CyberCIEGE

CyberCIEGE is a serious game designed to teach network security concepts. Its development was sponsored by the U.S. Navy, and it is used as a training tool by agencies of the U.S. government, universities and community colleges.

CyberCIEGE covers a broad range of cybersecurity topics. Players purchase and configure computers and network devices to keep demanding users happy (e.g., by providing Internet access) all while protecting assets from a variety of attacks. The game includes a number of different scenarios, some of which focus on basic training and awareness, others on more advanced network security concepts. A "Scenario Development Kit" is available for creating and customizing scenarios.

Network security components include configurable firewalls, VPN gateways, VPN clients, link encryptors and authentication servers. Workstations and servers include access control lists (ACLs) may be configured with operating systems that enforce label-based mandatory access control policies. Players can deploy Public Key Infrastructure (PKI)-based cryptography to protect email, web traffic and VPNs. The game also includes identity management devices such as biometric scanners and card readers to control access to workstations and physical areas.

The CyberCIEGE game engine consumes a “scenario development language” that describes each scenario in terms of users (and their goals), assets (and their values), the initial state of the scenario in terms of pre-existing components, and the conditions and triggers that provide flow to the scenario. The game engine is defined with enough fidelity to host scenarios ranging from e-mail attachment awareness to cyber warfare.

Game play
CyberCIEGE scenarios place the player into situations in which the player must make information assurance decisions. The interactive simulation illustrates potential consequences of player choices in terms of attacks on information assets and disruptions to authorized user access to assets. The game employs hyperbole as a means of engaging students in the scenario, and thus the simulation is not intended to always identify the actual consequences of specific choices. The game confronts the student with problems, conflicts and questions that should be considered when developing and implementing a security policy.

The game is designed as a "construction and management simulation" set in a three-dimensional virtual world. Players build networks and observe virtual users and their thoughts. Each scenario is divided into multiple phases, and each phase includes one or more objectives the player must achieve prior to moving on to the next phase. Players view the status of the virtual user’s success in achieving goals (i.e., accessing enterprise assets via computers and networks). Unproductive users express unhappy thoughts, utter comic book style speech bubbles and bang on their keyboards. Players see the consequences of attacks as lost money, pop-up messages, video clips and burning computers.

Game Engine
CyberCIEGE includes a sophisticated attack engine that assesses network topologies, component configurations, physical security, user training and procedural security settings. The attack engine weighs resultant vulnerabilities against the attacker motives to compromise assets on the network—and this motive may vary by asset. Thus, some assets might be defended via a firewall, while other assets might require an air gap or high assurance protection mechanisms.

Attack types include Trojan horses, viruses, trap doors, denial of service, insiders (i.e., bribed users who lack background checks), un-patched flaws and physical attacks.

The attack engine is coupled with an economy engine that measures the virtual user’s ability to achieve goals (i.e., read or write assets) using computers and networks. This combination supports scenarios that illustrate real-world trade-offs such as the use of air-gaps versus the risks of cross-domain solutions when accessing assets on both classified and unclassified networks.

The game engine includes a defined set of assessable conditions and resultant triggers that allow the scenario designer to provide players with feedback, (e.g., bubble speech from characters, screen tickers, pop-up messages, etc.), and to transition the game to new phases.

CyberCIEGE Fidelity
The fidelity of the game engine is intended to be high enough for players to make meaningful choices with respect to deploying network security countermeasures, but not be so high as to engulf the player with administrative minutiae. CyberCIEGE illustrates abstract functions of technical protection mechanisms and configuration-related vulnerabilities. For example, an attack might occur because a particular firewall port is left open and a specific software service is not patched. CyberCIEGE has been designed to provide a fairly consistent level of abstraction among the various network and computer components and technical countermeasures. This can be seen by considering several CyberCIEGE game components.

CyberCIEGE firewalls include network filters that let players block traffic over selected application “ports” (e.g., Telnet). Players can configure these filters for different network interfaces and different traffic directions. This lets players see the consequences of leaving ports open (e.g., attacks). And this allows players to experience the need to open some ports (e.g., one of the characters might be unable to achieve a goal unless the filter is configured to allow SSH traffic).

CyberCIEGE includes VPN gateways and computer based VPN mechanisms that players configure to identify the characteristics of the protection (e.g., encryption, authentication or neither) provided to network traffic, depending on its source and destination. This allows CyberCIEGE to illustrate risks associated with providing unprotected Internet access to the same workstation that has a VPN tunnel into the corporate network.

Other network components (e.g., workstations) include configuration choices related to the type of component. CyberCIEGE lets players select consequential password policies and other procedural and configuration settings.