“Shall we play a game?” – Improving ICS Cybersecurity with Immersive Gamification & Simulation

March 6, 2019 2:00 PM

"The concept of applying game-like features such as points and awards to training and education isn’t new. Even educational video games have been round since the 1970s. However, “gamification” is coming back around as all the new rage in the training industry. But very little has changed since the ‘70s. Most gamification solutions today remain little more than a glorified learning management system (LMS), adding points, a fancy interface, a bit of competition, and rewards to the same old question and answer format. If you’re lucky, it might be disguised as Jeopardy or Trivial Pursuit. With the power of today’s multimedia and video game technology, it’s time to bring education into the modern world with IMMERSIVE gamification. Cybersecurity is an ideal subject for implementing immersive gamification due to the natural adversarial nature of the environment. What better way to learn cybersecurity than immersing students in the curriculum by recreating a decades old competition between “good guys” vs. “bad guys”, red vs. blue, hackers vs. defenders? This method is already proving to be effective through competition style events such as “capture the flag” (or CTF) and SANS’ Netwars. But the effectiveness of immersive gamification isn’t limited to events and competitions. Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. This presentation explores not only the concepts of gamification but also the scientific and psychological factors as to why it can be such a successful training medium. Finally, we discuss how you can deploy and use gamification to significantly enhance your cybersecurity awareness training program, advanced cybersecurity skills training, enhance staff knowledge retention, and build a significantly stronger cybersecurity base through more effective training."

Speaker Information

Panelist Information

Clint Bodungen

Threat Gen

Clint is a recognized industrial cybersecurity expert, public speaker, and lead author of the book “Hacking Exposed: Industrial Control Systems”. He is a United States Air Force veteran, has been an INFOSEC (now called “cybersecurity”) professional for more than 20 years, and is an active part of the cybersecurity community, especially in ICS. Focusing exclusively on ICS cybersecurity since 2003, he has provided his services to many of the world’s largest energy organizations in the Oil & Gas and Electric Utility industries, and has worked for well-known cybersecurity products companies Symantec, Kaspersky Lab, and Industrial Defender. He has published dozens of technical papers and training courses on ICS cybersecurity including vulnerability assessment, penetration testing, threat research, and risk quantification and management. In what spare time he manages to find, he produces cybersecurity documentaries and develops cybersecurity apps and games. He hopes to revolutionize our approach to cybersecurity and help usher in the next generation of ICS cybersecurity professionals, by merging advances in computer gaming technology with industrial cybersecurity.