Cybersecurity is a critical issue for organizations of all sizes and industries. As cyberattacks become more sophisticated and frequent, it is essential for employees to be trained on how to identify and respond to these threats.
What are augmented reality and virtual reality?
Augmented reality (AR) and virtual reality (VR) are emerging technologies that offer new and innovative ways to train cybersecurity professionals.
Virtual Reality (VR)
The concept of virtual reality is perhaps the most familiar. It refers to experiencing an environment or virtual world in the most immersive way possible, where everything we see, hear and experience is created synthetically by a computer or electronic device. This virtual environment responds to our actions, for example, allowing us to see what is behind us by simply turning our head. This response will be more or less realistic depending on a number of factors. These factors include the sensors that communicate what we are doing to the virtual environment (e.g. control buttons), or the nature of the immersive experience itself (we can see with stereoscopic (3D) or monocular vision, or we can also move in 3D space. Virtual reality allows us to simulate places or situations that we do not have access to, such as learning to operate a machine that does not yet exist. The fact that environments can be recreated in a realistic but safe way is a very important feature of VR, which is very useful for cybersecurity training.
Augmented Reality (AR)
Augmented reality allows the user to visualize reality, but with objects or contextual information that enhances the information of the objects where they are positioned and to which they refer. For example, if we were looking at a machine, we could see in front of and in relation to it the data it is receiving, such as how much electricity it is using or how fast it is working. Augmented reality is useful for cybersecurity training because it allows the user to be in front of the real machine, but without actually interfering with its operation, so they can learn safely.
Benefits of using AR and VR in cybersecurity
There are many benefits to using AR and VR in cybersecurity training, including:
- Increased engagement and retention: AR and VR are highly engaging technologies that can help employees to learn and retain information more effectively due to its immersivity, and gamification possibilities.
- Improved understanding: AR and VR can be used to create realistic simulations of cybersecurity scenarios, which can help employees to better understand the threats they face and how to respond to them.
- Reduced risk: AR and VR can be used to train employees on cybersecurity skills in a safe and controlled environment, without the risk of making mistakes that could have real-world consequences.
- Scalability: AR and VR training programs can be easily scaled to meet the needs of organizations of all sizes. This is because AR and VR headsets are becoming increasingly affordable and accessible.
Within the ELECTRON project, we are using the advantages and characteristics of AR and VR to train users in cybersecurity at very different levels. In fact, we are training office staff with no prior knowledge of cybersecurity as well as experienced users such as EMSP operators, SCADA operators, substation operators, substation engineers or security administrators. The skills covered by the project include phishing, denial of service, spoofing and unauthorized activities.
We are using tools that have been created for training on other topics to be used in cybersecurity. We are using tools like KAYROX VR or PROCESS AR. These tools are designed and developed so that any ordinary user can create their own training content in VR and AR. Although previous cases have been described of VR and AR training content being created for cybersecurity training, these have generally been examples created specifically for the project, describing specific use cases. At ELECTRON we are using generic AR and VR content creation tools to generate specific cybersecurity content, and for them we have developed a specific methodology that allows cybersecurity experts to focus on describing the training content, with the description of the environments, questions, answers, etc., while experts in the use of the tools have been in charge of translating this information into training content in AR and VR. This methodology makes it possible to identify best practices on what type of content is best for each tool, how to organize information, how to achieve certain objectives, etc.
Conclusion
AR and VR are still relatively new technologies, but they have the potential to revolutionize cybersecurity training. The ELECTRON project is developing AR and VR training methodology for cybersecurity professionals at different levels of expertise that will allow organizations to create their own AR and VR training solutions.