{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T03:44:00Z","timestamp":1768535040481,"version":"3.49.0"},"reference-count":21,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2023,12,28]],"date-time":"2023-12-28T00:00:00Z","timestamp":1703721600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["2022R1F1A1074773"],"award-info":[{"award-number":["2022R1F1A1074773"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>With the advancement of IT technology, intelligent devices such as autonomous vehicles, unmanned equipment, and drones are rapidly evolving. Consequently, the proliferation of defense systems based on these technologies is increasing worldwide. In response, the U.S. Department of Defense is implementing the RMF (Risk Management Framework) to ensure the cybersecurity of defense systems and conducting cybersecurity T&amp;E (test and evaluation) concurrently. However, RMF and cybersecurity T&amp;E conducted during the acquisition phase of defense systems often result in fragmented cybersecurity assessments, excluding the operational environment of the defense systems. This omission fails to account for the complex network integration, data exchange functionalities, and mission-specific requirements in actual cyber attack scenarios. For these reasons, vulnerabilities in defense systems that remain unidentified during the acquisition phase can potentially pose significant cybersecurity threats during operational phases, necessitating substantial costs and efforts for remediation. Therefore, this paper proposes a mission-based cybersecurity T&amp;E model using a Multi-Cyber Range to effectively apply these two systems in a practical manner. The Multi-Cyber Range integrates independently operated cyber ranges into a network to expand the evaluation environment, which better reflects the mission environment of defense systems. The proposed model\u2019s effectiveness is validated using a cyber attack simulation system targeting a virtualized arbitrary defense system. This paper not only presents an enhanced model for mission-based cybersecurity T&amp;E, but also contributes to the advancement of cybersecurity T&amp;E methodologies by providing a concrete application process.<\/jats:p>","DOI":"10.3390\/info15010018","type":"journal-article","created":{"date-parts":[[2023,12,28]],"date-time":"2023-12-28T09:35:21Z","timestamp":1703756121000},"page":"18","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["A Study on the Multi-Cyber Range Application of Mission-Based Cybersecurity Testing and Evaluation in Association with the Risk Management Framework"],"prefix":"10.3390","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1436-3024","authenticated-orcid":false,"given":"Ikjae","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Republic of Korea"},{"name":"R.O.K Cyber Operation CMD, Suwon City 13834, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Moosung","family":"Park","sequence":"additional","affiliation":[{"name":"R.O.K Agency for Defense Development, Seoul 05771, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hyun-Jin","family":"Lee","sequence":"additional","affiliation":[{"name":"Cyber Battlefield Field, Hanwha Systems, Seongnam-si 13524, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1457-6846","authenticated-orcid":false,"given":"Jisoo","family":"Jang","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Republic of Korea"},{"name":"Department of Convergence Engineering for Intelligent Drones, Sejong University, Seoul 05006, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4117-407X","authenticated-orcid":false,"given":"Soojin","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Defense Science, Korea National Defense University, Nonsan-si 33021, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2665-3339","authenticated-orcid":false,"given":"Dongkyoo","family":"Shin","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Republic of Korea"},{"name":"Department of Convergence Engineering for Intelligent Drones, Sejong University, Seoul 05006, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,12,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kim, I., Kim, S., Kim, H., and Shin, D. (2022). Mission-Based Cybersecurity Test and Evaluation of Weapon Systems in Association with Risk Management Framework. Symmetry, 14.","DOI":"10.3390\/sym14112361"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Park, M., Lee, H., Kim, Y., Kim, K., and Shin, D. (2022). Design and Implementation of Multi-Cyber Range for Cyber Training and Testing. Appl. Sci., 12.","DOI":"10.3390\/app122412546"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Khalid Alkahtani, H., Mahmood, K., Khalid, M., Othman, M., Al Duhayyim, M., Osman, A.E., Alneil, A.A., and Zamani, A.S. (2023). Optimal Graph Convolutional Neural Network-Based Ransomware Detection for Cybersecurity in IoT Environment. Appl. Sci., 13.","DOI":"10.3390\/app13085167"},{"key":"ref_4","unstructured":"NIST (2018). Risk Management Framework for Information Systems and Organizations, NIST SP 800-37 Rev.2."