Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
Applying Training Analysis and Game-Based Learning toward the Design of a Cyber Warfare Real-Time Strategy Training Game Clint Doriot, C.J. Hutto, Christopher Smoak Georgia Tech Research Institute (GTRI) Atlanta, GA
[email protected],
[email protected],
[email protected]
ABSTRACT A need currently exists in finding methodologies that are effective in training information technology professionals as to the understanding of cyber security and cyber warfare. Games are becoming more popular as a tool for training, due to their promise of increased motivation, context-sensitive presentation of information, immediate feedback and increased sense of immersion. Game-based training must strike a proper balance between being fun and engaging, so as to keep the player’s motivated, and being informative and effective as a training tool. While methodical game design and frequent play-testing increases the likelihood that the result fully engages the player, this is not enough to ensure the game is effective as a training tool. The addition of formal training analysis to identify the target audience and learning objectives can direct the game design to help ensure training effectiveness during development. This paper presents a case study of the design and development of a cyber warfare real-time strategy game. Our approach incorporated a study of proven game mechanics and current design trends appropriate for the material. Incorporating traditional training analysis led to better design decisions and identified key mechanics that were previously missing. The result was a solid design foundation for game development and play-testing. ABOUT THE AUTHORS Clint Doriot is a Research Engineer in the Information Communications Laboratory at the Georgia Tech Research Institute. At GTRI, he has developed software for a variety of applications, including servers, databases, rich-internet applications, robotics and interactive media. He currently leads several research and development efforts applying simulation, gaming, virtual world and augmented reality technology to education and training. He holds a M.S.E.E from the Georgia Institute of Technology and B.S.E from Mercer University. C.J. Hutto is a Research Scientist working in the Human Systems Integration (HSI) Division at the Georgia Tech Research Institute (GTRI). He has a B.S. in Human Factors, a M.S. in Human Computer Interaction (HCI), and is currently pursuing a doctoral degree in Human Centered Computing (HCC) from the Georgia Institute of Technology. C.J.'s current fields of interest travel along two dimensions: The first is related to applications of Human Systems Integration (HSI) to complex socio-technical systems. The second dimension is related to developing agent-based models to simulate and predict human behavior within complex social systems (e.g., socio-cognitive networks), and analyzing human social, cognitive, and cultural behavior. Christopher Smoak is a Research Scientist in the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute. He has over seven years of security-related experience ranging from building defensible systems to advanced malware and exploitation research. Mr. Smoak directs research efforts geared towards automated, dynamic malware analysis to help detect and mitigate botnet compromises. Within this realm, he has worked to identify common attack vectors and methodologies utilized to compromise computer systems and operate undetected. He earned a B.S. in Computer Science from the Georgia Institute of Technology and is currently pursuing his M.S. in Information Security. He currently holds the CISSP certification.
2011 Paper No. 11181 Page 1 of 11
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
Applying Training Analysis and Game-Based Learning toward the Design of a Cyber Warfare Real-Time Strategy Training Game Clint Doriot, C.J. Hutto, Christopher Smoak Georgia Tech Research Institute (GTRI) Atlanta, GA {Clint.Doriot, Clayton.Hutto, Christoper.Smoak}@gtri.GaTech.edu
INTRODUCTION The increasing reliance upon information technology for everyday activities has made the maintenance of a strong security posture in cyberspace absolutely essential to the success of business and government entities. The ubiquity of computerized networks leading to data that is extremely valuable to highly skilled and motivated adversaries has transformed the once-niche task of examining network vulnerabilities and attack threats into an issue that impacts virtually everyone. Potential cyber-attackers range from single rogue individuals to whole government organizations. When successful, such attacks can have an even higher effect-to-cost ratio than traditional, physical attacks. A mandate for a stronger Cyber presence from the highest levels of the government has fueled the need for more than 21,000 Cyber-related professionals to become a part of the newly created United States Cyber Command (USCYBERCOM) (DoD, 2010; McMichael, 2010; Vlahos, 2009). A critical aspect of meeting these goals is related to personnel training. Much of cyber-related training has been oriented towards educating the end user (McCrohan, Engel, & Harvey, 2010). Much less pervasive is the training for the technical engineers who are needed to actually defend against and counter cyber attacks. To help address this problem, the latest thrust has been toward training highly skilled Cyber Warriors, individuals who are keenly attuned to the strategies used by the most sophisticated of technical adversaries, and who are able to conduct similarly deft defensive maneuvers as well as counter-offensive cyber attacks (Vlahos, 2009). Unfortunately, the sheer depth and breadth of the required information is oftentimes staggering, even for the most technically astute students. In this paper, we argue that traditional methods for training engineers with critical thought processes (Fulp, 2003) can be complimented with practical exercises where students actively engage in learning relevant cyber warfare techniques via a gamebased learning approach. We begin by elucidating how game-based entertainment offers an ideal delivery
2011 Paper No. 11181 Page 2 of 11
