It's not polite to hack your neighbor but how else can a national-CSIRT and critical enterprises train and assess cyber warriors? Simulations and games are an effective approach. However, there are many cyber security games, competitions and training platforms. They vary widely in effectiveness, assessment capabilities and flexibility. In addition, most are closed and proprietary in nature. What is needed is a publicly adopted cyber operations simulation standard to support training, assessment and tool & technique development across platforms. I will share an innovative way to describe Cyber Operations Simulation elements by abstracting the primitives and describing their interaction via a Scenarios Definition Language. I will describe the methodology & approach, fundamental object types and teach attendees how to run their own simulations.
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Bt 2017 sim nice2017 final
1. BT Assure. Security that matters
Simulating Cyber
Operations: “Do you
want to play a game?”
Bryan K. Fite –
NICE 2017 8th
Annual
Conference
November 7, 2017
2. BT Assure. Security that matters 2
Trusted Advisor
My journey
Architect Risk Manager
Researcher
Pen Tester Consultant
Hacker
Innovation
Product
Manager
Security &
Compliance
Director
CISO
From the guy that said NO
to the guy that facilitates yes
3. BT Assure. Security that matters 3
Playing games can help train
and assess cyber warriors
Wicked problem
Shortage of cyber warriors
Many games but few
fit for purpose
4. BT Assure. Security that matters 4
“What is needed is a publicly adopted
cyber operations simulation standard ...”
Call to action
Cyber Operations Simulated
Environments Consortium
(COSEC) - 2012
5. BT Assure. Security that matters 5
“Is this a game…
…or is it real?”
“What is
the difference?”
War games
7. BT Assure. Security that matters 7
“Innovative way to describe Cyber
Operations Simulation elements…”
• Objects: are a collection of predetermined
attributes used to describe a simulation element.
• Attributes: are the characteristics of an Object
that dictate how objects interact with each other
inside a simulation.
Scenario Definition Language
8. BT Assure. Security that matters 8
Primitives
• Node
• Network
• Software
• Artifact
• Constraint
• Objective
• Actor
• Process
• Message
9. BT Assure. Security that matters 9
Object Type: Node
Required Attributes: Name (N), Host / Gateway Flag (H/G), Operating
System (OS), Interface Address(es) (IA), Routing Table (RT), ARP Table
(AT), Listening Ports (LP)
Optional Attributes: Accounts, Applications, Artifact and Services
The Object ID (OID) is a unique number, in this case 11001. The Object
Type (OT) is a Node (N) named hackme running in Host mode. hackme
is running Windows XP SP2 Operating System (OS) with the TCP/IP
Address (IA) of 192.168.0.10 and a Routing Table (RT) which includes
a default gateway of 192.168.0.1/24. There are two ARP entries in the
ARP Table (AT) one assigned to hackme and the other to the default
gateway. There are two Listening Ports (LP) which represent http
(port 80) and https (port 443) services. An optional Account attribute is
included – the username Administrator and its password.
OID (11001): OT
(N):N(hackme):H/G(H):OS(WINXPSP2):IA(192.168.0.10): RT(0.0.0.0,
192.168.0.1/24):AT (192.168.0.1:88-1f-a1-2c-00-7e,192.168.0.10:88-1f-a1-
2c-ff):LP (TCP:80,443): AC(Administrator:password)
Expressing Objects
10. BT Assure. Security that matters 10
From this simple scenario we can derive the required primitives.
“Your mission is to identify your adversary’s security posture by
enumerating the attack surface represented by their external network
address 10.0.10.0/24. You must submit your findings by 17:00 ET
today (1 hour from now). “
“I’m going to tell you a bedtime story.”
11. BT Assure. Security that matters 11
Edutainment: Packetwars
•Serious Phun
•First Cyber Sport
•Evolved Over 20+
Years
•Cold War Roots
•Flexible Platform
•Train
•Assess
•Recruit
http://packetwars.com
12. BT Assure. Security that matters 12
•Objectives & Constraints
•Battle Space:
•Dedicated, Virtual, Cloud & Hybrid
•Telemetry, Visualization & Analytics
•Assessment & Scoring
Spectator Friendly Sport
“…I want to play those games.”
13. BT Assure. Security that matters 13
•http://packetwars.com
“…Let's play Global Thermonuclear War.”
14. BT Assure. Security that matters 14
•TROOPERS18 in Heidelberg Germany https://www.troopers.de/
Next Public Event
15. BT Assure. Security that matters 15
Thank You For Your Time
Questions & Answers…?
@BryanFite
Editor's Notes
If you are here to see “The Dynamic Role of HR in Advancing Organizational Cybersecurity “ I regret to inform you that this is not that but rather…
If you are here to see “The Dynamic Role of HR in Advancing Organizational Cybersecurity “ I regret to inform you that this is not that but rather…
Initial Charter Adopted in 2012 – Charter members Dartmouth, Evergreen, University of Illinois, Core, Meshco and ERNW
One of my favorite movies of all times came out in 1983 – WOPR – War Operation Plan Response
Joshua is a computer gifted with artificial intelligence – “The only winning move is not to play”