Cyber security training for critical infrastructure protection: A literature review

Response, 2014 MacKenzie, 2014 Davis, 2020 Ghafir, 2016, A survey on network security monitoring systems, 77 IRM, 2015 Chris, 2015, Preventing cyberattacks and data breaches via employee awareness training and phishing simulations, schneiderdowns Commission, 2018 Nagarajan, 2012, Exploring game design for cybersecurity training, 256 Park, 2017, Enhancing education curriculum of cyber security based on NICE, KIPS Trans. Comput. Commun. Syst., 6, 321 Jacob, 2018, Is the NICE cybersecurity workforce framework (NCWF) effective for a workforce comprised of interdisciplinary majors?, 124 Jones, 2018, The core cyber-defense knowledge, skills, and abilities that cybersecurity students should learn in school: Results from interviews with cybersecurity professionals, ACM Trans. Comput. Educ. (TOCE), 18, 1, 10.1145/3152893 Krumay, 2018, Evaluation of cybersecurity management controls and metrics of critical infrastructures: A literature review considering the NIST cybersecurity framework, 369 Abawajy, 2014, User preference of cyber security awareness delivery methods, Behav. Inf. Technol., 33, 237, 10.1080/0144929X.2012.708787 Aldawood, 2019, Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues, Future Internet, 11, 73, 10.3390/fi11030073 Chowdhury, 2020, Key competencies for critical infrastructure cyber-security: a review Melad Mohamed Al-Daeef, Nurlida Basir, Madihah Mohd Saudi, Security awareness training: A review, in: Proceedings of the World Congress on Engineering, vol. 1, 2017, pp. 5–7. Ponnurangam Kumaraguru, Yong Rhee, Steve Sheng, Sharique Hasan, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Getting users to pay attention to anti-phishing education: evaluation of retention and transfer, in: Proceedings of the Anti-Phishing Working Groups 2nd Annual ECrime Researchers Summit, 2007, pp. 70–81. Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge, Protecting people from phishing: the design and evaluation of an embedded training email system, in: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2007, pp. 905–914. Anderson, 1996, Situated learning and education, Educ. Res., 25, 5, 10.3102/0013189X025004005 Alnajim, 2009, An evaluation of users’ anti-phishing knowledge retention, 210 Alotaibi, 2016, A review of using gaming technology for cyber-security awareness, Int. J. Inf. Secur. Res.(IJISR), 6, 660 Abd Rahim, 2015, A systematic review of approaches to assessing cybersecurity awareness, Kybernetes Tweneboah-Koduah, 2018, Security risk assessment of critical infrastructure systems: A comparative study, Comput. J., 61, 1389, 10.1093/comjnl/bxy002 Okoli, 2010, A guide to conducting a systematic literature review of information systems research, SSRN Electron. J., 10 Yamin, 2020, Cyber ranges and security testbeds: Scenarios, functions, tools and architecture, Comput. Secur., 88, 10.1016/j.cose.2019.101636 De Cerchio, 2011, Aircraft systems cyber security, 1C3 Gopalakrishnan, 2013, Cyber security for airports, Int. J. Traffic Transp. Eng., 3, 365, 10.7708/ijtte.2013.3(4).02 Kagalwalla, 2019, Cybersecurity in aviation: An intrinsic review, 1 Janisz, 2016, Model for cybersecurity requirements definition in civil aviation, Autobusy: Tech. Eksploatacja Syst. Transp., 17, 630 Lykou, 2018, Implementing cyber-security measures in airports to improve cyber-resilience, 1 Schmitt, 2019, Simulation-supported aviation cyber-security risk analysis: a case study, CEAS Aeronaut. J., 10, 517, 10.1007/s13272-018-0331-2 Yardley, 2014, Developing a smart grid cybersecurity education platform and a preliminary assessment of its first application, 1 Curtis, 2015, Evaluating and improving cybersecurity capabilities of the energy critical infrastructure, 1 Rob, 2014, Addressing cyber security for the oil, gas and energy sector, 1 Strasser, 2014, Co-simulation training platform for smart grids, IEEE Trans. Power Syst., 29, 1989, 10.1109/TPWRS.2014.2305740 Hahn, 2013, Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid, IEEE Trans. Smart Grid, 4, 847, 10.1109/TSG.2012.2226919 Oyewumi, 2019, Isaac: The idaho cps smart grid cybersecurity testbed, 1 Joseph Stites, Ambareen Siraj, Eric L. Brown, Smart grid security educational training with thundercloud: a virtual security test bed, in: Proceedings of the 2013 on InfoSecCD’13: Information Security Curriculum Development Conference, 2013, pp. 105–110. Jauhar, 2015, Model-based cybersecurity assessment with nescor smart grid failure scenarios, 319 Vellaithurai, 2013, SECPSIM: A training simulator for cyber-power infrastructure security, 61 Holm, 2013, Cyber security for a smart grid-what about phishing?, 1 Masood, 2016 Gupta, 2017, Security culture for nuclear facilities Gupta, 2018, The need for integrated cybersecurity and safety training, J. Nucl. Eng. Radiat. Sci., 4, 10.1115/1.4040372 Kang, 2010, Development of cyber security assessment methodology for the instrumentation & control systems in nuclear power plants, J. Korea Acad.