},{"key":"ref_5","unstructured":"NIST (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0)."},{"key":"ref_6","first-page":"1","article-title":"Artificial Intelligence and Machine Learning Applications to Navy Ships: Cybersecurity and Risk Management","volume":"135","author":"Mun","year":"2023","journal-title":"Nav. Eng. J."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Melaku, H.M. (2023). Context-Based and Adaptive Cybersecurity Risk Management Framework. Risks, 11.","DOI":"10.3390\/risks11060101"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Parsons, E.K., Panaousis, E., Loukas, G., and Sakellari, G. (2023). A Survey on Cyber Risk Management for the Internet of Things. Appl. Sci., 13.","DOI":"10.20944\/preprints202306.2172.v1"},{"key":"ref_9","unstructured":"Department of Defense (2023, August 17). Cybersecurity Test and Evaluation Guidebook, Version 2.0 Change 1, Available online: https:\/\/daytonaero.com\/wp-content\/uploads\/DOD_Cybersecurity-Test-and-Evaluation-Guidebook-Version2-C1_10-Feb-2020.pdf."},{"key":"ref_10","unstructured":"(2023, August 18). Cybersecurity and Acquisition Lifecycle Integration Tool (CALIT). Available online: https:\/\/media.dau.edu\/media\/Cybersecurity+and+Acquisition+Lifecycle+Integration+Tool+%28CALIT%29\/0_f8rabm9y."},{"key":"ref_11","unstructured":"Whatmore, K. (2021). Cyber Resiliency Office for Weapon Systems: Systems Security Engineering Cyber Guidebook Version 4.0, Defense Technical Information Center."},{"key":"ref_12","unstructured":"NIST (2017). National Initiative for Cybersecurity Education (NICE), NICE One Pager for Cyber Ranges."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Oikonomou, N., Mengidis, N., Spanopoulos-Karalexidis, M., Voulgaridis, A., Merialdo, M., Raisr, L., Hanson, K., Vallee, P.L., Tsikrika, T., and Vrochidis, S. (2021, January 26\u201328). ECHO Federated Cyber Range: Towards Next-Generation Scalable Cyber Ranges. Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece.","DOI":"10.1109\/CSR51186.2021.9527985"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Cruz, T., and Sim\u00f5es, P. (2021). Down the Rabbit Hole: Fostering Active Learning through Guided Exploration of a SCADA Cyber Range. Appl. Sci., 11.","DOI":"10.3390\/app11209509"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"2236","DOI":"10.1109\/TII.2016.2599841","article-title":"A cybersecurity detection framework for supervisory control and data acquisition systems","volume":"12","author":"Cruz","year":"2016","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Balto, K.E., Yamin, M.M., Shalaginov, A., and Katt, B. (2023). Hybrid IoT Cyber Range. Sensors, 23.","DOI":"10.3390\/s23063071"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Lee, D.-H., Kim, C.-M., Song, H.-S., Lee, Y.-H., and Chung, W.-S. (2023). Simulation-Based Cybersecurity Testing and Evaluation Method for Connected Car V2X Application Using Virtual Machine. Sensors, 23.","DOI":"10.3390\/s23031421"},{"key":"ref_18","unstructured":"de Naray, R.K., and Buytendyk, A.M. (2022). Analysis of Mission Based Cyber Risk Assessments (MBCRAs) Usage in DoDs Cyber Test and Evaluation, Institute for Defense Analyses."},{"key":"ref_19","unstructured":"NIST (2008). Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60 Rev.1."},{"key":"ref_20","unstructured":"NIST (2013). Security & Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53 Rev.4."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Chouliaras, N., Kittes, G., Kantzavelou, I., Maglaras, L., Pantziou, G., and Ferrag, M.A. (2021). Cyber Ranges and TestBeds for Education, Training, and Research. Appl. Sci., 11.","DOI":"10.3390\/app11041809"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/1\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:43:19Z","timestamp":1760132599000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/15\/1\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,28]]},"references-count":21,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,1]]}},"alternative-id":["info15010018"],"URL":"https:\/\/doi.org\/10.3390\/info15010018","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12,28]]}}}