Passive and active training approaches for critical infrastructure protection

Abstract In order to strengthen Critical Infrastructure's protection and resilience, it is central to invest in training and simulations, to spread a security culture and develop the awareness among all personnel involved in the Critical Infrastructure security. Nowadays, attackers represent a major threat due to the combination of both cyber and kinetic operations, targeting human factors vulnerabilities. It is also critical to develop and straighten a “human firewall” inside critical organizations through the enhancement of Security Education, Training and Awareness (SETA) and stresses the need for the development of a security culture inside organizations. In such scenarios, today, the awareness within organizations, both in public and private sector, is achieved through passive and active training techniques. A hybrid approach is proposed as a powerful compromise between the two that can best deliver the desired level of awareness and meet the needs and satisfaction of employees. Adopting a balanced mix of techniques that comprise engagement-based and less interactive methods seems to be the best way to attain security awareness.