Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams

Abstract: In recent years there has been a large increase in advanced computer attacks targeting Norwegian authorities and businesses (PST, 2021). At the same time there is a great shortage of trained and qualified personnel within cyber- and information security (Cisco, 2018). To fill this demand supply gap there has been an increased focus to educate new personnel through exercises and training (Nikolova, 2017). To meet this increased demand the Norwegian government in cooperation with several private and public organizations and academia established the Norwegian Cyber Range (NCR) in 2018 (NTNU, 2019). NCR is an arena for testing, training, and exercising in cyber- and information security. Running the training and exercises in a realistic and safe environment is a demanding task, which requires a well-trained Exercise Control (EXCON) team. In a military context NATO’s Bilateral Strategic Command (BI-SC) Directive 75-003 – Collective Training and Evaluation appendix H;” Roles and responsibilities of the exercise control (EXCON)” (NATO, 2013), provides a clear plan for how to establish an EXCON team that can properly direct and control an exercise (NATO, 2013, pg. 166). In addition, Østby et. al have suggested how to build an EXCON team to train public emergency organizations (Østby et al., 2019). Neither of these specify how the EXCON-team itself should be trained. In this paper we present results from in-depth interviews which were conducted with information security and/or exercise experts from different Norwegian organizations with relevant EXCON experience, and suggest a future train-the trainer concept to meet the challenges found in the study.The result from the research shows that the development of exercise control teams is not prioritized by organizations, and not given time or resources for education or team development. Being part of an exercise control teams is a side job where organizations mostly rely on hiring external experts. Another key finding in this research is the importance of exercise planning competence amongst the exercise control team, for the exercises to be successfully executed. Results also shows that a core team of experts is necessary to continuously improve the exercises, and also the need for these experts participating in the preparation for exercises.References:Cisco. (2018). Annual cyber security report.NATO. (2013). Resilient e-Communications Networks Good Practice Guide on National Exercises Enhancing the Resilience of Public Communications Networks Good Practice Guide on Exercises 2 Good Practice Guide on National Exercises. http://www.enisa.europa.eu/act/resNikolova, I. (2017). Best Practice for Cybersecurity Capacity Building in Bulgaria’s Public Sector. Information & Security: An International Journal, 38, 79–92. https://doi.org/10.11610/isij.3806NTNU. (2019). The Norwegian Cyber Range. https://www.ntnu.no/ncrØstby, G., Lovell, K. N., & Katt, B. (2019). EXCON teams in cyber security training. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019, 14–19. https://doi.org/10.1109/CSCI49370.2019.00010PST 2021, (2021). https://www.pst.no/alle-artikler/trusselvurderinger/nasjonal-trusselvurdering-2021/

Keywords: EXCON, teams, training, cyber, range

DOI: 10.54941/ahfe1003725

Cite this paper:

​