The first line of defense against cyber threats and cyber crimes is to be aware and get ready, e.g., through cyber security training. Training can have two forms, the first is directed towards security professionals and aims at improving understanding of the latest threats and increasing skill levels in defending and mitigating against them. The second form of training, which used to attract less attention, aims at increasing cyber security awareness among non-security professionals and the general public. Conducting such training programs requires dedicated testbeds and infrastructures that help realizing and executing the training scenarios and provide a playground for the trainees. A cyber range is an environment that aims at providing such testbeds. The purpose of this paper is to study the concept of a cyber range, and provide a systematic literature review that covers unclassified cyber ranges and security testbeds. In this study we develop a taxonomy for cyber range systems and evaluate the current literature focusing on architecture and scenarios, but including also capabilities, roles, tools and evaluation criteria. The results of this study can be used as a baseline for future initiatives towards the development and evaluation of cyber ranges in accordance with existing best practices and lessons learned from contemporary research and developments.

Introduction

The recent security incidents worldwide have shown that there is an increase in the complexity and severity of cyber security threats. The attackers become more organized and the attack vectors are using more advanced and automated techniques and tools. The first line of defense against such attacks is increasing cyber security awareness in the public and security skills among the security professionals, in order to be ready and aware of the latest threat techniques and tools. These training programs include the execution of cyber security labs and exercises. In general terms, we define a cyber security exercise as a training exercise that runs attack and/or defense scenarios on virtual and/or physical environments with the aim of improving the attack and/or defence understandings and skills of the participants. Different groups of people are involved in preparing and executing such exercises. A groups of individuals, known as a white team, creates the training environment. Another group, known as a red team, tries to exploit vulnerabilities present in the environment, while a third group, known as a blue team, tries to defend the environment and prevent attacks. These are the main basic roles for those who are involved in an exercise. More comprehensive list of all roles within an exercises is discussed later in the chapter. Please note that we use the term security exercise for any practical training or awareness activity.