174:" set in a three-dimensional virtual world. Players build networks and observe virtual users and their thoughts. Each scenario is divided into multiple phases, and each phase includes one or more objectives the player must achieve prior to moving on to the next phase. Players view the status of the virtual user’s success in achieving goals (i.e., accessing enterprise assets via computers and networks). Unproductive users express unhappy thoughts, utter comic book style speech bubbles and bang on their keyboards. Players see the consequences of attacks as lost money, pop-up messages, video clips and burning computers.
211:
mechanisms and configuration-related vulnerabilities. For example, an attack might occur because a particular firewall port is left open and a specific software service is not patched. CyberCIEGE has been designed to provide a fairly consistent level of abstraction among the various network and computer components and technical countermeasures. This can be seen by considering several CyberCIEGE game components.
104:
167:
game employs hyperbole as a means of engaging students in the scenario, and thus the simulation is not intended to always identify the actual consequences of specific choices. The game confronts the student with problems, conflicts and questions that should be considered when developing and implementing a security policy.
182:
CyberCIEGE includes a sophisticated attack engine that assesses network topologies, component configurations, physical security, user training and procedural security settings. The attack engine weighs resultant vulnerabilities against the attacker motives to compromise assets on the network—and this
157:
The CyberCIEGE game engine consumes a “scenario development language” that describes each scenario in terms of users (and their goals), assets (and their values), the initial state of the scenario in terms of pre-existing components, and the conditions and triggers that provide flow to the scenario.
210:
The fidelity of the game engine is intended to be high enough for players to make meaningful choices with respect to deploying network security countermeasures, but not be so high as to engulf the player with administrative minutiae. CyberCIEGE illustrates abstract functions of technical protection
218:
CyberCIEGE includes VPN gateways and computer based VPN mechanisms that players configure to identify the characteristics of the protection (e.g., encryption, authentication or neither) provided to network traffic, depending on its source and destination. This allows CyberCIEGE to illustrate risks
133:
CyberCIEGE covers a broad range of cybersecurity topics. Players purchase and configure computers and network devices to keep demanding users happy (e.g., by providing
Internet access) all while protecting assets from a variety of attacks. The game includes a number of different scenarios, some of
166:
CyberCIEGE scenarios place the player into situations in which the player must make information assurance decisions. The interactive simulation illustrates potential consequences of player choices in terms of attacks on information assets and disruptions to authorized user access to assets. The
214:
CyberCIEGE firewalls include network filters that let players block traffic over selected application “ports” (e.g., Telnet). Players can configure these filters for different network interfaces and different traffic directions. This lets players see the consequences of leaving ports open (e.g.,
197:
The attack engine is coupled with an economy engine that measures the virtual user’s ability to achieve goals (i.e., read or write assets) using computers and networks. This combination supports scenarios that illustrate real-world trade-offs such as the use of air-gaps versus the risks of
201:
The game engine includes a defined set of assessable conditions and resultant triggers that allow the scenario designer to provide players with feedback, (e.g., bubble speech from characters, screen tickers, pop-up messages, etc.), and to transition the game to new phases.
145:
gateways, VPN clients, link encryptors and authentication servers. Workstations and servers include access control lists (ACLs) may be configured with operating systems that enforce label-based mandatory access control policies. Players can deploy
222:
Other network components (e.g., workstations) include configuration choices related to the type of component. CyberCIEGE lets players select consequential password policies and other procedural and configuration settings.
215:
attacks). And this allows players to experience the need to open some ports (e.g., one of the characters might be unable to achieve a goal unless the filter is configured to allow SSH traffic).
381:
134:
which focus on basic training and awareness, others on more advanced network security concepts. A "Scenario
Development Kit" is available for creating and customizing scenarios.
183:
motive may vary by asset. Thus, some assets might be defended via a firewall, while other assets might require an air gap or high assurance protection mechanisms.
85:
127:
171:
351:
219:
associated with providing unprotected
Internet access to the same workstation that has a VPN tunnel into the corporate network.
194:, trap doors, denial of service, insiders (i.e., bribed users who lack background checks), un-patched flaws and physical attacks.
158:
The game engine is defined with enough fidelity to host scenarios ranging from e-mail attachment awareness to cyber warfare.
376:
371:
361:
264:
147:
48:
35:
187:
366:
356:
154:
devices such as biometric scanners and card readers to control access to workstations and physical areas.
