KIRAS Security Research

The CURSOR project aims to study the possibilities for and develop a nationwide exercise program that takes into account both nationwide and sector-specific (program) exercises. Several methodological steps are needed to achieve this. In the first step, a comprehensive analysis of current state of practice and research in the field of cyber-exercises will be carried out. Furthermore, actors and organizers in the field of cyber-exercises will be interviewed to obtain a comprehensive overview of technology, content and organization. Based on this study, the next step will be to derive the requirements for a national cyber exercise program and to identify possible goals and measurement criteria with relevant stakeholders. On this basis, a cyber exercise program will be specified and strategic as well as operational aspects will be highlighted.

A further goal of the project is the development and specification of a cyber exercise platform, which processes exercise results of program exercises and enables an exercise history. A challenge is, for example, how to design the integration of non-program cyber exercises in this context. A proof-of-concept cyber exercise calendar will be designed and implemented to discuss a part of the exercise platform and its facets, together with relevant stakeholders, incorporating this feedback directly. In addition, recommendations and support measures for cyber-exercises will be defined, in particular to support operators of essential services and organizations in carrying out cyber-exercises based on the cyber-exercise program.

The result of this project is a study that will provide a concept for a nationwide cyber exercise program and cyber exercise platform as well as the implementation of a proof-of-concept exercise calendar. These findings can be used as a basis for a discussion for further development of a national exercise program and can thus indirectly contribute to the resilience of Austria against the impacts of attacks stemming from Cyber space.