-Ind. Coop. Soc., 11, 3451 Ahn, 2015, Development of cyber-attack scenarios for nuclear power plants using scenario graphs, Int. J. Distrib. Sens. Netw., 11, 10.1155/2015/836258 Kim, 2007, Guideline of cyber security policy for digital i&c systems in nuclear power plant Rice, 2018 Khattak, 2017, Review of cyber security applications in nuclear power plants, J. Adv. Res. Appl. Sci. Eng. Technol., 7, 43 Lee, 2016 Pollet, 2009, All hazards approach for assessing readiness of critical infrastructure, 366 Skarga-Bandurova, 2016, An experience report on education and training programme in cybersecurity of critical infrastructures, Inf. Secur. Int. J., 35, 123 Jarmakiewicz, 2015, Development of cyber security testbed for critical infrastructure, 1 Chris Foreman, M. Turner, K. Perusich, Educational modules in industrial control systems for critical infrastruc-ture cyber security, in ASEE Annual Conference and Exposition, Conference Proceedings, vol. 122, 2015, p. 01. Mishra, 2015, On building cybersecurity expertise in critical infrastructure protection, 1 Dominguez, 2017, Cybersecurity training in control systems using real equipment, IFAC-PapersOnLine, 50, 12179 Yoon, 2016, Evaluating the readiness of cyber first responders responsible for critical infrastructure protection, Int. J. Crit. Infrastruct. Prot., 13, 19, 10.1016/j.ijcip.2016.02.003 Gartlehner, 2006 Willems, 2011, A distributed virtual laboratory architecture for cybersecurity training, 408 Acosta, 2017, A platform for evaluator-centric cybersecurity training and data acquisition, 394 Toth, 2013, A role-based model for federal information technology/cyber security training, NIST Specl. Publ., 800, 1 Le Compte, 2015, A renewed approach to serious games for cyber security, 203 Cone, 2007, A video game for cyber security training and awareness, Comput. Secur., 26, 63, 10.1016/j.cose.2006.10.005 Hernández-Ardieta, 2011 Martin, 2013, Building a cybersecurity workforce with remote labs, Inf. Syst. Educ. J., 11, 57 Sandro Fouché, Andrew H. Mangle, Code hunt as platform for gamification of cybersecurity training, in: Proceedings of the 1st International Workshop on Code Hunt Workshop on Educational Software Engineering, 2015, pp. 9–11. Tioh, 2017, Cyber security training a survey of serious games in cyber security, 1 Menelaos N. Katsantonis, Panayotis Fouliras, Ioannis Mavridis, Conceptualization of game based approaches for learning and training on cyber security, in: Proceedings of the 21st Pan-Hellenic Conference on Informatics, 2017, pp. 1–2. Rajamäki, 2018, Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF), 2042 Adams, 2015, Cybersecurity skills training: an attacker-centric gamified approach, Technol. Innov. Manag. Rev., 5, 10.22215/timreview/861 Gonzalez, 2017, Cybersecurity teaching through gamification: Aligning training resources to our syllabus, Res. Comput. Sci., 146, 35, 10.13053/rcs-146-1-4 Hoffman, 2011, Holistically building the cybersecurity workforce, IEEE Secur. Privacy, 10, 33, 10.1109/MSP.2011.181 Jin, 2018, Evaluation of game-based learning in cybersecurity education for high school students, J. Educ. Learn. (EduLearn), 12, 150, 10.11591/edulearn.v12i1.7736 Kim, 2017, Development of cyber information security education and training system, Multimedia Tools Appl., 76, 6051, 10.1007/s11042-016-3495-y Urias, 2017, Dynamic cybersecurity training environments for an evolving cyber workforce, 1 Ben D. Sawyer, Victor S. Finomore, Greg J. Funke, Vincent F. Mancuso, Brent Miller, Joel Warm, P.A. Hancock, Evaluating cybersecurity vulnerabilities with the email testbed: Effects of training, in: Proceedings 19th Triennial Congress of the IEA, vol. 9, 2015, p. 14. Richard E. Beyer, B.J. Brummel, Implementing effective cyber security training for end users of computer networks, in: SHRM-SIOP Science of HR Series: Promoting Evidence-Based HR, 2015. Korpela, 2015, Improving cyber security awareness and training programs with data analytics, Inf. Secur. J.: Glob. Perspect., 24, 72 Silva, 2014 Joni A. Amorim, Maurice Hendrix, Sten F. Andler, Per