138:
43:
30:
240:
151:
315:
123:
60:
288:
Irvine, C.E.; Thompson, M.F.; Allen, K. (2005). "CyberCIEGE: Gaming for
Information Assurance".
52:
198:
cross-domain solutions when accessing assets on both classified and unclassified networks.
305:
297:
119:
80:
150:(PKI)-based cryptography to protect email, web traffic and VPNs. The game also includes
191:
296:(3). Security & Privacy Magazine, IEEE May–June 2005, Volume: 3, Issue: 3: 61–64.
345:
95:
319:
115:
246:. 4th Workshop on Cyber Security Experimentation and Test, San Francisco, CA
336:
301:
103:
65:
310:
102:
142:
265:"What is Access Control List (ACL)? - SearchSoftwareQuality"
126:, and it is used as a training tool by agencies of the
91:
79:
71:
59:
42:
29:
24:
137:Network security components include configurable
241:"Active Learning with the CyberCIEGE Video Game"
122:concepts. Its development was sponsored by the
8:
382:Construction and management simulation games
21:
309:
130:, universities and community colleges.
232:
172:construction and management simulation
7:
290:IEEE Security and Privacy Magazine
14:
86:Construction and management sim
1:
51:(US Federal Government) and
170:The game is designed as a "
398:
352:Computer network security
148:Public Key Infrastructure
49:Naval Postgraduate School
36:Naval Postgraduate School
337:CyberCIEGE official site
107:Screenshot of the game.
108:
186:Attack types include
106:
377:Single-player games
302:10.1109/MSP.2005.64
206:CyberCIEGE Fidelity
152:identity management
38:and Rivermind, Inc.
372:Windows-only games
118:designed to teach
109:
101:
100:
389:
362:2004 video games
324:
323:
313:
285:
279:
278:
276:
275:
261:
255:
254:
252:
251:
245:
237:
120:network security
22:
397:
396:
392:
391:
390:
388:
387:
386:
342:
341:
333:
328:
327:
287:
286:
282:
273:
271:
263:
262:
258:
249:
247:
243:
239:
238:
234:
229:
208:
180:
164:
128:U.S. government
20:
19:2004 video game
17:
16:2004 video game
12:
11:
5:
395:
393:
385:
384:
379:
374:
369:
364:
359:
354:
344:
343:
340:
339:
332:
331:External links
329:
326:
325:
280:
256:
231:
230:
228:
225:
207:
204:
179:
176:
163:
160:
99:
98:
93:
89:
88:
83:
77:
76:
73:
69:
68:
63:
57:
56:
46:
40:
39:
33:
27:
26:
18:
15:
13:
10:
9:
6:
4:
3:
2:
394:
383:
380:
378:
375:
373:
370:
368:
367:Windows games
365:
363:
360:
358:
357:Serious games
355:
353:
350:
349:
347:
338:
335:
334:
330:
321:
317:
312:
307:
303:
299:
295:
291:
284:
281:
270:
266:
260:
257:
242:
236:
233:
226:
224:
220:
216:
212:
205:
203:
199:
195:
193:
189:
188:Trojan horses
184:
177:
175:
173:
168:
161:
159:
155:
153:
149:
144:
140:
135:
131:
129:
125:
121:
117:
113:
105:
97:
96:Single player
94:
90:
87:
84:
82:
78:
74:
70:
67:
64:
62:
58:
54:
50:
47:
45:
41:
37:
34:
32:
28:
23:
293:
289:
283:
272:. Retrieved
268:
259:
248:. Retrieved
235:
221:
217:
213:
209:
200:
196:
185:
181:
169:
165:
156:
136:
132:
116:serious game
111:
110:
44:Publisher(s)
31:Developer(s)
178:Game Engine
61:Platform(s)
55:(All other)
346:Categories
311:10945/7126
274:2023-12-11
269:Networking
250:2011-12-19
227:References
112:CyberCIEGE
25:CyberCIEGE
162:Game play
139:firewalls
124:U.S. Navy
53:Rivermind
81:Genre(s)
320:2988679
192:viruses
92:Mode(s)
72:Release
66:Windows
318:
316:S2CID
244:(PDF)
114:is a
75:2004
306:hdl
298:doi
143:VPN
348::
314:.
304:.
292:.
267:.
190:,
141:,
322:.
308::
300::
294:3
277:.
253:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.