http://www.gcn.com/print/26_10/44215-1.html By Trudy Walsh GCN Staff 05/07/07 issue When Jackie Hoover tells her security classes that they have to be commercially certified in the next five years, their eyes get really big and not in a good way, she said. The new policy, DOD Directive 8570.1, mandates that all Defense Department information assurance technicians and managers thats about 110,000 military, civilian and contractor employees be certified to meet DOD requirements within five years. The directive has shocked everybody Ive worked with, said Hoover, director of the Technical Education College next to Peterson Air Force Base in Colorado Springs, Colo. The college offers technology classes to personnel at the Air Force Space Command and other Air Force bases. You have to get these commercial certifications or you may lose your job, she said. And theyre not easy tests. Hoover teaches Security+, one of a series of classes that count toward the requirement. With so many students to teach so quickly as many as 300 students in the last quarter Hoover looked for an easy-to-use training tool that would reinforce what students learn in the classroom. She discovered Cyberciege, an online simulation game that lets students role-play aspects of network management. Students can hire and fire employees and using virtual money buy and configure computers, servers, operating systems and network devices. Our main goal is to get people ready for deployment to places like Iraq, Hoover said. They have to set up networks securely there but dont have contractor help like they do here. Our school is the last place to reinforce what theyve learned before they go. Cyberciege was developed by the Center for Information Systems Security Studies and Research at the Naval Postgraduate School in Monterey, Calif., working with Rivermind, a game development company. Students say its a lot more entertaining and informative than they thought it would be, said Mike Thompson, a research associate at the Naval Postgraduate School. Network security can be pretty mundane stuff. We spice it up. For example, one game scenario includes what happens when a person with pinkeye gets an iris scan. We knew about information assurance, said Cynthia Irvine, a professor at the Naval Postgraduate School. Rivermind knew about graphics and games. The school wanted to develop a resource management game, Irvine said. The question was how they could infuse the dry routine of information assurance with the drama of game playing. We had to give players an emotional investment in what was happening, she said. They had to be invested in the success of the virtual company and keep the virtual users of the enterprise happy and productive. We think this game can help organizations meet training and awareness requirements better than yet another set of dreary PowerPoint slides. Cyberciege shows them why you cant just leave your passwords posted underneath your drawer, Irvine said. Cyberciege comes with a motley cast of characters. Theres Typical User, who just wants to do the job; Angry User, who is looking for ways to harm the enterprise; and Vandal, whos motivated by boredom, desire for attention or just plain technical curiosity. Unlike in the real world, where mind reading is reserved for psychics and magicians, Cyberciege players can query characters thoughts. I sure would like more convenient Internet access, one character might think. Players can then help the characters meet their goals. Written in C++, Cyberciege uses Riverminds 3-D graphics engine and Java. It will run on machines with Windows 2000 through Vista with 64M of RAM, Thompson said. Cyberciege is available at no cost to federal agencies by contacting cyberciege@ nps.edu. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 16 2007 - 23:55:43 PDT