mechanism that complements a number of wellestablished principles of learning. We also describe how formal training analysis techniques can improve game developers’ understanding of educational goals and training objectives. Unfortunately, existing attempts at developing game-based training for cyber security and cyber warfare generally fall into one of two categories - either they are fun, or they are educational, but rarely are they both. Our approach helps bridge this gap by informing current guidance for the design of games for training. The remainder of this paper is organized as follows: First, we provide background information regarding game-based learning in general, emphasizing research that helps address explanation (why and how games are effective) and highlighting the need for research related to prescription (how to actually implement effective learning in games). Next, we describe how traditional training analysis techniques, such as identifying the target audience and learning objectives, can direct the game design so as to help ensure training effectiveness is considered during game development. Then, we discuss the characteristics of cyber warfare, related cyber games and the characteristics of the real time strategy (RTS) game genre. Finally, we present an illustration of the practical implementation of both the training analysis and the principles of learning as embodied in game-based education. We do this by examining how these two concepts are being applied towards the design of the CyberWar Real Time Strategy (CyberWar RTS) game, a cyber warfare training game. GAME-BASED LEARNING Digital game-based learning (DGBL), in general, has received increasing amounts of attention over the past few decades, as is evident by a growing body of literature (Aldrich, 2004; Gibson, Aldrich, & Prensky, 2007; Johnson, 2005; Prensky, 2000, 2006; Van Eck, 2006). As Van Eck (2006) points out, early DGBL proponents were largely focused on overcoming the stigma that games are only for “play”, strongly (and
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
repeatedly) advocating the message that games do indeed have a place in education. Now that the message of efficacy (i.e., that games can be effectively used for learning) has been generally accepted, gamebased learning researchers are currently working to address the emerging question of why DGBL is engaging and effective, as well as developing guidelines for game design to help implement learning (Lazzaro, 2004, 2009, 2011; Van Eck, 2006). Why Games are Engaging What is it about some games that make them more entertaining than others? How do these games keep players engaged? Quite simply, the most engaging games are those that are entertaining and fun (Lazzaro, 2009; Prensky, 2000). According Lazzaro’s model, there are four keys to why people enjoy playing certain games, each key representing a different aspect of fun: “hard” fun, “easy” fun, “people” fun, and “serious” fun. Games that incorporate meaningful challenges, strategies, and puzzles offer hard fun – a compelling balance of game difficulty with player skill through levels, player progress, or player controlled choices (Lazzaro, 2004). For many people, the psychological rewards of achievement and triumph experienced after overcoming obstacles elicits positive emotions (Eckman, 2007). Easy fun is associated with games that allow for creative exploration and imaginative role-play (Lazzaro, 2004). Easy fun is often a result of a game being immersive, because immersion appeals to a player’s sense of curiosity, surprise, awe and wonder to keep them engaged (Lazzaro, 2011). Also, many games are appealing because they stimulate social bonding and interpersonal interaction (or at least the illusion of interaction), and therefore engender users’ engagement via people fun (Lazzaro, 2009). Serious fun is play with a purpose. Thus, “serious games” (Abt, 1970; Zyda, 2005) are designed to create or express value in play (Lazzaro, 2009). For example, playing Dance Dance Revolution for the purpose of losing weight will appeal to a player’s sense of serious fun. Thus, entertainment is the key to engagement (Lazzaro, 2011), and engagement is an important component of effective game-based learning (Csikszentmihalyi, 1990; Rieber, 1996).
Readiness, the Law of Exercise, and the Law of Effect – as well as the principle of situated learning (Lave, 1988; Lave & Wenger, 1991; Suchman, 1987, 2007). The Law of Readiness refers to the physical or mental preparedness of the student to be receptive to material that will be taught (Thorndike, 1932). Motivation to play the game becomes the mechanism by which trainees become receptive to learning the educational material, making the training much more effective as compared to an unmotivated trainee. The Law of Exercise stresses the idea that repetition is essential to the development of consistent adequate responses (Thorndike, 1932). Games which are especially engaging will often be associated with extended and repeated play, often with much less fatiguing than one might expect from traditional formal instruction (Gee, 2003). Behaviors, actions, or concepts that are most often repeated will be easiest to remember. The mind can rarely recall new concepts or practices after a single exposure, but every time it is practiced, learning continues and becomes reinforced. According to the Law of Effect, a positive response to learning will strengthen the bond or connection to the education material being taught, while a negative response will weaken the chance for reinforcement (Herrnstein, 1970; Thorndike, 1932). This law involves the emotional reaction of the learner. Learning will always be much more effective when a feeling of satisfaction, pleasantness, or reward accompanies or is a result of the learning process. To be most effective, teaching, therefore, must be pleasing (i.e., fun). Well designed games naturally fulfill this principle by providing players immediate feedback on the consequences of specific actions and behaviors when playing the game.
Why Games are Effective Mechanisms for Learning
Immersive learning games can be extremely effective because the learning occurs in a meaningful environment. Learning that is situated within meaningful and relevant contexts is often much more effective than learning that occurs outside of those contexts, as is the case with much of Westernized formal instruction (Lave & Wenger, 1991). Researchers refer to this principle as situated cognition or situated learning, and have demonstrated its effectiveness in many studies over the two decades (Lave, 1988; Lave & Wenger, 1991; Suchman, 1987, 2007).
