Optimization of Cyber Defense Exercises Using Balanced Software Development Methodology

Abstract

Cyber defense exercises (CDXs) represent an effective way to train cybersecurity experts. However, their development is lengthy and expensive. The reason lies in current practice where the CDX life cycle is not sufficiently mapped and formalized, and then exercises are developed ad-hoc. However, the CDX development shares many aspects with software development, especially with ERP systems. This paper presents a generic CDX development method that has been derived from existing CDX life cycles using the SPEM standard meta-model. The analysis of the method revealed bottlenecks in the CDX development process. Observations made from the analysis and discussed in the paper indicate that the organization of CDXs can be significantly optimized by applying a balanced mixed approach with agile preparation and plan-driven disciplined evaluation.