D2.2 Report on Training and Cyber-range capabilities and requirements

This Deliverable focuses on collecting cyber security training requirements and identifying 
the training needs of different stakeholders (coming from the targeted critical sectors of telecom, 
energy, healthcare, and maritime) at national, regional, and European level. To achieve this, a 
systematic requirements elicitation approach will be established, having a two-fold focus: a) to 
identify the requirements and specific needs of the participating stakeholders, which represent 
different critical sectors and with different needs with regard to IT security; and b) to substantially 
engage the external stakeholders so as to gain feedback regarding their needs and priorities in the 
frame of the project, through the realization of interviews with their users expressing significant 
interest on the project’s technologies and vision, and through the large-scale circulation of 
structured questionnaires, utilizing the dissemination channels of the participating partners. These 
requirements will be used for the customization of the Cyber Range Platform (T2.4 and WP4) and 
the establishment of the training programs and the specification of the training scenarios (WP3), 
which must demonstrate these requirements. This Deliverable will also include a preliminary 
analysis of Cyber-range training requirements imposed by the existing national and European legal 
and regulatory framework and regime (e.g. (NIS Directive and the General Data Protection 
Regulation (GDPR)). The identification of relevant sets of legislation (e.g. regarding data protection, 
privacy and security) and ethical principles will lead to a high-level description of provisions which 
will need to be taken into account in the course of the project and the development of all the cyber 
range training outcomes within. The aim of this Deliverable is to depict all relevant frameworks in 
order to assure that differing legal and regulatory constraints and internationally agreed standards 
for security, privacy and data protection are met. The deliverable will also include appropriate Key 
Performance Indicators (KPIs).