The very nature of games (especially those that are particularly engaging) makes them ideally suited as a delivery mechanism for learning. Games are the embodiment of numerous well-established principles and models of learning. For example, games encompass all three of Edward Thorndike’s (1932) socalled “Laws of Learning” – that is, the Law of
As a result of their promise of (1) increased motivation, (2) potential for extended and repeated exposure to the learning environment without fatiguing the trainee, (3) immediate and rewarding positive feedback, and (4) situated contextual-presentation of information and increased sense of immersion, it is no wonder why games are becoming increasingly popular as an
2011 Paper No. 11181 Page 3 of 11
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
effective tool for training. However, we must consider more than just the argument that games can be effective, otherwise “we run the risk of creating the impression that all games are good for all learners and for all learning outcomes, which is categorically not the case” (Van Eck, 2006, p. 18). An open issue in the digital game-based learning literature has been on precisely how to go about actually implementing effective learning in games. On the one hand, research by game designers and developers such as Lazzaro (2011) indicate seemingly straightforward guiding principles of how to make games engaging and fun, with a large majority of these intended to arrive at entertainment as the end result. On the other hand, many game developers find it very challenging to effectively incorporate the learning of complex material and the achievement of specific educational goals without sacrificing the very aspects of fun that make games so well suited to training. Van Eck (2006, p. 18) summarizes the major points quite succinctly, eloquently making the case that game-based training must strike a proper balance between being fun and engaging, so as to keep the player’s motivated, while at the same time being informative and effective as a training tool. While methodical game design and frequent playtesting can increase the likelihood that the result fully engages the player, this is not enough to ensure the game is effective as a training device. The addition of formal training analysis methods to identify the target audience and learning objectives can guide design so as to help ensure training effectiveness during game development. We briefly describe the most germane elements of the training analysis in the next section. TRAINING ANALYSIS The Instructional Systems Development/Systems Approach to Training (ISD/SAT) process involves the practice of maximizing the effectiveness, efficiency and appeal of instruction and other learning experiences. ISD/SAT requires effort in the areas of planning and quality improvement (Dick, L. Carey, & J. O. Carey, 2005; DoD, 1999). There are many instructional design models but many of the most pervasive (including SAT) are based on some derivative of the ADDIE model – so named because of its five phases of instructional design: 1) analysis, 2) design, 3) development, 4) implementation, and 5) evaluation (Dick et al., 2005). Whether the ADDIE model or the SAT model is used, the relevant training analysis activities will be very similar. First we need to understand the general characteristics of the target audience so that we can tailor the training suit their
2011 Paper No. 11181 Page 4 of 11
needs most effectively. We do this via a Target Audience Description. We also need to identify the overarching instructional goal(s) of the training. These goals will eventually take the form of Terminal Learning Objectives (TLOs). Finally, guided by the TLOs, the instructional material analysis will help identify the specific concepts that a learner must recall as well as the details regarding what the learner must be able to do to successfully perform a particular task. This will lead to the documentation of the Enabling Learning Objectives (ELOs). CYBER WARFARE AND RELATED GAMES For effective game-based cyber warfare training, the content must appropriately map the cyber domain to the game mechanics, and strike a balance between educating and entertaining the player. Characteristics of Cyber Warfare Cyber warfare, in its essence, is portrayed in an attacker-versus-defender scenario, with attackers trying to gain unrestricted access to an opponent’s network resources and defenders trying to prevent that unauthorized access. It is a tactical war that may include both parties dynamically restructuring their tactics to minimize progression of the adversary. For instance, a defender may notice an attacker's preferred method of exploitation, adapting Intrusion Detection System rules to catch the particular exploit packets as they enter his network. The attacker may then be forced to employ different tactics when continuing his penetration deeper into the target's network. General strategies for each side are initially the same: find vulnerabilities. Both the attacker and defender need to identify vulnerabilities upon which they will base their efforts. The attacker, for example, will identify vulnerabilities in particular computer systems and plot a path towards exploitation. This process of identifying and exploiting vulnerabilities continually repeats as the attacker works deeper and deeper into the target network. At some point, the attacker either cannot find additional vulnerabilities or successfully obtains targeted information. The defensive side, much like the attacker, begins by identifying vulnerabilities in their network; however, their goal is to mitigate the risk posed by those vulnerabilities. This may include adding signatures to an Intrusion Detection System, reconfiguring the logical layout of a network, or applying a software patch to a system. The defender can also use the attacker's primary weakness, lack of prior knowledge of the victim's network topology, to lay
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
traps or lure the attacker to false assets that waste his time.
tools, tasks and terminology of the cyber domain, and is therefore inadequate as a training tool.
Existing Cyber Games
Characteristics of Real Time Strategy Games
Very few games currently exist within the domain of cyber warfare. In general, these games fall into one of two categories: (1) educationally based games that focus solely on end-user training or network administration, or (2) hacking games that lack the educational rigor appropriate for training.
Real-Time Strategy (RTS) games simulate military operations, giving players high-level control of the battle while still enabling them to issue specific commands to individual fighters. The term real-time is meant to distinguish the genre from earlier, turn-based games (Geryk, 2001), but does not indicate the simulation time moves at the same rate as its real-world counterpart. An appreciation of the game-mechanics common to most RTS games will be necessary in order to understand the specific design suggestions for a cyber warfare RTS training game discussed later. These game mechanics were derived based on a number of sources (Bergensten, 2008; Buro, 2003; Geryk, 2001) and from the authors’ own experiences.
