The next-generation cooperative cyber range capability must address at least the following issues:

Set up of trainings and exercises with classified information, especially for cross-border exercises by EU Member States and EDF Associated Countries.

Although the use of classified information in national exercises and trainings is not a new phenomenon, it is, firstly, still absent from the capabilities of many nations and, secondly, there is no existing solution that offers an EU-wide, cross-border classified capability. Such a capability could help various countries in using this functionality which they otherwise would not be able to use and it would provide a currently unavailable solution to conducting exercises across nations, including for topics such as information sharing and ensuring confidentiality of related data. This would also benefit the EU’s military structure, e.g., EU Military Staff, European Defence Agency and others.

Moreover, such a capability can be used by nations internally, e.g., for its different security agencies both in defence and national security to increase interoperability.

Set up of trainings and exercises covering the entire chain of cyber defence operations from planning through conduct up to review, including by utilising realistic mission networks.

Most large-scale technical cyber exercises that are currently conducted do not sufficiently cover all relevant aspects of cyberspace operations. While such aspects are sometimes covered in non-technical exercises, these tend to not sufficiently well incorporate technical cyber defence teams. As a result, truly comprehensive and effective exercises are difficult to deliver.

The aspects that surround these technical activities (e.g., operation planning, legal considerations) and which complement incident management (e.g., intelligence activities) require different scenarios and different technical exercise environments in comparison to existing capabilities. The latter also includes the challenge of creating realistic federated mission networks for training purposes.

Key aspects in this entire chain are also the analysis of the performance of the cyber operators and the scoring of cyber security situational awareness.

Leveraging Artificial Intelligence throughout the delivery of trainings and exercises (e.g., for Blue, Red, White and Green Teams)

The use of AI in different phases and parts of cyber exercises and trainings has been researched and developed to an extent. This includes, for example, AI-based scenario generation, and AI-based Red/Blue Teams with hybrid skills (human + AI-based attack/defend strategies (developed in different private companies). AI also plays a pivotal role in generating comprehensive situational awareness for the development of realistic federated missions.

In the area of federated missions, which employ multiple teams operating from different locations, AI technologies could help to identify the operational deficiencies within each team member, informing subsequent training customisation and generating tailored scenarios.

It is clear that AI can assist in these and in other parts of cyber capability development. The proposals are expected to provide AI-based solutions that target all major parts of cyber exercise and training delivery, as well as AI-based solutions for the performance evaluation of the trainees using the hybrid skills.

Set up of trainings and exercises that leverage the concept of digital twins.

Digital twins as a concept has a long history. The use of such solutions in cyber exercises has also been targeted previously but not with results that have been sufficiently persistent or useful. Therefore, the challenge remains on developing digital twins or other high-fidelity simulations that have a reasonable cost-effectiveness – given that a common dilemma in such simulations is finding a balance between cost of creating such digital copies and the learning impact that those simulations can offer on top of more standardised ways for IT/OT system and network simulations. One possible avenue for successful balancing of these requirements may be witnessed in the space domain, given its increased need for simulations and testing.

Develop or facilitate a framework for accreditation of training centres and personnel skill levels.

The solutions should include a proposal on how to establish certified practices for accreditation of training centres (cyber ranges) and skill levels (personal and team certificates). The solution should take into account EU-wide accreditation schemes. However, these should allow for national specificities. Where possible, existing standards, such as relevant NATO practices, should be used.

Cross-cutting items

All solutions must address the challenge of sharing and pooling cyber range capabilities in a coordinated manner between cyber range providers. This challenge may be best addressed by using and enhancing existing initiatives and projects. Moreover, this sharing and pooling can be demonstrated, for example, via the implementation of the project’s solutions in different cyber ranges through federation. If federation as an approach is used, it is expected that the proposals also cover the business and management side of the federation. This could, for example, formalise in the development of model cooperation agreements that mimic actual needs and have been developed with processes similar to actual processes (twin environments).

Where existing or new cyber range and cyber exercise standards (e.g., for scenario development and game net creation) are covered, the proposal must address the challenge of achieving a wide user-based of the standard. Proposing the use of any such standards without clearly addressing the way forward may invalidate the whole part of the proposal related to such standards because the success of a standard is as much dependent on the community as the standard’s actual content.