M. Gustavsson, Gamified training for cyber defence: Methods and automated tools for situation and threat assessment, in: NATO Modelling and Simulation Group (MSG) Annual Conference 2013 (MSG-111), 2013. Ge Jin, Manghui Tu, Tae-Hoon Kim, Justin Heffron, Jonathan White, Game based cybersecurity training for high school students, in: Proceedings of the 49th ACM Technical Symposium on Computer Science Education, 2018, pp. 68–73. Daniele Antonioli, Hamid Reza Ghaeini, Sridhar Adepu, Martin Ochoa, Nils Ole Tippenhauer, Gamifying ICS security training and research: Design, implementation, and results of S3, in: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, 2017, pp. 93–102. Patriciu, 2009, Guide for designing cyber security exercises, 172 Khaled Salah, Harnessing the cloud for teaching cybersecurity, in: Proceedings of the 45th ACM Technical Symposium on Computer Science Education, 2014, pp. 529–534. McClain, 2015, Human performance factors in cyber security forensic analysis, Proc. Manuf., 3, 5301 Beuran, 2018, Integrated framework for hands-on cybersecurity training: CyTrONE, Comput. Secur., 78, 43, 10.1016/j.cose.2018.06.001 Tang, 2017, Interactive cybersecurity defense training inspired by web-based learning theory, 90 Proctor, 2016 Boopathi, 2015, Learning cyber security through gamification, Indian J. Sci. Technol., 8, 642, 10.17485/ijst/2015/v8i7/67760 Willems, 2012, Online assessment for hands-on cyber security training in a virtual lab, 1 Dodge, 2003, Organization and training of a cyber security team, 4311 Aldawood, 2019, Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues, Future Internet, 11, 73, 10.3390/fi11030073 Raman, 2014, Serious games based approach to cyber security concept learning: Indian context, 1 Pastor, 2010, State-of-the-art simulation systems for information security education, training and awareness, 1907 Kellie E. Kercher, Dale C. Rowe, Risks, rewards and raising awareness: training a cyber workforce using student red teams, in: Proceedings of the 13th Annual Conference on Information Technology Education, 2012, pp. 75–80. Aoyama, 2015, Studying resilient cyber incident management from large-scale cyber security training, 1 Denise Nicholson, Lauren Massey, R. O’Grady, E. Ortiz, Tailored Cybersecurity training in LVC environments, in: MODSIM World Conference, Virginia Beach, VA, 2016. Tunc, 2015, Teaching and training cybersecurity as a cloud service, 302 Salah, 2015, Teaching cybersecurity using the cloud, IEEE Trans. Learn. Technol., 8, 383, 10.1109/TLT.2015.2424692 Christopher Herr, Dennis Allen, Video games as a training tool to prepare the next generation of cyber warriors, in: Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research, 2015, pp. 23–29. Olano, 2014, SecurityEmpire: Development and evaluation of a digital game to promote cybersecurity education Beuran, 2016, Towards effective cybersecurity education and training Ferguson, 2005, Fostering e-mail security awareness: The west point carronade, Educ. Q., 28, 54 Bowen, 2011, Measuring the human factor of cyber security, 230 Gragg, 2003, A multi-level defense against social engineering, SANS Reading Room, 13 Gratian, 2018, Correlating human traits and cyber security behavior intentions, Comput. Secur., 73, 345, 10.1016/j.cose.2017.11.015 Ricci, 2019, Survey results on adults and cybersecurity education, Educ. Inf. Technol., 24, 231, 10.1007/s10639-018-9765-8 Abbott, 2015, Log analysis of cyber security training exercises, Proc. Manuf., 3, 5088 Parsons, 2014, Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q), Comput. Secur., 42, 165, 10.1016/j.cose.2013.12.003 Leach, 2003, Improving user security behaviour, Comput. Secur., 22, 685, 10.1016/S0167-4048(03)00007-5 Valentine, 2006, Enhancing the employee security awareness model, Comput. Fraud Secur., 2006, 17, 10.1016/S1361-3723(06)70370-0 Kumar, 2015, Social engineering threats and awareness: a survey, Eur. J. Adv. Eng. Technol., 2, 15 Herrington, 2014, Authentic learning environments, 401 Reeves, 2002 Hendrix, 2016, Game based cyber security training: are serious games suitable for cyber security training?, Int. J. Ser. Games, 3, 53 Sedgewick, 2014 Hurst, 2014, A survey of critical infrastructure security, 127 Aldawood, 2019, Challenges of implementing training and awareness programs targeting cyber security social engineering, 111 Santos, 2017, Challenges and reflections in designing cyber security curriculum, 47 Ghafir, 2018, Security threats to critical infrastructure: the human factor, J. Supercomput., 74, 4986, 10.1007/s11227-018-2337-2