Simulation framework for practical cyber security training in the public service
More details
Hide details
Doctoral School of Military Engineering, National University of Public Service, Hungary
Veronika Deák   

Doctoral School of Military Engineering, National University of Public Service, Hungary
Submission date: 2020-12-09
Final revision date: 2020-12-29
Acceptance date: 2020-12-29
Online publication date: 2021-03-19
Publication date: 2021-03-31
Security and Defence Quarterly 2021;33(1)
The public service sector is a key target of cyberattacks. In order to prevent and effectively tackle such attacks, organisations should continuously develop their defence capabilities. As part of developing such capabilities, public service cybersecurity training is required to teach students about cyberattacks. The present study uses quantitative research techniques including (i) how to identify key requirements for the practical aspects of public service cybersecurity training and (ii) sampling to utilise international best practices from cybersecurity education and conceptual architectures from existing public service organisations. A schematic structure with a two-level practical training course is proposed. On the first level, the students learn about the defence mechanisms of their own info-communication devices and try to prevent attacks in a simulated environment. On the second level, the students apply protection strategies against cyberattacks in organisational infrastructure. Finally, a technical framework is defined to simulate cyberattacks against (a) personal devices and (b) a fictional organisational infrastructure. The specification of a public service cybersecurity training programme should not only focus on theoretical education but also provide practical knowledge to students. By simulating specific attacks, theoretical and practical knowledge can be combined. As a result, students will be able to recognise threats and potential risks from cyberspace.
Beuran, R., Tang, D., Pham, C., Chinen, K. I., Tan, Y., and Shinoda, Y. (2018) ‘Integrated framework for hands-on cybersecurity training: CyTrONE’, Computers & Security, 78, pp. 43–59. doi: 10.1016/j.cose.2018.06.001.
Dimkov, T., Pieters, W., and Hartel, P. (2011) ‘Training students to steal: a practical assignment in computer security education’, in Proceedings of the 42nd ACM technical symposium on computer science education, pp. 21–26. doi: 10.1145/1953163.1953175.
Krasznay, Cs. (2017) ‘A kiberbiztonság stratégiai vetületeinek oktatási kérdései a közszolgálatban’, Nemzet és Biztonság: Biztonságpolitikai szemle, 10(3), pp. 38–53.
Morgan, S. (2017) ‘Cybersecurity Jobs Report: A Special Report From the Editors at Cybersecurity Ventures’, Cybersecurity Ventures, 31 May 2017. Available at: (Accessed: 20 September 2020).
Newhouse, W., Keith, S., Scribner, B., and Witte, G. (2017) ‘National initiative for cybersecurity education (NICE) cybersecurity workforce framework’, NIST Special Publication, 800(2017), p. 181. doi: 10.6028/NIST.SP.800-181.
Patriciu, V. V. and Furtuna, A. C. (2009) ‘Guide for designing cybersecurity exercises’, in Proceedings of the 8th WSEAS International Conference on E-Activities and information security and privacy. World Scientific and Engineering Academy and Society (WSEAS), pp. 172–177.
Topham, L., Kifayat, K., Younis, Y. A., Shi, Q., and Askwith, B. (2016) ‘Cybersecurity teaching and learning laboratories: A survey’. Information & Security, 35(1), 51. doi: 10.11610/isij.3503.
Willems, C. and Meinel, C. (2012) ‘Online assessment for hands-on cybersecurity training in a virtual lab’, in Proceedings of the 2012 IEEE Global Engineering Education Conference (EDUCON), pp. 1–10. doi: 10.1109/EDUCON.2012.6201149.