[ISN] Security Games

From: InfoSec News (alerts@private)
Date: Wed May 16 2007 - 23:41:19 PDT


http://www.gcn.com/print/26_10/44215-1.html

By Trudy Walsh
GCN Staff
05/07/07 issue

When Jackie Hoover tells her security classes that they have to be 
commercially certified in the next five years, their eyes get really big 
and not in a good way, she said.

The new policy, DOD Directive 8570.1, mandates that all Defense 
Department information assurance technicians and managers thats about 
110,000 military, civilian and contractor employees be certified to meet 
DOD requirements within five years.

The directive has shocked everybody Ive worked with, said Hoover, 
director of the Technical Education College next to Peterson Air Force 
Base in Colorado Springs, Colo. The college offers technology classes to 
personnel at the Air Force Space Command and other Air Force bases.

You have to get these commercial certifications or you may lose your 
job, she said. And theyre not easy tests.

Hoover teaches Security+, one of a series of classes that count toward 
the requirement.

With so many students to teach so quickly as many as 300 students in the 
last quarter Hoover looked for an easy-to-use training tool that would 
reinforce what students learn in the classroom.

She discovered Cyberciege, an online simulation game that lets students 
role-play aspects of network management. Students can hire and fire 
employees and using virtual money buy and configure computers, servers, 
operating systems and network devices.

Our main goal is to get people ready for deployment to places like Iraq, 
Hoover said. They have to set up networks securely there but dont have 
contractor help like they do here. Our school is the last place to 
reinforce what theyve learned before they go.

Cyberciege was developed by the Center for Information Systems Security 
Studies and Research at the Naval Postgraduate School in Monterey, 
Calif., working with Rivermind, a game development company.

Students say its a lot more entertaining and informative than they 
thought it would be, said Mike Thompson, a research associate at the 
Naval Postgraduate School. Network security can be pretty mundane stuff. 
We spice it up.

For example, one game scenario includes what happens when a person with 
pinkeye gets an iris scan.

We knew about information assurance, said Cynthia Irvine, a professor at 
the Naval Postgraduate School. Rivermind knew about graphics and games.

The school wanted to develop a resource management game, Irvine said. 
The question was how they could infuse the dry routine of information 
assurance with the drama of game playing.

We had to give players an emotional investment in what was happening, 
she said. They had to be invested in the success of the virtual company 
and keep the virtual users of the enterprise happy and productive. We 
think this game can help organizations meet training and awareness 
requirements better than yet another set of dreary PowerPoint slides.

Cyberciege shows them why you cant just leave your passwords posted 
underneath your drawer, Irvine said.

Cyberciege comes with a motley cast of characters. Theres Typical User, 
who just wants to do the job; Angry User, who is looking for ways to 
harm the enterprise; and Vandal, whos motivated by boredom, desire for 
attention or just plain technical curiosity.

Unlike in the real world, where mind reading is reserved for psychics 
and magicians, Cyberciege players can query characters thoughts. I sure 
would like more convenient Internet access, one character might think. 
Players can then help the characters meet their goals.

Written in C++, Cyberciege uses Riverminds 3-D graphics engine and Java. 
It will run on machines with Windows 2000 through Vista with 64M of RAM, 
Thompson said.

Cyberciege is available at no cost to federal agencies by contacting 
cyberciege@ nps.edu.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed May 16 2007 - 23:55:43 PDT