On the Use and Strategic Implications of Cyber Ranges in Military Contexts: A Dual Typology

Andrew Dwyer; Kathrin Moog; Jantje Silomon; Mischa Hansel

doi:10.34190/iccws.18.1.981

On the Use and Strategic Implications of Cyber Ranges in Military Contexts: A Dual Typology

Andrew Dwyer, Kathrin Moog, Jantje Silomon, Mischa Hansel

Department of Information Security

Research output: Contribution to journal › Article › peer-review

55 Downloads (Pure)

Abstract

The use of simulated environments in cybersecurity – cyber ranges (CRs) – have become a popular method and tool to support training and education, assess system vulnerabilities, as well as to test and probe computer networks. Yet, CRs can be adopted to improve and enhance adversarial skill sets, tools, and operations that are attractive for military applications. This paper develops a strategic typology on how CRs have been used and adopted in military contexts (CRiMCs), where states have turned to CRs as one method to build cyber capacity, address proportionality and responsibility of cyber operations, as well as offer training and education.

We identify CRiMCs that offer two strategic purposes: 1) reserved for sovereign use and capability development and 2) those intended to support cyber capacity building through domestic resilience and collaborative inter-state exercises. We thus ask, why do states establish sovereign cyber ranges ‘on top’ of being involved in collaborative ones? Why and how do they differ? To answer such questions, this paper delves into both the crucial technical components that support each CRiMC type and their implications by offering exemplars from five states (Lithuania, Norway, Slovenia, the Netherlands, and the USA). The paper concludes with some preliminary thoughts on future research avenues on CRiMCs and their implications for the use and governance of state cyber capabilities.

Original language	English
Pages (from-to)	57-66
Number of pages	10
Journal	Proceedings of the 18th International Conference on Cyber Warfare and Security
Volume	18
Issue number	1
DOIs	https://doi.org/10.34190/iccws.18.1.981
Publication status	Published - 28 Feb 2023

Access to Document

10.34190/iccws.18.1.981Licence: CC BY-NC-ND

Accepted ManuscriptAccepted author manuscript, 123 KBLicence: CC BY-NC-ND

Cite this

@article{2f7309704c3046c9ae36f3fb202e80d5,

title = "On the Use and Strategic Implications of Cyber Ranges in Military Contexts: A Dual Typology",

abstract = "The use of simulated environments in cybersecurity – cyber ranges (CRs) – have become a popular method and tool to support training and education, assess system vulnerabilities, as well as to test and probe computer networks. Yet, CRs can be adopted to improve and enhance adversarial skill sets, tools, and operations that are attractive for military applications. This paper develops a strategic typology on how CRs have been used and adopted in military contexts (CRiMCs), where states have turned to CRs as one method to build cyber capacity, address proportionality and responsibility of cyber operations, as well as offer training and education.We identify CRiMCs that offer two strategic purposes: 1) reserved for sovereign use and capability development and 2) those intended to support cyber capacity building through domestic resilience and collaborative inter-state exercises. We thus ask, why do states establish sovereign cyber ranges {\textquoteleft}on top{\textquoteright} of being involved in collaborative ones? Why and how do they differ? To answer such questions, this paper delves into both the crucial technical components that support each CRiMC type and their implications by offering exemplars from five states (Lithuania, Norway, Slovenia, the Netherlands, and the USA). The paper concludes with some preliminary thoughts on future research avenues on CRiMCs and their implications for the use and governance of state cyber capabilities.",

author = "Andrew Dwyer and Kathrin Moog and Jantje Silomon and Mischa Hansel",

year = "2023",

month = feb,

day = "28",

doi = "10.34190/iccws.18.1.981",

language = "English",

volume = "18",

pages = "57--66",

journal = "Proceedings of the 18th International Conference on Cyber Warfare and Security",

number = "1",

}

TY - JOUR

T1 - On the Use and Strategic Implications of Cyber Ranges in Military Contexts

T2 - A Dual Typology

AU - Dwyer, Andrew

AU - Moog, Kathrin

AU - Silomon, Jantje

AU - Hansel, Mischa

PY - 2023/2/28

Y1 - 2023/2/28

N2 - The use of simulated environments in cybersecurity – cyber ranges (CRs) – have become a popular method and tool to support training and education, assess system vulnerabilities, as well as to test and probe computer networks. Yet, CRs can be adopted to improve and enhance adversarial skill sets, tools, and operations that are attractive for military applications. This paper develops a strategic typology on how CRs have been used and adopted in military contexts (CRiMCs), where states have turned to CRs as one method to build cyber capacity, address proportionality and responsibility of cyber operations, as well as offer training and education.We identify CRiMCs that offer two strategic purposes: 1) reserved for sovereign use and capability development and 2) those intended to support cyber capacity building through domestic resilience and collaborative inter-state exercises. We thus ask, why do states establish sovereign cyber ranges ‘on top’ of being involved in collaborative ones? Why and how do they differ? To answer such questions, this paper delves into both the crucial technical components that support each CRiMC type and their implications by offering exemplars from five states (Lithuania, Norway, Slovenia, the Netherlands, and the USA). The paper concludes with some preliminary thoughts on future research avenues on CRiMCs and their implications for the use and governance of state cyber capabilities.

AB - The use of simulated environments in cybersecurity – cyber ranges (CRs) – have become a popular method and tool to support training and education, assess system vulnerabilities, as well as to test and probe computer networks. Yet, CRs can be adopted to improve and enhance adversarial skill sets, tools, and operations that are attractive for military applications. This paper develops a strategic typology on how CRs have been used and adopted in military contexts (CRiMCs), where states have turned to CRs as one method to build cyber capacity, address proportionality and responsibility of cyber operations, as well as offer training and education.We identify CRiMCs that offer two strategic purposes: 1) reserved for sovereign use and capability development and 2) those intended to support cyber capacity building through domestic resilience and collaborative inter-state exercises. We thus ask, why do states establish sovereign cyber ranges ‘on top’ of being involved in collaborative ones? Why and how do they differ? To answer such questions, this paper delves into both the crucial technical components that support each CRiMC type and their implications by offering exemplars from five states (Lithuania, Norway, Slovenia, the Netherlands, and the USA). The paper concludes with some preliminary thoughts on future research avenues on CRiMCs and their implications for the use and governance of state cyber capabilities.

U2 - 10.34190/iccws.18.1.981

DO - 10.34190/iccws.18.1.981

M3 - Article

VL - 18

SP - 57

EP - 66

JO - Proceedings of the 18th International Conference on Cyber Warfare and Security

JF - Proceedings of the 18th International Conference on Cyber Warfare and Security

IS - 1

ER -