SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium
July 24, 2015 • Article
On hand to kick off the exercise was SEI Director and CEO Paul Nielsen. “The military does a lot of exercises like this,” said Nielsen. “They help you identify gaps and policy or operational issues you might have.” Nielsen noted that the Cyber Intelligence Research Consortium is trying to bridge the gap between industry and government. “We want this to be the first of a series of such events involving members of the consortium,” he said.
During the exercise, participants with an intelligence background focused on identifying the malicious actors and determining the relationships between events, while those with a technical background focused on reverse engineering a tool produced by the terrorist organization and reviewing evidence collected by field agents based on their findings. Two participants functioned as liaisons between the two groups and coordinated their efforts.
In the end, the participants were able to trace the terrorist activities back to a set of command and control servers connected directly to hardware designed to release the biological weapon. Shortly after presenting this information, the participants were treated to a “live view” of strike teams neutralizing the threat and securing the biological weapons.
“All of the participants remained engaged throughout the exercise,” said the CERT Division’s Rotem Guttman, who develops immersive training scenarios for cyber personnel as part of the Cyber-Heroes program. “They kept working, even through their lunch breaks. In hindsight, this shouldn't be surprising. After all, the safety of the world was at stake!”
Groups from across the SEI collaborated to produce the simulation. The SEI CERT Division’s Cyber Workforce Development team created large, simulated networks for participants to explore and authored custom malware for use by the threat actors. The SEI’s Emerging Technology Center created a trove of intelligence artifacts for participants to analyze. The CERT Division’s Network Situational Awareness team contributed a flow data analysis component. In addition, the SEI’s Asset Creation, Collection, and Conversion team was able to facilitate the creation of a series of high-quality briefing videos to immerse the participants in their role as agents.
“The event was a great success,” said the SEI’s Jay McAllister, ETC senior analyst and technical lead of the Cyber Intelligence Research Consortium. “It’s a testament to what the SEI can accomplish when folks with different backgrounds cast aside department identifiers and come together to build something that showcases the awesome power of the SEI at large.”
To learn more about the Cyber Intelligence Research Consortium, please visit http://sei.cmu.edu/about/organization/etc/overview.cfm.
STEPfwd is a virtual training environment that offers a rich library of cybersecurity and information assurance training. To learn more about STEPfwd, please visit https://stepfwd.cert.org/.