CyberCIEGE, created by US Gov Center for Information Systems Security Studies and Research (CISR) at the Naval Postgraduates School (NPS) and Rivermind, Inc. (Cone, C. E. Irvine, Thompson, & Nguyen, 2007), is a training simulation video game. The game-play is similar to The Sims series by Maxis Software, allowing the player to observe the interactions of several non-playable characters (NPCs) in a work-place setting. Multiple scenarios exist, testing the player’s ability to make decisions that affect information security and employee efficiency. Within a given scenario the player configures settings that affect the computer polices and the resulting NPC behaviors. While CyberCIEGE is effective in offering an interactive training environment with a very comprehensive coverage of security topics (ISC2, 2011), these topics are geared primarily toward managers and high-level system administrators, and lack training on the technical details and strategies required of network administrators and hackers. Furthermore, several problems with game-play negatively impact its ability to continually engage the player. Sporadic use of quiz questions throughout the scenario breaks up the flow of the scenario and lends itself to rote memorization. Simulation responses to player choices and rigid scenario solutions at times map poorly to the player’s mental understanding of the scenario, potentially confusing the player and discouraging the use of creative problem solving. By contrast, games like Introversion Software’s Uplink, focus primarily on entertaining the player with hacking simulation puzzles. Players assume the role of a hacker who must use a variety of computer interfaces and applications to gain access to an opponent’s network, steal files, upload viruses and remove any indication of the hacker’s presence. Time limits for completing the hacking tasks create suspense and tension, as the player’s will be caught and fail the mission if they do not disconnect from the opponent’s machines on time. However, as the game is intended for entertainment, it presents a highly stylized feeling of hacking that does not remain authentic to the actual
2011 Paper No. 11181 Page 5 of 11
In RTS games, the terrain provides a setting for the battle (typically land, water, mountains, space, etc), and specifies the spatial location of each player’s armed forces. Players are limited to viewing only the portions of the terrain that their forces currently occupy. Areas that have not been explored are shown as grey or black spots on the map. If a player has explored an area, but lost control of it, the terrain view will typically show the last known state of that region. This is known as the fog of war, borrowing from the military term for uncertainty in situational awareness and intelligence. The player’s armed forces consist of units or structures. Units are characters that the player can command to perform specific actions, such as exploring, fighting or building. Units will continue to carry out their instructions until the player issues a different command. Structures are static buildings that provide support functions, such as creating additional units, performing technology research or providing defense mechanisms. While units can move freely across the terrain, structures are typically limited to being built in close proximity to the player’s base, that is, the player’s established area of control. Units and structures are further specialized into specific types, which offer unique sets of statistics (health, speed, etc.) and allowable actions. Factions refer to the different sides of the war that the player can choose to fight on. The units and structures available for each faction typically cover the same range of functionality, or their abilities are balanced such that neither side has a clear tactical advantage. RTS games maintain an advanced economy based on resource management. Resources are assets (gold, oil,
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
etc.) that can be collected by units from the environment or from opponents. These finite resources can then be spent on production, the acquisition of additional units and structures, or development, the creation of new types of units and structures with advanced capabilities. Players are limited to developing new types based on the technology dependencies for the player’s chosen faction. For example, if a player wishes to build a tank, he must first build a factory and then spend additional resources on developing armored vehicle technology, before the option to build a tank is made available. These technology dependencies are referred to as the technology tree, or tech-tree for short. So, players must also manage their resources over time, balancing between short-term requirements and longterm capabilities. The core RTS mechanics work well for both singleplayer and multiplayer environments. For singleplayers, the military operations are broken down into campaigns and scenarios. Campaigns are a grouping of scenarios based on a common theme. Scenarios are individual sessions of play that focus on a short list of mission objectives, tasks for the player to complete. Mission objectives may include specific tasks, such as rescuing a group of hostages or maintaining control of a specific terrain feature, but the most common one is eliminate all of the opponent’s forces. Once the mission objectives are completed, the scenario has been won and the player is assigned a score based on numerous statistics (completion time, resources gathered, opponent units destroyed, etc). The scenario is lost if the all of the player’s assets are destroyed, or if mission critical objectives are failed. Within a campaign, early scenarios focus on demonstrating the control interface, teaching basic strategies and gradually introducing the tech-tree. Later scenarios require players to combine these elements into more elaborate strategies to win larger battles. In this way, campaigns continually reinforce basic skills while teaching higher level concepts over time. A single campaign also shares common background story elements. Stories within the RTS genre vary significantly, both in terms of setting (medieval, modern, fantasy) and depth, but in general, they place the player in the role of a high-level battlefield commander. While this can further immerse the player into the game and provide incentive for continued play, RTS games such as Cavedog Entertainment’s Total Annihilation have proven that minimal to no story is required so long as the game-play is compelling (Geryk, 2001). In most multiplayer battles, two or more players compete directly against each other for control of the terrain. These battles take place outside of any
2011 Paper No. 11181 Page 6 of 11
