By Trudy Walsh
When Jackie Hoover tells her security classes that they have to be
commercially certified in the next five years, their eyes get really big
and not in a good way, she said.
The new policy, DOD Directive 8570.1, mandates that all Defense
Department information assurance technicians and managers thats about
110,000 military, civilian and contractor employees be certified to meet
DOD requirements within five years.
The directive has shocked everybody Ive worked with, said Hoover,
director of the Technical Education College next to Peterson Air Force
Base in Colorado Springs, Colo. The college offers technology classes to
personnel at the Air Force Space Command and other Air Force bases.
You have to get these commercial certifications or you may lose your
job, she said. And theyre not easy tests.
Hoover teaches Security+, one of a series of classes that count toward
With so many students to teach so quickly as many as 300 students in the
last quarter Hoover looked for an easy-to-use training tool that would
reinforce what students learn in the classroom.
She discovered Cyberciege, an online simulation game that lets students
role-play aspects of network management. Students can hire and fire
employees and using virtual money buy and configure computers, servers,
operating systems and network devices.
Our main goal is to get people ready for deployment to places like Iraq,
Hoover said. They have to set up networks securely there but dont have
contractor help like they do here. Our school is the last place to
reinforce what theyve learned before they go.
Cyberciege was developed by the Center for Information Systems Security
Studies and Research at the Naval Postgraduate School in Monterey,
Calif., working with Rivermind, a game development company.
Students say its a lot more entertaining and informative than they
thought it would be, said Mike Thompson, a research associate at the
Naval Postgraduate School. Network security can be pretty mundane stuff.
We spice it up.
For example, one game scenario includes what happens when a person with
pinkeye gets an iris scan.
We knew about information assurance, said Cynthia Irvine, a professor at
the Naval Postgraduate School. Rivermind knew about graphics and games.
The school wanted to develop a resource management game, Irvine said.
The question was how they could infuse the dry routine of information
assurance with the drama of game playing.
We had to give players an emotional investment in what was happening,
she said. They had to be invested in the success of the virtual company
and keep the virtual users of the enterprise happy and productive. We
think this game can help organizations meet training and awareness
requirements better than yet another set of dreary PowerPoint slides.
Cyberciege shows them why you cant just leave your passwords posted
underneath your drawer, Irvine said.
Cyberciege comes with a motley cast of characters. Theres Typical User,
who just wants to do the job; Angry User, who is looking for ways to
harm the enterprise; and Vandal, whos motivated by boredom, desire for
attention or just plain technical curiosity.
Unlike in the real world, where mind reading is reserved for psychics
and magicians, Cyberciege players can query characters thoughts. I sure
would like more convenient Internet access, one character might think.
Players can then help the characters meet their goals.
Written in C++, Cyberciege uses Riverminds 3-D graphics engine and Java.
It will run on machines with Windows 2000 through Vista with 64M of RAM,
Cyberciege is available at no cost to federal agencies by contacting
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com