CyberCIEGE - Official US Navy Website
Home
downloads
support
news
papers
scenarios
movies
contact
CISR
*
* *
CyberCIEGE News

SSL and TLS
August 23, 2010. The game engine now allows players to configure web and email applications to use SSL and/or TLS.  The same PKI features that are used with VPNs and email encryption are incorporated into the SSL functions.  A new SSL scenario ("Angle Locks") illustrates these new features, including the use of smart cards to protect TLS keys.

CyberCIEGE Tutorial offered at 2010 Annual Computer Secuirty Applications Conference
July 26, 2010.  A CyberCIEGE tutorial will be presented at the 2010 Annual Computer Security Applications Conference in Austin, Texas the morning of November 1, 2010.   The tutorial will cover the use of the game for education and training, and will include hands on scenario play for the audience. In addition, the tutorial will cover use of the Scenario Development Kit for creating and customizing scenarios.

CyberCIEGE to be presented at MILCOM 2010
July 2, 2010.  A paper describing the CyberCIEGE PKI features will be presented at MILCOM 2010 in San Jose (October 31 - November 3, 2010).

Two New Identity Management Scenarios
April 4, 2010. The Identity Management campaign was extended to include two new scenarios.  The first is a training and awareness scenario illustrating risks of "identity aggregation" to a "clandestine operations" character spending his day off in an Internet cafe.  The second illustrates challenges associated with protecting identity databases that contribute to the issuance of smart cards.

Educational Licneses for Local and State Governments
December 11, 2009. Rivermind, Inc., has extended the CyberCIEGE educational license to now include local and state governments.

Smartcard-based email signing and encryption
December 11, 2009. Email clients can now be configured to use smartcards to manage secret keys used to sign and decrypt email.  A new "ParaZog" scenario illustrates this feature in the context of a paramilitary force that has been stood up to protect an international carbon credit cartel.

CyberCIEGE gets e-mail
November 2, 2009. Of course CyberCIEGE has always included e-mail.  But now the CyberCIEGE game engine has been extended to let players choose to protect virtual e-mail using PKI-enabled e-mail clients.  The attack engine has also been extended to attack unprotected e-mail and find weak chains of PKI-based trust.  A new "Hard Rain" scenario within the Encryption campaign illustrates these new features.

Public Key Infrastructure Tutorial Movie
August 14, 2009. CISR is pleased to announce this addition to the popular suite of CyberCIEGE tutorial movies.  This movie explains the functions of public key infrastructure (PKI), its use for validating the identity of remote parties, and some of its potential vulnerabilities.  All tutorial movies are available in the game's encyclopedia as well as here: http://cisr.nps.edu/cyberciege/movies.html
 
CyberCIEGE gets a public key infrastructure (PKI)
July 6, 2009.  CyberCIEGE version 1.9o introduces PKI functions, including Certification Authorities and installed root certificates.  Now, when players deploy VPNs within advanced scenarios, the player can select between shared secrets and PKI for key management.  These new features are illustrated in the new "Advanced VPNs" scenario. 

CyberCIEGE Tutorial at Defense GameTech Users' Conference
A CyberCIEGE tutorial will be presented at the Defense GameTech Users' Conference, which is in Orlando March 9-11, 2009.   The tutorial will describe strategies for including the game within Information Assurance curricula as well as within organization-specific education and training environments.  The tutorial will focus on how military personnel can make effective use of the game for training within their organizations.
CyberCIEGE includes a tool with which instructors can assess student progress.  The game also includes an integrated development environment for creating and customizing game scenarios.  Both of these tools will be demonstrated as part of the tutorial.  Learn more about this conference at:  http://www.simulationinformation.com/Gametech09/

CyberCIEGE Release Includes Identity Management Campaign
September 29, 2008, CyberCIEGE version 1.9k was released.  This version includes an Identity Management campaign, a new "Attack Log" button that displays reasons for asset compromise, and additional navigation aids for moving around the office.