campaign, provide no story and assume the player has already learned the essential components taught in single player mode. The battle is won when one side has been completely eliminated. This mode offers players a chance to continually improve their tactics and test new strategies against skilled opponents. RTS interfaces and controls borrow heavily from desktop computing and share many similarities with C4I situational awareness interfaces. The majority of the display shows view from a camera above and facing down on the terrain. While only a portion of the terrain can be seen, the camera can be moved to other location using the keyboard or mouse. Units, structures and landmarks appear throughout the terrain, often with overlay labels and icons representing specific information, such as unit names and health or progress on completing commands. Players can click on individual units or structures, drag to select groups of them, or click on map locations to designate where an action is to be performed. A number of graphical user interface (GUI) components overlap the terrain view. The mini-map is a small, zoomed-out map showing the entirety of the terrain and allowing the user to quickly move the terrain camera to specific locations. The context panel changes, displaying which units or structures have been selected, with additional statistics or available actions based on the selection. Additional smaller overlays display miscellaneous information, such as the number of resources the player has collected, or the tasks associated with the given scenario. In general, the GUI is designed to be very minimal but dynamic, allowing the player to focus on the action happening in the terrain view. RTS games also feature a rich set of keyboard shortcuts that map to in-game actions, allowing the player to keep the mouse situated within the terrain action on not on the GUI interface. These mechanics result in two modes in which the player must continually operate: micro- and macromanagement. Micromanagement refers to when the player is primarily focused on commanding specific units to perform an action and, at times, how to perform it. This is also sometimes referred to as tactics. Macromanagement refers to when the player is primarily focused on high-level economic development and global decision-making. This is also sometimes referred to as strategy. For example, a player’s overall battle strategy may involve taking control a resourcerich valley currently occupied by an opponent. This would require the player to focus on investing resources into amassing a large army (macromanagement), and then sending troops of the army to attack opponent locations within the valley (micromanagement). Successful players must be able
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
to operate successfully at both levels, and seamlessly switch between each mode. Thus, real-time strategy games represent complex offensive and defensive military operations, requiring players to gather resources and intelligence, to build a sustainable infrastructure and to formulate and execute a plan of attack, all while balancing limited resources, making quick decisions in the face of uncertainty, at multiple levels of abstraction. These elements represent “hard fun” while the multiple player mode add a “people fun” component, that has continued to make the genre successful. CYBERWAR RTS: CYBER EDUCATION MEETS ENTERTAINMENT CyberWar RTS is designed with both entertainment and education in mind. By combining (1) consideration of well-established principles of learning, (2) rigorous analytical elements of Instructional System Design / Systems Approach to Training (ISD/SAT), and (3) engaging real-time strategy game mechanics with (4) accurate educational information and cyber warfare techniques, our design philosophy is to maximize the advantages of the game-based learning approach while also being true to the educational goals as described in the training analysis. Designing with Fun in Mind (Entertainment) While cyber warfare varies significantly from traditional warfare in a number of ways, the basic structure of the battle remains the same: intelligence is gathered on the opponent, an offensive and defensive strategy is formulated, and then the plan is executed. Since RTS games simulate these fundamental operations, we propose that it should be relatively straightforward to apply the real time strategy game paradigm to cyber warfare education and training. The differences in domains do present some challenges, but they also reveal opportunities to expand the genre and improve the current state of cyber warfare tools. The most straight forward way to apply the RTS game paradigm to the cyber domain would be to have units continue to represent characters, such as hackers or network administrators, structures continue to represent buildings with support actions, such as office spaces or server farms, and the terrain continue to locate these elements spatially. However, commanding a hacker unit to hack into a network does little in terms of teaching the underlying hacking methods, and the spatial view of these units does not provide any insight into how networks are logically structured. Instead we
2011 Paper No. 11181 Page 7 of 11
propose a more abstract implementation of the RTS terrain, structures and units being represented by the network, hardware and software, respectively. The traditional spatial terrain is replaced with logical network visualization, displaying the hardware structures that produce the layout and the network links between them. These hardware devices (such as personal computers, servers, hardware firewalls, routers, etc) fill the role of structures, providing landmarks within the network terrain, providing a platform for the applications, and occasionally offering support services (like firewall configurations). Software applications (such as web browsers, hacking tools, software firewalls, and network services) act as units, providing the interface through which players can issue action commands (such as searching for other network devices, scanning opponent computer ports, or running exploits). As expected, the hardware structures can run multiple software applications at once, but with the expense of increased latency. Although the distinction between structure and unit begins to breakdown as units are now explicitly tied to a given structure, much of the remaining RTS mechanics remain intact. The player is still fighting for control areas of strategic advantage; however this is accomplished not by physical dominance in an area, but by root control of network devices. Representing terrain as a logical network diagram requires additional design considerations but presents new opportunities. The fog of war must be reevaluated, going back to its basic purpose of displaying only the information that the player currently knows. However, instead of laying out the network in its fully discovered form, and hiding portions with a black fog, we simply condense the network to display what the user currently knows. This requires a dynamically updating network visualization that expands as more systems on the network are discovered, and changes structure as new information improves the players situational awareness (for example, discovering two PCs are on a subnet would cause them to be redrawn with a common gateway node). This dynamic visualization also allows for additional controls, such as allowing the player to collapse a network of devices into a single icon in order to simplify the display. Resource management continues to be an important aspect, especially as a requirement for effective training. In CyberWar RTS, information is the primary resource players must collect. As systems administrators and hackers explore the network space, they mine data from network traffic and application reports. In this way, players are still gathering resource from the environment; however, these resources are now spread throughout all components in the terrain.
