|
Visit the official CyberCIEGE Game Site / Download the brochure PDF
Strategy
The first (and recurring) lesson the player must learn is an understanding of the security policy : what resources are being protected, and who are they being protected from? Once the player understands the sensitivity, (e.g., value) of the assets (e.g., information), the player makes choices that affect the protection of the assets in accordance with the security policy.
The single most important set of decisions the player makes involves preventing direct or indirect access to highly sensitive assets by people who should be constrained from accessing such assets. Whenever presented with an opportunity, professional attackers (e.g., spies, industrial espionage agents, etc.) will employ tools such as malicious software to compromise the sensitive assets. Separating highly sensitive assets onto a physically isolated network1 (i.e., the "Sensitive Data Network") is one solution that avoids massive losses, however it leads to operational inefficiencies and user complaints due to an inability to share information across sensitivities in real time. An alternate solution that prevents massive loss while permitting controlled sharing involves the use of components that enforce a mandatory access control policy with a high degree of assurance.The challenge with this alternative is a considerable lack of availability compliant products. A variety of other alternatives are available to the player -- each advertised as enabling controlled sharing of data in real-time while protecting highly sensitive information -- but each of these alternatives results in massive loss from suitably motivated professional attackers.
Other player decisions and actions have more to do with ensuring that application programs are protected from unexpected input data, resulting in malicious or otherwise unintended behavior by the application itself. At least as important as (if not more important than) the technical solutions chosen by the player are the choices related to communicating with users. Understanding how the system users access assets, training users, coordinating changes and being aware of what features users introduce into the system are critical to keeping users happy, productive and relatively free of disaster.
Once the basics of the game are mastered, game-play converges on distinctions between "highly sensitive" assets and "moderately sensitive" assets.This is where losses will occur most. Moving moderate-to-highly sensitive assets to the Sensitive Data Network results in less compromised by professional attackers. However, if there are limited means of sharing assets in real-time across the networks, user productivity suffers. On the other hand, leaving border-line highly sensitive assets on the Non-sensitive Data Network and improving its protection beyond some basic level will consume considerable resources (the player's budget)and only achieve modest gains in real security. A significant lesson in this part of the game is that attempts to create a "protected intranet" for "moderately sensitive" assets through the use of firewalls will fail to protect the assets from professional attackers who employ malicious software. On the other hand, actually creating a third, "Semi-Sensitive Data Network" can succeed if the interconnections with other networks adhere to the security policy and are enforced with a high degree of assurance. But again, such choices can adversely effect the ability to share data in real-time unless components enforcing mandatory access controls are deployed.
Protecting data within the Sensitive Data Network from people who are authorized to access the Sensitive data network is a different facet of the game. Here, authentication, audit and discretionary access control mechanisms are used to enforce a discretionary access control policy. Also, there are potentially well-motivated malicious insiders who try to gather together a lot of the highly sensitive assets with seriously hostile intent (e.g., to sell to competitors). Most protection mechanisms deployed to thwart this activity are defeated if the motive is strong enough, with the only successful solution being the introduction of additional mandatory sensitivity levels and the use of additional separate networks and/or components providing high assurance mandatory access controls.
The most substantial variation on the game is the introduction of mandatory data integrity policies. Initially in the game, the meaning of "highly sensitive" relates to the secrecy of the assets, e.g., information that is valuable because it is a secret such as a proprietary manufacturing process. Within a single network (e.g., the Non-sensitive Data Network) integrity issues do arise in the context of a discretionary policy (e.g., someone mistakenly -- or deliberately -- altering someone else's data). Enforcing a mandatory integrity policy is a very different challenge. While it remains the case that much can be achieved by separating the highly sensitive assets onto a distinct Sensitive Data Network, the set of people with potential access to the assets now grows to include each author of software and data that resides on the Sensitive Data Network.
1By "physically isolated" we mean just that. Many networks that are advertised as being physically isolated (e.g., secret military networks) are in fact interconnected to other networks using "filter" or "guard" components that permit information to "flow up" (and in some cases, the implement "sanitization policies" that permit information to "flow down"). Some of these interconnection components employ high assurance mandatory access controls. An example of physical isolation that does permit one-way data flow is an optical diode.
Posters
2007 NPS CyberCIEGE Poster as (PDF) or (PPT)
Publications
Cone, B. D., Irvine, C. E., Thompson, M. F., Nguyen, T. D., "A Video Game for Cyber Security Training and Awareness", Computers & Security 26 (2007) pp. 63-72
Cone, B. D., Thompson, M. F., Irvine, C. E. and Nguyen, T. D., "Cyber Security Training and Awareness Through Game Play," 2006, in IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Rannenberg, K., Yngstrom, L., Lindskog, S., (Boston: Springer), pp. 431-436.
Irvine, C.E., Thompson, M.F., Allen, K.,"CyberCIEGE: Gaming for Information Assurance", Naval Postgraduate Sch., Monterey, CA, USA; Security & Privacy Magazine, IEEE, May-June 2005, Volume: 3, Issue: 3, page(s): 61- 64, ISSN: 1540-7993
Irvine, C.E., Thompson, M.F., Allen, K., "CyberCIEGE: An Extensible Tool for Information Assurance Education" CISSE conference
Irvine, C.E., Thompson, M.F., Allen, K., "CyberCIEGE: An Information Assurance Teaching Tool for Training and Awareness", Federal Information Systems Security Educators' Association Conference, North Bethesda, MD, March 22-23 2005.
Irvine, C.E., Thompson, M.F., "Expressing an Information Security Policy Within a Security Simulation Game", Proceedings of the Sixth Workshop on Education in Computer Security (WECS6), Naval Postgraduate School, Monterey, California , July 12-16 2004, pp. 43-49
Irvine, C.E., Thompson, M.F., "Teaching Objectives of a Simulation Game for Computer Security", Proceedings of the Informing Science and Information Technology Joint Conference, Pori, Finland, June 24-27 2003
Theses
Fielk, K. W., "CyberCIEGE Scenerio Illustrating Integrity Risks to a Military Like Facility", Masters Thesis, Naval Postgraduate School, September 2004 (Abstract, PDF)
Lamorie, J., "A CyberCIEGE Scenario Illustrating Secrecy Issues in an Internal Corporate Network Connected to the Internet", Masters Thesis, Naval Postgraduate School, September 2004 (Abstract, PDF)
LaMore, R.L., "CyberCIEGE Scenario Illustrating Secrecy Issues Through Mandatory and Discretionary Access Control Policies in a Multi-Level Security Network", Masters Thesis, Naval Postgraduate School, June 2004 (Abstract, PDF)
Meyer, M.K., "A CyberCIEGE Scenario Illustrating Multilevel Secrecy Issues in an Air Operations Center Environment", Masters Thesis, Naval Postgraduate School, June 2004 (Abstract, PDF)
Johns, Jr. K. W., "Toward Managing and Automating CyberCIEGE Scenario Definition File Creation", Masters Thesis, Naval Postgraduate School, March 2004 (Abstract, PDF)
Teo, T. L., "Scenario Selection And Student Assessment Modules For CyberCIEGE", Masters Thesis, Naval Postgraduate School, Monterey, December 2003 (Abstract, PDF)
|
