction and mitigation skills. Using the FORESIGHT project cybersecurity professionals will be able to quickly react to a changing threat landscape and reduce the costs and time of remediating such cyberattacks. This will be accomplished by offering integrated realistic training and simulation platforms that allow complex hybrid scenarios involving aviation, smart grid, and naval domains. Therefore, FORESIGHT wants end users to express their actual needs and requirements. Only by including a diverse and experienced cybersecurity workforce, FORESIGHT can be rigorously underpinned by robust user requirements. In addition, the impact of social and organisational processes on overall performance is of utmost importance. Understanding how organisations and cyber-ranges can improve cybersituational awareness is crucial, which is why the FORESIGHT consortium will provide first-hand experiences, requirements and inputs.

Methodological approach to gather user needs and requirements

To gather user needs and requirements, a scientific approach is applied called grounded theory (GT). GT is a qualitative data analysis method helping in case emergent issues arise. Qualitative interviews allow more precise and intuitive insights to be extracted from open dialogues and interactive contact without limiting user responses. The questions are wide, open-ended and structured like a conversation. They are designed in a way that the user must define the answer rather than simply answering yes or no. Several main questions are followed by sub-questions that enable the interviewee to deepen his or her thoughts. A less structured approach is used so the interviewee can present potentially hidden insights.  Finally, at the end of the interview, the interviewee is allowed to react or make a closing statement.

To avoid legal regulations such as the EU Classified Information (EUCI),  the consortium decided to carry out the interviews within the project consortium. Besides the EUCI, the General Data Protection Regulations requirements have to be considered. According to the Data Minimisation Principle, only data that is essential for the project was collected andanonymised. The data minimisation and anonymisation lead to a thematic centred content, which will help to gain results.

After conducting the interviews, the interview content was analysed according to the thematic data analysis methodology. This approach allows a methodical and rigorous review of all the data collected to inductively form categories based on the thematic patterns identified in the textual material. For larger text volumes, qualitative data analysis can be accelerated with computer-aided software. Computer-assisted qualitative data analysis software (CAQDAS) was used within the FORESIGHT project to accelerate the analysis process.

Identified user groups

The interviews identified a total of three different user groups (academia, cybersecurity experts and industry). Based on this variety of users, it is possible to collect all corresponding needs and requirements.

  • Academia: Training, education and research are playing a critical role in cybersecurity. Advanced education and training  help us to better comprehend cybercriminal and cyberespionage motivations. The emphasis is placed on the theoretical underpinnings of computing security and how to put information assurance principles into practice.
  • Cybersecurity experts: Cybersecurity professionals are actively involved in incident response responsibilities and have a wide range of skills, positions, and specialisations. The protection of crucial and sensitive data as well as intellectual property is their primary goal. As the prevalence of cybercrime has grown, the necessity for analytical computer forensics has also increased.
  • Industry: All key stakeholders who are directly or indirectly affected by cybersecurity in their regular responsibilities are represented by industry users. Developers, system and network engineers, architects, administrators, cybersecurity legal specialists and others may be included. End users in this category come from a variety of industries, including essential infrastructure, service providers, development and management.

Results of the interviews

As part of the user requirements survey, information was collected covering cybersecurity preparation procedures, common threat scenarios and challenges, functional and user interface requirements, cybersecurity incident management, various aspects of informal knowledge acquisition, organisational issues, specific workflows and various tools used by the participants. The importance of cybersecurity training in organisations and the necessity for innovative training methods can be considered important results. Identified gaps in the current corporate cybersecurity landscape, therefore, focus on specific issues to be assessed and resolved as part of the FORESIGHT platform development. Within the agile development strategy, these findings will be refined, extended and updated.

Cyberrange, cybersecurity, preparedness, security training, threats, organisations, qualitative interviews, analysis