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
Figure 1 – Components of the CyberWar RTS Interface Each piece of mission critical information (such as an email address, IP addresses, port configurations) that players correctly discover and identify will earn them monetary credits that can be spent on production and development. Information as a commodity also presents another opportunity to assist with training: since the game is keeping track of what information players knows, it can now produce dynamic data visualizations to help players filter, sort and process the data to improve their situational awareness.
the player progresses through scenarios, players will be given the option to create custom hardware / software configurations that accommodate their strategies. This approach to tech-trees also serves a training purpose. Players are originally required to perform low level tasks, such as manually configuring a firewall or running a port scan, but as they demonstrate proper understanding and proficiency, they unlock technologies that automate the process and allow them to focus on newer, higher level requirements.
Factions and their tech-trees map relatively straight forward from the cyber domain, with the primary factions being black-hats (hackers) and white-hats (network administrators). However, while black-hat scenarios are primarily concerned with offensive tactics, and white-hat with defensive tactics, concepts from both sides overlap, and players must eventually combine both offense and defense within their strategies. The similarity between factions decreases the complexity of the underlying simulation, but creates a less diverse, and potentially less interesting, game-play than traditional RTS games would feature. While we feel the cyber domain is sufficiently exciting to overcome that risk, only thorough play-testing will determine if that RTS mechanic remains enjoyable.
Campaigns, scenarios, and mission objects serve the same role as in traditional RTS games. Single-player campaigns are composed of a series of scenarios and cover the major concepts that the player must learn. Scenarios are won when all mission objectives are completed, and scores are assigned based on a number of factors (such as completion time, percentage of data mined, vulnerabilities discovered, etc.). Early scenarios focus of teaching fundamental concepts and tactics, which grow in scope and are reinforced in later scenarios, culminating in larger battles that require combining multiple strategies. Multiplayer scenarios continue to offer an open environment to test new strategies against increasingly difficult opponents. The story can be kept to minimal but places the player in the role of a hacker or network administrator, so as to immerse the player in the cyber domain and increase their investment in the material.
The problem carries over to tech-trees as well: while the lone hacker might have quicker access to exploits and the corporate system administrator may have resources for more expensive equipment, the majority of the underlying hardware and software is the same. Furthermore, individual assets lack diversity, as the majority of them will be PCs running a mixture of software applications. This problem, however, can be addressed through custom configurations. As new applications and exploits continue to be developed as
2011 Paper No. 11181 Page 8 of 11
As RTS interfaces and controls already borrow heavily from the computer domain, mapping these aspects to cyber warfare is straightforward. Figure 1 shows the CyberWar RTS interface before and after the discovery of an opponent’s networked assets. The terrain view, mini-map, context panel, point-and-click mouse controls and keyboard shortcuts are still essential for
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
basic game-play. Additionally, the game environment provides new opportunities to improve upon the interfaces of traditional cyber domain tools. Command line tools can be replaced with improved graphical interfaces, allowing players to focus on learning the function each tool serves and how to use it effectively in battle, instead of being restricted by cumbersome syntax. Furthermore, dynamic data visualizations can be used to improve the player’s understanding of the scenario. However, the complexity of the various tools will necessitate more-complex GUIs than traditional RTSs feature. Care must be taken to ensure these additional interfaces do not clutter the operational network view. When combined, these mechanics produce an environment that will require players to split their focus between micro- and macro-management efforts. The player must not only learn low-level cyber tools and develop higher level strategies, but must also develop an understanding of how those tools affect the strategy and the skills to switch between short term operations and long term planning. Designing with Training in Mind (Education) While purposefully mapping proven game mechanics and explicitly designing for entertainment are essential to producing a fun and engaging learning environment, these do not guarantee the resulting materials are adequately educational. Instead, we turn to the rigor of a more traditional ISD/SAT training analysis to ensure the appropriate level and quantity of material is presented to tech specific learning objectives, and that adequate metrics are gathered to assess performance. Note that while this discussion is presented after the game design, training analysis must occur simultaneously because it informs further design considerations, both in content and game-play. Pedagogical Strategy CyberWar RTS provides an interactive, game-based approach to learning fundamental concepts regarding offensive and defensive cyber warfare. The pedagogical conception is one of “edutainment” - using a Real Time Strategy (RTS) game genre as the students’ learning environment. This tool can be used as either a standalone learning tool for teaching cyber warfare basics, or it may be used as an interactive component to an existing introductory course in cyber warfare techniques. This tool provides a clear progression of cyber warrior training – beginning with a clear introduction of the essential concepts and definitions, then progressing to simple and then more complex applied techniques for offensive and defensive cyber warfare.
