Down the Rabbit Hole: Fostering Active Learning through Guided Exploration of a SCADA Cyber Range

Prior experience from the authors has shown that a heavily theoretical approach for cybersecurity training has multiple shortcomings, mostly due to the demanding and diversified nature of the prerequisites, often involving concepts about operating system design, networking and computer architecture, among others. In such circumstances, the quest for trainee engagement often turns into a delicate balancing act between managing their expectations and providing an adequate progression path. In this perspective, hands-on exercises and contact with high-fidelity environments play a vital part in fostering interest and promoting a rewarding learning experience. Making this possible requires having the ability to design and deploy different use case training scenarios in a flexible way, tailored to the specific needs of classroom-based, blended or e-learning teaching models. This paper presents a flexible framework for the creation of laboratory and cyber range environments for training purposes, detailing the development, implementation and exploration of a cyber range scenario, within the scope of a course on cyber-physical systems security. Moreover, the course structure, curricular aspects and teaching methods are also detailed, as well as the feedback obtained from the students