Since 2010, researchers in the SEI CERT Division have emphasized the crucial need for realism within cyberteam training and exercise events. Our approach to the construction and execution of these events has led to publication of a design framework for cyberwarfare exercises that we call Realistic – Environment, Adversary, Communications, Tactics, and Roles (R-EACTR), which provides guidance on how to produce realistic training and exercise events.
In this blog post, we describe efforts underway to improve the realism of non-player characters (NPCs) in training exercises with new software we have created called ANIMATOR. The ability of ANIMATOR to increase the realism of NPCs will be relevant and useful to anyone who is tasked with developing training for cyberteams. Moreover, as we describe below, the generation of highly realistic non-player characters could also be beneficially applied for use in machine-learning algorithms, honeypot payloads, insider-threat modeling, and social-network and relationship modeling.
Unrealistic scenarios that do not match real-world operations are unengaging for participants. To construct a comprehensive and optimally beneficial exercise, we want participants to work in an environment that resembles situations they will encounter in the real world. Realism extends beyond network topology to include other areas, such as scenarios, workflows, and behaviors. Building this experience requires replicating many things for the purposes of training and exercise—networks, workstations, organizations, groups, users, events, intelligence, reports, etc.
For many of these things, we have proper DevOps processes in place to create the necessary artifacts, documents, and otherwise that we need for any sized engagement. This automation spans the construction of the range network itself to routers, switches, servers, workstations, and other machines. It also includes components of the scenario that participants will operate or interact with, such as the road to war, intel specific to scenario-threat types, and the NPCs that have a role to play within the exercise.
One existing platform that we use often is CERT GHOSTS, which is an NPC simulation-and-orchestration platform for
This article is purposely trimmed, please visit the source to read the full article.