search menu icon-carat-right cmu-wordmark

SEI Hosts Crisis Simulation Exercise for Cyber Intelligence Research Consortium

Created January 2018

In SEI crisis simulation exercises, participants from government, military, and industry member organizations use SEI-developed scenarios that present fictitious malicious actors and environmental factors based on real-world events. Some participants focus on identifying attackers and determining the relationships among simulated events; others focus on reverse engineering a tool produced by the terrorist organization and review evidence collected by field agents.

One Engaging Scenario

In Pittsburgh in 2015 for the first Cyber Intelligence Research Consortium Crisis Simulation exercise, the following scenario confronted participants:

The world faces a new crisis: Dr. Diabolicov, reputed leader of an eco-terrorist group known as Satan's Tsunami, wants to "hit the reset button on humanity." Operating out of an undisclosed location, he has issued threatening statements through notorious websites and social networks, as well as various other channels in which he claims "humanity has lost its way" and that "it is time to press the reset button on humanity." What’s worse, he claims to have placed weaponized smallpox in key locations around the globe. "Vote to preserve humanity or end it," he demands, directing people to download a tool and cast their votes to automatically release the smallpox virus. "You have two days to decide."

The participants were charged with a modest task: "Save the world by finding the source of the threat and developing a threat assessment to put it into context for decision makers."

In the end, the participants were able to trace the terrorist activities back to a set of command-and-control servers connected directly to hardware designed to release the biological weapons. Shortly after presenting this information, the participants were treated to a "live view" of strike teams neutralizing the threat and securing the biological weapons.


Groups from across the SEI collaborated to produce the simulation. The SEI's Cyber Workforce Development team created large, simulated networks for participants to explore and authored custom malware for the threat actors to use. The SEI's Emerging Technology Center created a trove of intelligence artifacts for participants to analyze. The SEI's Network Situational Awareness team contributed a flow data analysis component. In addition, the SEI's Asset Creation, Collection, and Conversion team was able to facilitate the creation of a series of high-quality briefing videos to immerse the participants in their role as agents.

Winner of the Crisis Simulation Exercise being handed a trophy.

Problem Solving in Partnership

SEI experts crafted the exercise using video, live action, fictional websites, and a fully functional simulated Internet environment provided by the SEI's STEPfwd platform. The two-day event brought together participants from member organizations in the government, military, and industry sectors, including PNC and American Express.

On hand to kick off the exercise was SEI Director and CEO Paul Nielsen. "The military does a lot of exercises like this," said Nielsen. "They help you identify gaps and policy or operational issues you might have." Nielsen noted that the Cyber Intelligence Research Consortium is trying to bridge the gap between industry and government. "We want this to be the first of a series of such events involving members of the consortium," he said.

During the exercise, participants with an intelligence background focused on identifying the malicious actors and determining the relationships between events, while those with a technical background focused on reverse engineering a tool produced by the terrorist organization and reviewing evidence collected by field agents based on their findings. Two participants functioned as liaisons between the two groups and coordinated their efforts.

Learn more about the SEI's work with the Cyber Intelligence Research Consortium.

Learn More

CWD Tools for Improving Cyber Simulations

February 01, 2020 Collection

Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each...


Best Practices for Cyber Intelligence: A Look at the ODNI Cyber Intelligence Study and Some Early Findings

May 20, 2018 Blog Post
Jared Ettinger

Well-known asymmetries pit cyber criminals with access to cheap, easy-to-use tools against government and industry organizations that must spend more and more to keep information and assets...


Cyber Intelligence Research Consortium

February 08, 2018 Collection

This consortium brings together organizations from a variety of sectors to exchange ideas; it provides activities and workshops to learn from experts in the...


Improving Cybersecurity Through Cyber Intelligence

November 10, 2016 Podcast
Jared Ettinger

In this podcast, Jared Ettinger of the SEI's Emerging Technology Center (ETC) talks about the ETC's work in cyber intelligence as well as the Cyber Intelligence Research Consortium....

learn more

Cyber Intelligence and Critical Thinking

February 15, 2016 Blog Post
Jay McAllister

This SEI Blog post on cyber intelligence emphasizes critical thinking and presents a 3-step approach to a holistic view of cyber...


Advancing Cyber Intelligence Practices Through the SEI's Consortium

February 19, 2015 Webcast
Jay McAllister, Melissa Ludwick

Sound cyber intelligence practices can help organizations prevent or mitigate major security breaches. For several years, researchers at the SEI have been examining methodologies, processes, technology, and training to help...