Hands-on cybersecurity training: CyTrONE

Governments of many countries understand the importance of raising awareness among the population regarding cybersecurity and actively support wide-scale training programs activities. Hence, hands-on cybersecurity education and training are becoming more and more relevant to raise awareness about cybersecurity incidents.

Most current cybersecurity education and training programs employ hands-on activities aimed at improving the functional skills and abilities of the participants. However, in many cases, the required practice environments are prepared via manual setup and configuration, an approach that is tedious, ineffective, and error-prone, which impedes the wider-scale generalization of such programs.

The main goal of cybersecurity training is to improve trainee readiness to deal with real-life incidents. In this regard, Razvan Beuran and his colleagues developed CyTrONE (Cybersecurity Training and Operation Network Environment), a cybersecurity training framework that facilitates training activities by providing an open-source set of tools that automates the training content generation. The advantages of this approach are to improve the reliability of the training setup, to decrease the setup time and cost and to make training possible repeatedly and for many participants.

CyTrONE uses input from a training coordinator to generate the training content for a particular training session and uploads it to an e-learning system. This automatic generation is made possible through the use of an easily updatable training database which contains all the necessary information, both regarding the training content and the properties of the associated training environment.

The flexibility of the CyTrONE framework, in association with the use of a Learning Management System (LMS), means that any training can be conducted. This framework provides easy to manage descriptions that hide most of the technical complexity of the process, reduces the deployment complexity by unifying the management of the training content and environment and saves time and effort by integrating the training activity with a standard LMS in order to provide support for the full educational process of the cybersecurity training.

As an open- source software, CyTrONE makes possible further customization and enhancement to meet requirements that have not yet been considered. Moreover, the evaluation of CyTrONE in terms of its functionality shows that it covers all the security testing and assessment techniques of the U.S. NIST guideline.

 

Cite: Beuran, R., Tang, D. Pham, C. Cinen, K.-I., Tan, Y and Shinoda, Y. (2018). Integrated framework for hands-on cybersecurity training: CyTrONE. Computer & Security, 78, 43-59