SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium
Created January 2018
In SEI crisis simulation exercises, participants from government, military, and industry member organizations use SEI-developed scenarios that present fictitious malicious actors and environmental factors based on real-world events. Some participants focus on identifying attackers and determining the relationships among simulated events; others focus on reverse engineering a tool produced by the terrorist organization and review evidence collected by field agents.
One Engaging Scenario
In Pittsburgh in 2015 for the first Cyber Intelligence Research Consortium Crisis Simulation exercise, the following scenario confronted participants:
The world faces a new crisis: Dr. Diabolicov, reputed leader of an eco-terrorist group known as Satan's Tsunami, wants to "hit the reset button on humanity." Operating out of an undisclosed location, he has issued threatening statements through notorious websites and social networks, as well as various other channels in which he claims "humanity has lost its way" and that "it is time to press the reset button on humanity." What’s worse, he claims to have placed weaponized smallpox in key locations around the globe. "Vote to preserve humanity or end it," he demands, directing people to download a tool and cast their votes to automatically release the smallpox virus. "You have two days to decide."
The participants were charged with a modest task: "Save the world by finding the source of the threat and developing a threat assessment to put it into context for decision makers."
In the end, the participants were able to trace the terrorist activities back to a set of command-and-control servers connected directly to hardware designed to release the biological weapons. Shortly after presenting this information, the participants were treated to a "live view" of strike teams neutralizing the threat and securing the biological weapons.
Groups from across the SEI collaborated to produce the simulation. The SEI's Cyber Workforce Development team created large, simulated networks for participants to explore and authored custom malware for the threat actors to use. The SEI's Emerging Technology Center created a trove of intelligence artifacts for participants to analyze. The SEI's Network Situational Awareness team contributed a flow data analysis component. In addition, the SEI's Asset Creation, Collection, and Conversion team was able to facilitate the creation of a series of high-quality briefing videos to immerse the participants in their role as agents.
Problem Solving in Partnership
SEI experts crafted the exercise using video, live action, fictional websites, and a fully functional simulated Internet environment provided by the SEI's STEPfwd platform. The two-day event brought together participants from member organizations in the government, military, and industry sectors, including PNC and American Express.
On hand to kick off the exercise was SEI Director and CEO Paul Nielsen. "The military does a lot of exercises like this," said Nielsen. "They help you identify gaps and policy or operational issues you might have." Nielsen noted that the Cyber Intelligence Research Consortium is trying to bridge the gap between industry and government. "We want this to be the first of a series of such events involving members of the consortium," he said.
During the exercise, participants with an intelligence background focused on identifying the malicious actors and determining the relationships between events, while those with a technical background focused on reverse engineering a tool produced by the terrorist organization and reviewing evidence collected by field agents based on their findings. Two participants functioned as liaisons between the two groups and coordinated their efforts.
Learn more about the SEI's work with the Cyber Intelligence Research Consortium.
Best Practices for Cyber Intelligence: A Look at the ODNI Cyber Intelligence Study and Some Early Findings
May 20, 2018 Blog Post
Well-known asymmetries pit cyber criminals with access to cheap, easy-to-use tools against government and industry organizations that must spend more and more to keep information and assets...read
November 10, 2016 Podcast
In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium....learn more
February 19, 2015 Webcast
Sound cyber intelligence practices can help organizations prevent or mitigate major security breaches. For several years, researchers at the SEI have been examining methodologies, processes, technology, and training to help...watch