Abstract
In the Serious Game “Operation Digital Chameleon” red and blue teams develop attack and defense strategies to explore IT-Security of Critical Infrastructures as part of an IT-Security training. This paper presents the game design and selected results from the evaluation of the gaming experience, an analysis of attack vectors and defense strategies developed in gaming and take outs of game participants. Participants enjoy the experience, develop APTs with realistic complexity and even innovations and take out the need for more information, more awareness training and cross-functional teams in IT-Security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McAfee: Combating Advanced Persistent Threats, Santa Clara (2011)
Symantec: Advanced Persistent Threats: How They Work. http://www.symantec.com/theme.jsp?themeid=apt-infographic-1
Rowney, K.: What We Talk About When We Talk About APT. http://www.symantec.com/connect/blogs/what-we-talk-about-when-we-talk-about-apt#!
Rouse, M.: advanced persistent threat (APT). http://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT
Suárez-Lledó, J.: The black swan: the impact of the highly improbable. Acad. Manag. Perspect. 25, 87–90 (2011)
Perla, P.P.: The Art of Wargaming: A Guide for Professionals and Hobbyists. US Naval Institute Press (1990)
Geilhardt, T., Mühlbrandt, T.: Planspiele im Personal- und Organisationsmanagement. Hogrefe Publishing Göttingen (1995)
Geuting, M.: Planspiel und soziale Simulation im Bildungsbereich (Studien zur Pädagogik, Andragogik und Gerontagogik/Studies in Pedagogy, Andragogy, and Gerontagogy). Lang, Peter Frankfurt (1992)
ENISA: On National and International Cyber Security Exercises. Europäische Agentur für Netz- und Informationssicherheit (ENISA), Heraklion (2012)
ENISA: The 2015 Report on National and International Cyber Security Exercises. Europäische Agentur für Netz- und Informationssicherheit (ENISA), Athen (2015)
Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)
BMI: Definition “Kritische Infrastrukturen” (2009). http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/Sicherheit/BevoelkerungKrisen/Sektoreneinteilung.pdf?__blob=publicationFile\nBundesministeriumdesInnern2009-DefinitionKritischeInfrastrukturen.pdf
UPKRITIS: UP KRITIS Öffentlich-Private Partnerschaft zum Schutz Kritischer Infrastrukturen., Bonn (2014)
Kamath, M.: Hackers can remotely take over Nuclear Power Plants by exploiting vulnerability in IES. http://www.techworm.net/2015/08/security-flaws-in-industrial-ethernet-switches.html
Neitzel, L., Huba, B.: Top ten differences between ICS and IT cybersecurity (2014). http://www.isa.org/standards-and-publications/isa-publications/intech-magazine/2014/may-jun/features/cover-story-top-ten-differences-between-ics-and-it-cybersecurity/
Erswell, D.: The SCADA Internet - What to Look Out for, pp. 1–5 (2015)
Hald, S., Pedersen, J.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on 2012 Advanced Communication Technology (ICACT), pp. 81–86 (2012)
Robinson, M.: The SCADA threat landscape. In: 1st International Symposium on ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), pp. 30–41 (2013)
Schneier, B.: Attack Trees - Modeling security threats. Dr. Dobb’s J. (1999)
Dewar, J.A.: Assumption-Based Planning - A Tool for Reducing Avoidable Surprises. The Press Syndicate of the University of Cambridge, Cambridge (2002)
Thiagarajan, S.: How to maximize transfer from simulation games through systematic debriefing. Simul. Gaming Yearb. 1993, 45–52 (1993)
McConigal, J.: Besser als die Wirklichkeit!: Warum wir von Computerspielen profitieren und wie sie die Welt verändern. Heyne Verlag, München (2012)
Newlin, M.: MouseJack Injecting Keystrokes into Wireless Mice (2016)
Spill, D.: USBProxy - an open and affordable USB man in the middle device. In: 2014 ShmooCon Proceedings (2014)
Herzberg, F., Mausner, B., Snyderman, B.B.: The motivation to work. Transaction publishers, Piscataway (1959)
Mayring, P.: Qualitative Inhaltsanalyse. Grundlagen und Techniken. (2008)
Hofmann, M.: Abschlussbericht taktisches Wargaming. ITIS, München
Acknowledgments
We would like to acknowledge the funding from BMBF for project “Vernetzte IT-Sicherheit Kritischer Infrastrukturen” (FKZ: 16KIS0213). We thank all participants for making “Operation Digital Chameleon” a success, Marko Hofmann and Alexander Laux for their contributions in the design of “Operation Digital Chameleon”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rieb, A., Lechner, U. (2017). Towards a Cybersecurity Game: Operation Digital Chameleon. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)