CyberCIEGE in IATAC IAnewsletter
August 17, 2007. CyberCIEGE: An Information Assurance Training and Awareness Video Game

CyberCIEGE suggested as help for DoD  Directive 8570.1
May 21, 2007 Shawn McCarthy | Where to get help on DOD security training

CyberCIEGE in Government Computer News
May 7, 2007. Security Games
 
Presentation at EDUCAUSE Security Professionals Conference
April 12 2007.Teaching Computer Network Security with the CyberCIEGE Video Game

Paper published in Elsevier Computers and Security
January 2007.A video game for cyber security training and awareness

CyberCIEGE Information Assurance Training Tool Tutorial
A Special Feature of the 7th Workshop on Education in Computer Security
January 4 - 6, 2006 http://cisr.nps.edu/WECS7/tutorial.html

Paper published in IEEE Security and Privacy
May 2005.CyberCIEGE: gaming for information assurance

Press Release February 7, 2005

"CyberCIEGE" Information Assurance Teaching Tool Released by Naval Postgraduate School
U.S. Government Distribution of Computer Security Resource Management Simulation

Monterey, California, February 7, 2005 - The Naval Postgraduate School (NPS) announced the limited release of CyberCIEGE, an innovative computer-based tool to teach network security concepts. The tool enhances information assurance education and training through the use of computer gaming techniques such as those employed in the SIMS', SimCity™ and RollerCoaster TycoonŽ. In the CyberCIEGE virtual world, users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack.

In its interactive environment, CyberCIEGE covers the significant aspects of information assurance, and network management and defense. Users purchase and configure workstations, servers, operating systems, applications, and network devices. They make trade offs and prioritization decisions as they struggle to maintain a good balance between budget, productivity, and security. In its more complex scenarios, users advance through a series of stages and must protect increasingly valuable corporate assets against escalating attacks.

The CyberCIEGE encyclopedia of security concepts contains a wealth of information assurance knowledge. Users can read the encyclopedia, or watch its instructional movies. For those who are new to interactive computer games and tools, CyberCIEGE includes a short "How To" movie. Whenever a user has questions, a single keystroke brings up information in the encyclopedia that answers questions about computer security or helps the player decide on the next move.

CyberCIEGE is intended to support many educational venues, from basic workforce awareness training to university classes. Even people who merely want to be better informed about security for home computers that are connected to the Internet can benefit from CyberCIEGE.

According to Cynthia Irvine, director of the CyberCIEGE project, "CyberCIEGE can help organizations meet obligations for information assurance (IA) training, annual awareness refreshers, and appropriate cyber-security education. For example, Department of Defense Directive 8570 was issued last fall and requires IA training and education at all levels."

The game is designed to support classroom use and has already been incorporated into several Naval Postgraduate School classes. Computer experts at the prestigious Georgia Institute of Technology have obtained a pre-release copy of the commercial version and are exploring ways to use it in their classes. Ralph Merkle, Distinguished Professor of Computing at Georgia Tech stated that, "The SIMS meet system administration in this entertaining game that lets you decide how to run your company's information department -- and suffer the consequences if you get it wrong. This game both entertains and educates, and has the potential to be a valuable adjunct to more traditional methods."

CyberCIEGE contains support for the creation of tools to record and assess student progress. Best of all, CyberCIEGE is extensible.

NPS and Rivermind, Inc. collaborated to develop the CyberCIEGE Scenario Definition Language. The language is like a computer program for the game engine and allows an almost limitless number of CyberCIEGE scenarios to be created. Each scenario contains an enterprise workforce, which can be as small as one person. Each worker has a job to do, as well as some personality. Those jobs always involve company assets stored on computers. Just as in any company, the scenario describes which workers should have access to which assets. So, the engineering group has access to the secret formula, while accounting manages the payroll. Workers and their work can be located within various zones within the corporation. This allows players to think about physical security measures as well as the technical side of things. As the simulation progresses, triggers may alter the job goals of the virtual workers. When this happens the player may have to make changes to the network, buy new equipment, and often worry about new security problems. Scenarios can also have phases, so that players have to meet pre-defined objectives before they can progress to the next phase.

