To address increasing cyberattacks among different domains such as aviation, naval and power-grid environments, the FORESIGHT project aims to improve the number of talented cyber-security professionals at all levels by delivering a platform that will extend the capabilities of exiting cyber-ranges. As part of this objective, the FORESIGHT project aims to determine how current training in the cybersecurity sector is conducted and how it can be designed more effectively and efficiently. For this purpose, interviews were conducted with experts in cybersecurity-related training.

Cyber-attacks are becoming more advanced, more significant and more extensive. Due to the increasing complexity, there are fewer and fewer skilled cybersecurity experts. However, in critical sectors such as naval, power grid and aviation, it is not enough to maintain and protect critical infrastructure. It is important to have skilled employees in the appropriate places to be able to respond to a changing threat landscape and reduce the cost and time required to respond to such cyber-attacks. The main objective of the FORESIGHT project is to “develop a federated cyber-range solution that will improve the readiness of cyber security professionals at all levels.” To this end, the Foresight Platform will provide integrated and realistic training and simulation material that will enable complex hybrid scenarios involving the aviation, smart grid and naval domains.

In the first step, surveys were conducted with relevant stakeholders who asked about the user needs and requirements of the FORESIGHT platform. The next step is to focus on the ideal cyber security training for employees in such critical sectors. To this end, interviews will again be conducted. The interviews aim to find out how cyber-range training is currently designed and evaluated, what is considered effective, the format of the sessions, how trainers expect the format of the training to be improved, and how they currently evaluate trainee performance and overall effectiveness. Based on the literature and the research findings provided by the consortium partners, this survey aims to provide an operational and professional perspective on how each of these areas is implemented in practice within the cyber training methodology. 

Methodological approach

Semi-structured interviews are used to gather information and experiences about existing cybersecurity training. This type of interview belongs to the qualitative interviews and is an effective tool for data collection to gain more accurate and intuitive insights from open dialogues and interactive contacts without limiting the participants’ answers. Semi-structured interviews allow the consortium to collect open-ended data that enables us to explore participants’ thoughts, feelings and beliefs about existing cybersecurity training and to delve deeply into personal and sometimes sensitive issues. This way, we have the chance to get more detailed information from the participants and not simply yes or no answers.

To avoid security aspects such as the EU Classified Information (EUCI), the FORESIGHT consortium decided to publish the survey using the EU Survey Tools (https://ec.europa.eu/eusurvey/). The survey was designed to be compliant with the GDPR by default, provide numerous options for interactivity and dependencies, and support the real anonymity of survey participants.

Survey structure

The structure of the survey follows a stepwise approach and includes the most important questions on the development of cyber training and methods to evaluate the success of this training. An overview of the sections in the survey is listed in the following:

• Background: This section establishes the background and current involvement of the respondent in cybersecurity and cyber-range training.

• Training methods in cybersecurity courses: Here, the details of how training is currently conducted during cybersecurity training courses are provided.

• Goals and effectiveness of cybersecurity training: The focus in this section shifts from the “what” of the training methods to the “why” of the training methods chosen.

• Cyber-range training: Preparation and delivery: Within this section, the specific experiences of participants with cyber-range training and the perceived and actual benefits of delivering cyber security training in a cyber-range are addressed.

• Cyber-range training: Trainee performance, feedback and evaluation: The purpose of this section is to focus on the assessment of trainees during cyber-range training.

• Cyber-range training: Training and course evaluation: The last section asks the participant how they usually receive feedback from the trainees, whether they feel this is an appropriate method to receive feedback and which elements of the course are feedback sought from.

After conducting the interviews, the results were aggregated, evaluated and analysed. The aggregation and analysis were illustrated and presented with the help of visualisations to provide a more comprehensive overview of the statistics. The visualisations were complemented by a text description. 

Participants

The survey was distributed to the members of the FORESIGHT consortium, as well as to members of the FORESIGHT sister projects. In addition, the dissemination channels were utilized to achieve an extended audience. The aim was to include participants involved in cybersecurity training. These include the following:

• Academia 
• Cybersecurity professionals 
• Industry professionals (with a tangential relationship to cybersecurity, such as software developers)

Outcomes of the interviews

By conducting semi-structured interviews, valuable insights were gained on current training measures in the cybersecurity sector. Through the different types of participants (academia, cybersecurity professionals and industry professionals), a wide range of experiences and knowledge was included, providing a solid basis for the insights gained. The lessons learned will be taken into account and used as a reference during the project to design new training materials on the FORESIGHT platform for critical sectors such as naval, aviation and energy grid. This will lead to more efficient and effective training of employees in these critical sectors. At the same time, the organisational preparedness of the company for cyber-attacks is increased. Consequently, the results comply with the FORESIGHT objective and support the idea of acting instead of reacting.