A video game for cyber security training and awareness
Download
1 / 17

A video game for cyber security training and awareness - PowerPoint PPT Presentation


  • 199 Views
  • Uploaded on

A video game for cyber security training and awareness. Benjamin D. Cone et al. Naval Postgraduate School s lides by Keith Harrison. Roadmap. Introduction CyberCIEGE Components Development and testing Scenario Construction Requirements elicitation Scenarios Discussions and future work

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A video game for cyber security training and awareness' - field


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A video game for cyber security training and awareness

A video game for cyber security training and awareness

Benjamin D. Cone et al.

Naval Postgraduate School

slides by Keith Harrison


Roadmap
Roadmap

  • Introduction

  • CyberCIEGE

    • Components

    • Development and testing

    • Scenario Construction

    • Requirements elicitation

    • Scenarios

    • Discussions and future work

  • My Research

  • Conclusion


Introduction
Introduction

  • Combat user apathy!

  • Effective user training

    • one of the five areas of highest priority for action in a nation plan for cyberspace security

  • Cyberprotect - DoD1999, Ai Wars – Nexus Interactive

    • Limited in scope, extensibility

    • Don’t combine engaging virtual world with the human and technical factors of an IT environment


Current training and awareness techniques
Current training and awareness techniques

  • Formal training sessions

  • Passive computer-based and web-bassed training

  • Strategic placement of awareness messages

  • Interactive computer-based training


Cyberciege
CyberCIEGE

  • Developed in 2005

  • Resource Management, Simulation

  • Virtual users need to be productive and achieve goals

  • Players operate and defend networks

    • Consequences of choices

    • Attacks by hackers, vandals, and professionals


Cyberciege components
CyberCIEGE components

  • Simulation engine

  • Scenario definition language

  • Scenario development tool

  • Video-enhanced encyclopedia


Development and testing
Development and testing

  • Scenario Language elements

    • Straightforward

      • Analogues in resource management games

      • Equipment Costs, Penalties incurred

    • Innovative

      • Assessment of vulnerabilities

  • User interface

  • Scenarios

  • Scenario development tools


Scenario construction
Scenario construction

  • Story telling is key

    • Easy to grasp virtual environment

  • Player makes information assurance decisions for some enterprise

  • Fundamental abstractions

    • Assets

    • Users

    • Attackers


Simple scenario
Simple scenario

  • Single asset

  • Single virtual user with the goal of accessing the asset

  • Virtual user needs a computer to access the asset

  • Once the asset exists on a computer attackers will target the asset

  • The game engine manages a “Virtual Economy”


Extending the simple scenario
Extending the simple scenario

  • Physical security properties

  • Pre-existing computers, networks, and their configurations

  • Procedural security policies

  • Initial user training

  • Background checks for users

  • Money the player starts with

  • Equipment available for purchase

  • Support staff available


Interacting with the player
Interacting with the player

  • Ongoing game state “conditions”

  • Active “triggers”


Scenario construction cont
Scenario construction cont.

  • Scenario audience selection

  • Elements of scenario design

    • Define information assets

    • Describe the story line in the briefing

    • Specify feedback

    • Conditions that constitute a win or a loss

  • Integrated development environment

    • Automate the syntax of the scenario definition language


Requirements elicitation
Requirements elicitation

  • Current policies for IA training and awareness

    • Laws and directives for the DoD requiring security training

    • Currently users just click through the CBT

  • Requirements analysis

    • U.S. Navy Information Security Program

    • INFOSEC program guidebooks


Scenarios for training and awareness
Scenarios for training and awareness

  • Scenarios for IT staff

    • Introductory IA briefing

    • Information value

    • Access control mechanisms

    • Social engineering

    • Password management

    • Malicious software and basic safe computing

    • Safeguarding data

    • Physical security mechanisms

  • Other scenarios


Discussions and future work
Discussions and future work

  • User experiences

    • No cost to organizations of the federal government, schools, and universities

    • 130 inquires by organizations

  • Future work

    • Effectiveness versus click-through training

    • Real-time instructor monitoring

    • Multiplayer version

    • Wireless content


My research
My research

  • Official Collegiate Cyber Defense Competition (CCDC)

  • Model a game after the CCDC Environment for training

    • The player controls a “virtual network” of several virtual machines

    • Scenarios could be constructed where players are supposed to achieve certain tasks while keeping their “virtual network” secure

  • Computer Science oriented research


Conclusion
Conclusion

  • My question for the audience

  • Audience questions for me


ad