2011 Paper No. 11181 Page 9 of 11
Three major themes are reiterated throughout the game content. These include introducing concepts, definitions, and techniques related to: 1. 2. 3.
Offensive cyber warfare Defensive cyber warfare Integrating offensive and defensive concepts and techniques in applied cyber warfare scenarios.
Target Audience Description CyberWar RTS is designed as an introductory level learning tool relevant to any students involved in the DoD (or similar) cyber warfare community. The content should be conceptually accessible to both uniformed and civilian personnel (government or civil service), regardless of whether they are seeking a degree or continuing education. This tool is therefore appropriate as a training device for entry level practitioners seeking initial learning experience or for more experienced practitioners seeking a review of existing or emerging cyber warfare concepts. In order to use the software, trainees only need to be familiar with basic desktop computing skills and concepts. While more advanced computer topics (such as networking, databases, operating systems, etc.) are necessary to understanding the intricacies of cyber warfare, a high level overview of each topic could be presented to the player during early tutorial scenarios. These tutorials, and additional supplemental reading on the topics, should be available from within the game environment. To keep consistency with the cyber theme, these reference materials could be accessed through a Wikipedia –like webpage in an in-game web browser. Terminal and Enabling Learning Objectives Terminal objectives (TOs) are high level statements indicating what a student should know at the end of the training, while enabling learning objectives (ELOs) are discrete steps that must be accomplished in order fulfill a given terminal objective. Thus TOs are global goals accomplished by successfully completing the entire game campaign, while ELOs share a many-to-many relationship with scenarios: multiple ELOs are present in a given scenario and a given ELO might be reinforced over several scenarios. The breadth and depth of the content that CyberWar RTS will cover prevents a complete listing of planned TOs and ELOs. However, a subset has been provided in Listing 1. The TOs are listed in bold, with the ELOs indented under the associated TO. These objectives correspond to an early tutorial black-hat scenario, where the player is introduced to basic concepts and tools in passive information reconnaissance.
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
Listing 1 – Terminal and enabling learning objectives for a passive information reconnaissance scenario 1.0 Define concepts necessary to understand offensive cyber warfare techniques 1.1 Describe methods for performing network reconnaissance 1.2 Define methods for identifying vulnerable systems 2.0 Describe offensive cyber warfare techniques 2.1 Underline methods for passive reconnaissance against targets 2.2 Illustrate methods for mapping available services on target systems 2.3 Discuss the type of data that may be recovered via passive reconnaissance 2.4 Explain methods to identify systems within target networks. 3.0 Apply offensive cyber warfare techniques. 3.1 Demonstrate passive reconnaissance techniques 3.2 Evaluate the utility of data recovered via passive reconnaissance 3.3 Employ methods to identify systems within target networks 3.4 Distinguish best targets from mapped systems 3.5 Recall methods for identifying vulnerable Training Metrics services within mapped systems
From a training perspective, metrics are essential to verify the player has learned the desired information and can apply appropriate skills. From a game design perspective, they are important in providing the player with performance feedback. RTS games typically record a variety of player performance data through the scenario. In cyber warfare domain, each scenario would always include metrics such as amount of data collected or time spent on tasks. However, additional metrics might be necessary to observe for specific scenarios (for example, the number of units hacked / defended, or percentage of times the user correctly identified the weakest targets). Metrics for a particular ELO can be aggregated across multiple scenarios to determine when a player has adequately proven they have fulfilled the associated requirements. This accomplishment can then be presented to the user in the form of an in-game trophy, a collectible certificate of an achievement. For example, a hacker may be awarded trophies after successfully gaining root permissions on 25 machines, while a system administer may be awarded one for eliminating security holes on a particularly vulnerable network. Players can view which trophies they have “won”, which provides positive feedback for their accomplishments. They can also view which trophies they have not yet earned, providing a stimulus to replay related scenarios and improve their mastery of the material. The constraints imposed by training analysis help focus the design and ensure training goals are met and can be
2011 Paper No. 11181 Page 10 of 11
validated. Further, the additional design requirements, (reference materials, internal metrics recording, trophies for significant milestones), while increasingly common in modern games, may have been trivialized without proper training analysis. Conclusion The design of the CyberWar Real-Time Strategy training game derives from proven game mechanics and rigorous training analysis methods. The Real Time Strategy game genre was chosen because of its close resemblance to the attacker-versus-defender scenarios of hacking and network administration. Mapping these game mechanics was challenging due to the untraditional cyber warfare domain, but also presented opportunities to improve upon the mechanics and revealed technology gaps in existing cyber tools and data visualizations. The simultaneous application of training analysis informed and focused the design requirements, revealing opportunities where the game mechanics could be improved to create a better learning environment. The resulting design produces guidelines for development and testing to build upon, working toward the production of entertaining and engaging interactive training for Cyber Warriors. ACKNOWLEDGEMENTS Funding for this project was provided by GTRI through internal research and development, I5541.M.O.E.D. REFERENCES Abt, C. (1970). Serious Games. New York, NY: The Viking Press. Aldrich, C. (2004). Simulations and the Future of Learning: An Innovative (and Perhaps Revolutionary) Approach to e-Learning. San Francisco, CA: Jon Wiley and Sons (Pfeiffer). Bergensten, J. (2008). Game-play mechanics of Realtime strategy games. Retrieved June 20, 2011, from http://www.oxeyegames.com/gameplay-mechanics-of-real-time-strategy-games/ Buro, M. (2003). Real-time strategy games: a new AI research challenge. Proceedings of the International Joint Conference on AI (pp. 1534-1535). Acapulco, Mexico. Cone, B. D., Irvine, C. E., Thompson, M. F., & Nguyen, T. D. (2007). A Video Game for Cyber Security Training and Awareness. Computers and Security, 26(1), 63-72. Csikszentmihalyi, M. (1990). Flow: The Psychology of Optimal Experience. New York, NY: Harper & Row.