The Scenario Definition Language and a Scenario Development Tool are part of the CyberCIEGE distribution. The CyberCIEGE website will be a scenario repository as well as a place to get downloads to the distribution.

CyberCIEGE was created by the Center for Information Systems Security Studies and Research (CISR) at NPS, and Rivermind, Inc., of San Mateo, CA. NPS has made sure that the game is correct when it comes to computer and network security, and Rivermind's sophisticated engine drives game play.

Development of CyberCIEGE was sponsored by the US Navy, the Naval Education and Training Command, the Office of Naval Research, and the Office of the Secretary of Defense. When NPS first had the idea of producing an information assurance teaching tool they needed a partner with video game experience. NPS requested a recommendation from Gilman Louie, CEO of In-Q-Tel and a pioneer in the interactive entertainment industry. He suggested that they team with Rivermind and put them in touch with Ken Allen, its President. "We have been very lucky to combine some creative and knowledgeable computer security experts with a highly talented 3-D software team," said Irvine. "The synergy has been tremendous."

CISR at NPS is a leading center for education and research in computer security. With over 20 faculty and staff, as well as hundreds of students per year, CISR conducts research on highly secure systems, network security, and a wide range of security technologies.

Ken Allen, Co-Founder of Rivermind, has big hopes for CyberCIEGE. "We see almost limitless potential for this game as we continue to roll out new scenarios and custom features that allow us to model virtually any Corporate or Government IT infrastructure. Looking to the future we believe there is great potential in creating a multi-player version that allows players to attack one another. Defending against a human player will add a huge new dimension to the role of defender."

It is the partnership between NPS and Rivermind that has made CyberCIEGE both realistic and fun. NPS and Rivermind are seeking sponsors interested in tailoring the tool to meet their specific requirements. This might include the development of new scenarios, user assessment tools, extensions to the simulation, or new artwork.

Rivermind's proprietary TYBOLT game engine is key to CyberCIEGE. TYBOLT is a multi-purpose PC- and next generation console-based engine designed for both games and simulations. At its heart is a multi-platform 3D graphics library. Anything from simple static objects to complex animated characters can be imported from industry standard tools, such as MayaŽ, directly into the TYBOLT engine.

Another TYBOLT innovation is its 3D Graphical User Interface library. This library allows for the creation of Windows-like User Interfaces within a fully 3D environment.

The TYBOLT engine also contains: an Artificial Intelligence system, a video playback library, a sound library, a memory management system, a resource management system, and a real-time strategic/network/economic engine. When targeting PC or XBOX applications, TYBOLT uses DirectX 9 to insure the greatest possible compatibility with modern 3D video cards.

Rivermind specializes in real-time 3-D software with objective of making it fast, robust, and client-friendly. The company has provided contract engineering resources to Electronic Arts for "Lord or the Rings: Return of the King", "Medal of Honor: Frontline", "Medal of Honor: Rising Sun", and "Knockout Kings" 2002 and 2003.

Numerous NPS students have participated in tool and scenario development. The student mix has included US military officers, international students, as well as Government civilian students. "CyberCIEGE continues to provide our students with great opportunities to contribute to an extremely useful teaching tool while increasing their understanding of information assurance issues," noted Irvine. "We still have lots of projects waiting for new NPS students."

A limited distribution version of CyberCIEGE is now available at no cost to agencies of the US Government. An evaluation version of the commercial product is currently available from Rivermind. CyberCIEGE will be released by Rivermind in April 2005.

Download Related PDF (Handout at IA Conference in Philidelphia)
*
CyberCIEGE software was created by United States Government employees at The Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduate School (NPS) and Rivermind, Inc. CyberCIEGE contains government work created by NPS employees and therefore those portions of CyberCIEGE are in the public domain and are not subject to copyright. All remaining work within CyberCIEGE is copyrighted by Rivermind and its use is subject to the copyright protection afforded to Rivermind. This specific version of the CyberCIEGE may not be distributed outside of the United States Government without a license agreement. SimCity and RollerCoaster Tycoon are registered names and belong to their respective companies.