1 / 17

A video game for cyber security training and awareness

A video game for cyber security training and awareness. Benjamin D. Cone et al. Naval Postgraduate School s lides by Keith Harrison. Roadmap. Introduction CyberCIEGE Components Development and testing Scenario Construction Requirements elicitation Scenarios Discussions and future work

field
Download Presentation

A video game for cyber security training and awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A video game for cyber security training and awareness Benjamin D. Cone et al. Naval Postgraduate School slides by Keith Harrison

  2. Roadmap • Introduction • CyberCIEGE • Components • Development and testing • Scenario Construction • Requirements elicitation • Scenarios • Discussions and future work • My Research • Conclusion

  3. Introduction • Combat user apathy! • Effective user training • one of the five areas of highest priority for action in a nation plan for cyberspace security • Cyberprotect - DoD1999, Ai Wars – Nexus Interactive • Limited in scope, extensibility • Don’t combine engaging virtual world with the human and technical factors of an IT environment

  4. Current training and awareness techniques • Formal training sessions • Passive computer-based and web-bassed training • Strategic placement of awareness messages • Interactive computer-based training

  5. CyberCIEGE • Developed in 2005 • Resource Management, Simulation • Virtual users need to be productive and achieve goals • Players operate and defend networks • Consequences of choices • Attacks by hackers, vandals, and professionals

  6. CyberCIEGE components • Simulation engine • Scenario definition language • Scenario development tool • Video-enhanced encyclopedia

  7. Development and testing • Scenario Language elements • Straightforward • Analogues in resource management games • Equipment Costs, Penalties incurred • Innovative • Assessment of vulnerabilities • User interface • Scenarios • Scenario development tools

  8. Scenario construction • Story telling is key • Easy to grasp virtual environment • Player makes information assurance decisions for some enterprise • Fundamental abstractions • Assets • Users • Attackers

  9. Simple scenario • Single asset • Single virtual user with the goal of accessing the asset • Virtual user needs a computer to access the asset • Once the asset exists on a computer attackers will target the asset • The game engine manages a “Virtual Economy”

  10. Extending the simple scenario • Physical security properties • Pre-existing computers, networks, and their configurations • Procedural security policies • Initial user training • Background checks for users • Money the player starts with • Equipment available for purchase • Support staff available

  11. Interacting with the player • Ongoing game state “conditions” • Active “triggers”

  12. Scenario construction cont. • Scenario audience selection • Elements of scenario design • Define information assets • Describe the story line in the briefing • Specify feedback • Conditions that constitute a win or a loss • Integrated development environment • Automate the syntax of the scenario definition language

  13. Requirements elicitation • Current policies for IA training and awareness • Laws and directives for the DoD requiring security training • Currently users just click through the CBT • Requirements analysis • U.S. Navy Information Security Program • INFOSEC program guidebooks

  14. Scenarios for training and awareness • Scenarios for IT staff • Introductory IA briefing • Information value • Access control mechanisms • Social engineering • Password management • Malicious software and basic safe computing • Safeguarding data • Physical security mechanisms • Other scenarios

  15. Discussions and future work • User experiences • No cost to organizations of the federal government, schools, and universities • 130 inquires by organizations • Future work • Effectiveness versus click-through training • Real-time instructor monitoring • Multiplayer version • Wireless content

  16. My research • Official Collegiate Cyber Defense Competition (CCDC) • Model a game after the CCDC Environment for training • The player controls a “virtual network” of several virtual machines • Scenarios could be constructed where players are supposed to achieve certain tasks while keeping their “virtual network” secure • Computer Science oriented research

  17. Conclusion • My question for the audience • Audience questions for me

More Related