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2011
Dick, W., Carey, L., & Carey, J. O. (2005). The Systematic Design of Instruction (6th ed.). Boston, MA, USA: Pearson Allyn & Bacon. DoD. (1999). MIL-HDBK-29612: Instructional Systems Development/Systems Approach to Training and Education (Part 2 of 5 Parts). Department of Defense. DoD. (2010). Army Forces Cyber Command Headquarters Standup Plan Announced (News Release No. No. 420-10). U.S. Department of Defense. Retrieved from http://www.defense.gov//releases/release.aspx ?releaseid=13549 Van Eck, R. (2006). Digital Game-Based Learning: It’s Not Just the Digital Natives Who Are Restless. EDUCAUSE Review, 41(2), 16-30. Eckman, P. (2007). Emotions Revealed: Recognizing Faces and Feelings to Improve Communication and Emotional Life (2nd ed.). New York, NY: Henry Holt and Company, LLC. Fulp, J. D. (2003). Training the cyber warrior. In C. Irvine & H. Armstrong (Eds.), Security education and critical infrastructures (pp. 261-273). Norwell, MA: Kluwer Academic Publishers. Gee, J. P. (2003). What Video Games Have to Teach Us about Learning and Literacy. New York, NY: MacMillian. Geryk, B. (2001). A history of real-time strategy games. GameSpot Presents: A History of Real-Time Strategy Games. Retrieved June 20, 2011, from http://www.gamespot.com/gamespot/features/ all/real_time/ Gibson, D., Aldrich, C., & Prensky, M. (2007). Games and simulations in online learning: research and development frameworks. Hershey, PA: Information Science Publishing. Herrnstein, R. J. (1970). On the law of effect. Journal of the Experimental Analysis of Behavior, 13(2), 243-266. ISC2, I. I. S. S. C. C. (ISC)2. (2011). Certified Information Systems Security Professional (CISSP) Education and Certification. CISSP Education & Certification. Retrieved June 10, 2011, Johnson, S. B. (2005). Everything Bad Is Good for You: How Today’s Popular Culture Is Actually Making Us Smarter. New York, NY: Riverhead. Lave, J. (1988). Cognition in practice : mind, mathematics, and culture in everyday life. Cambridge University Press.
2011 Paper No. 11181 Page 11 of 11
Lave, J., & Wenger, E. (1991). Situated learning: legitimate peripheral participation. Cambridge University Press. Lazzaro, N. (2004). Why We Play Games:Four Keys to More Emotion Without Story. Presented at the Game Developers Conference, San Jose, California, USA. Lazzaro, N. (2009). The Four Keys to Fun: Designing Emotional Engagement and Viral Distribution without Spamming Your Friends. Invited Talk presented at the The San Francisco Bay Area Chapter of ACM SIGCHI, Palo Alto, CA. Lazzaro, N. (2011). Chasing Wonder and the Future of Engagement. Presented at the Game Developers Conference, San Francisco, CA. McCrohan, K. F., Engel, K., & Harvey, J. W. (2010). Influence of Awareness and Training on Cyber Security. Journal of Internet Commerce, 9, 23-41. McMichael, W. H. (2010). DoD Cyber Command is officially online. Army Times. Retrieved from http://www.armytimes.com/news/2010/05/mil itary_cyber_command_052110/ Prensky, M. (2000). Digital Game-Based Learning. New York, NY: Magraw-Hill. Prensky, M. (2006). “Don’t bother me Mom, I’m learning!”: how computer and video games are preparing your kids for twenty-first century success and how you can help! Paragon House. Rieber, L. (1996). Seriously considering play: Designing interactive learning environments based on the blending of microworlds, simulations, and games. Educational Technology Research and Development, 44(2), 43-58. Suchman, L. A. (1987). Plans and situated actions: The problem of human-machine communication. Cambridge, United Kingdom: Cambridge University Press. Suchman, L. A. (2007). Human-machine reconfigurations: plans and situated actions. Cambridge University Press. Thorndike, E. (1932). The Fundamentals of Learning. New York, NY: Teachers College Press. Vlahos, K. (2009). Cybersecurity: DC Summit Convenes Military “Cyber Warriors.” Homeland Security Today, (November 18). Retrieved from http://www.hstoday.us/focusedtopics/cybersecurity/single-article-page/dcsummit-convenes-military-cyberwarriors.html Zyda, M. (2005). From visual simulation to virtual reality to games. IEEE Computer, 38(9), 2532.
