Advertisement

Towards a Cybersecurity Game: Operation Digital Chameleon

  • Andreas RiebEmail author
  • Ulrike Lechner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)

Abstract

In the Serious Game “Operation Digital Chameleon” red and blue teams develop attack and defense strategies to explore IT-Security of Critical Infrastructures as part of an IT-Security training. This paper presents the game design and selected results from the evaluation of the gaming experience, an analysis of attack vectors and defense strategies developed in gaming and take outs of game participants. Participants enjoy the experience, develop APTs with realistic complexity and even innovations and take out the need for more information, more awareness training and cross-functional teams in IT-Security.

Keywords

Serious gaming IT-Security of Critical Infrastructures Cyberwargaming IT-Security Awareness 

Notes

Acknowledgments

We would like to acknowledge the funding from BMBF for project “Vernetzte IT-Sicherheit Kritischer Infrastrukturen” (FKZ: 16KIS0213). We thank all participants for making “Operation Digital Chameleon” a success, Marko Hofmann and Alexander Laux for their contributions in the design of “Operation Digital Chameleon”.

References

  1. 1.
    McAfee: Combating Advanced Persistent Threats, Santa Clara (2011)Google Scholar
  2. 2.
    Symantec: Advanced Persistent Threats: How They Work. http://www.symantec.com/theme.jsp?themeid=apt-infographic-1
  3. 3.
    Rowney, K.: What We Talk About When We Talk About APT. http://www.symantec.com/connect/blogs/what-we-talk-about-when-we-talk-about-apt#!
  4. 4.
  5. 5.
    Suárez-Lledó, J.: The black swan: the impact of the highly improbable. Acad. Manag. Perspect. 25, 87–90 (2011)CrossRefGoogle Scholar
  6. 6.
    Perla, P.P.: The Art of Wargaming: A Guide for Professionals and Hobbyists. US Naval Institute Press (1990)Google Scholar
  7. 7.
    Geilhardt, T., Mühlbrandt, T.: Planspiele im Personal- und Organisationsmanagement. Hogrefe Publishing Göttingen (1995)Google Scholar
  8. 8.
    Geuting, M.: Planspiel und soziale Simulation im Bildungsbereich (Studien zur Pädagogik, Andragogik und Gerontagogik/Studies in Pedagogy, Andragogy, and Gerontagogy). Lang, Peter Frankfurt (1992)Google Scholar
  9. 9.
    ENISA: On National and International Cyber Security Exercises. Europäische Agentur für Netz- und Informationssicherheit (ENISA), Heraklion (2012)Google Scholar
  10. 10.
    ENISA: The 2015 Report on National and International Cyber Security Exercises. Europäische Agentur für Netz- und Informationssicherheit (ENISA), Athen (2015)Google Scholar
  11. 11.
    Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)Google Scholar
  12. 12.
    Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)CrossRefGoogle Scholar
  13. 13.
  14. 14.
    UPKRITIS: UP KRITIS Öffentlich-Private Partnerschaft zum Schutz Kritischer Infrastrukturen., Bonn (2014)Google Scholar
  15. 15.
    Kamath, M.: Hackers can remotely take over Nuclear Power Plants by exploiting vulnerability in IES. http://www.techworm.net/2015/08/security-flaws-in-industrial-ethernet-switches.html
  16. 16.
  17. 17.
    Erswell, D.: The SCADA Internet - What to Look Out for, pp. 1–5 (2015)Google Scholar
  18. 18.
    Hald, S., Pedersen, J.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on 2012 Advanced Communication Technology (ICACT), pp. 81–86 (2012)Google Scholar
  19. 19.
    Robinson, M.: The SCADA threat landscape. In: 1st International Symposium on ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), pp. 30–41 (2013)Google Scholar
  20. 20.
    Schneier, B.: Attack Trees - Modeling security threats. Dr. Dobb’s J. (1999)Google Scholar
  21. 21.
    Dewar, J.A.: Assumption-Based Planning - A Tool for Reducing Avoidable Surprises. The Press Syndicate of the University of Cambridge, Cambridge (2002)CrossRefGoogle Scholar
  22. 22.
    Thiagarajan, S.: How to maximize transfer from simulation games through systematic debriefing. Simul. Gaming Yearb. 1993, 45–52 (1993)Google Scholar
  23. 23.
    McConigal, J.: Besser als die Wirklichkeit!: Warum wir von Computerspielen profitieren und wie sie die Welt verändern. Heyne Verlag, München (2012)Google Scholar
  24. 24.
    Newlin, M.: MouseJack Injecting Keystrokes into Wireless Mice (2016)Google Scholar
  25. 25.
    Spill, D.: USBProxy - an open and affordable USB man in the middle device. In: 2014 ShmooCon Proceedings (2014)Google Scholar
  26. 26.
    Herzberg, F., Mausner, B., Snyderman, B.B.: The motivation to work. Transaction publishers, Piscataway (1959)Google Scholar
  27. 27.
    Mayring, P.: Qualitative Inhaltsanalyse. Grundlagen und Techniken. (2008)Google Scholar
  28. 28.
    Hofmann, M.: Abschlussbericht taktisches Wargaming. ITIS, MünchenGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Universität der Bundeswehr MünchenNeubibergGermany

Personalised recommendations