The challenges of designing cyber simulations

In recent years a number of government organizations have funded projects to create cyber conflict simulations. In addition, private organizations, sometimes funded by venture capital, have created cyber games as a test bed for cyber warfare theories and as a cyber awareness training tool for users. Some of the simulators and games are now migrating to the mobile platforms with new applications for smart phone and tablets.

Game platforms provide a manageable environment in which cybersecurity researchers can safely experiment and gain significant insight into cause-effect relationships within the complex cyber security domain. The challenge is to create a realistic representation of a real world environment. For example, one study found that more than 90 percent of computers were missing one or more critical patches. The game and simulation environment would have to reflect that. Equally as challenging is the creative aspect of cyberattacks such as carefully crafting a spear-phishing e-mail for a targeted user that convinces them to disregard their security awareness training and click on the well disguised malicious link in the message.

These games and simulations are not without controversy. The recent outbreak of shootings that seem to be in the news headlines weekly, have some questioning if violent shooting games desensitize the players to these acts of violence. Now, some are asking the same questions about games for cybersecurity awareness training. Does the use of games for cybersecurity awareness training diminish the importance of the subject? That is a question that is sure to become a research initiative as the rate of computer security breaches continue and end users remain the primary component that enables these attacks.