The homeland security, defense, and justice communities require extensive and diverse forensic support that relies heavily on innovative training of analysts and agents. But physical or virtual, on the ground, from the air, or via the Internet, terrorism can target us all. Corporations and nonprofit organizations experience the same types of systems and data attacks, such as hacking to steal user and customer information, proprietary product and strategic information; DDoS (distributed denial of service) attacks that disable systems and communications; and other types of hacking and malware attacks. How common and widespread are such attacks? Just look at the 2014 Digital Attack Map to discover the sources, targets, and types of both large and unusual digital attacks involving the US and 14 other nations – and the map shows only the top 2% of those identified, and for only the date you access the page. You can click on dates along the timeline at the bottom of the webpage and scroll back through to see that, overall, attacks are increasing.
Organizations can certainly hire security consultants, install security systems, and establish security policies and protocols. But if your employees aren’t thoroughly trained and receive regular reinforcement of that training, nothing can effectively protect you.
Problem: deploying effective security measures. Solution: real-world simulation-based training.
What kind of training and reinforcement works best to enable your employees to deter, detect, and combat attacks on your sensitive data and physical premises? Immersive real-world simulations. And regular reinforcement of that training through related games (nobody wants to do “drills”) will keep the training front-of-mind.
How do we know that? Brandon Hall recently awarded Sealund and Forensic Innovation Center the Silver Award for ‘Best Advance in Simulation Technology’ category entitled: Fighting Terrorism with Simulation, and published in the Brandon Hall Group Member Center research library.
The Navy EOD (Explosive Ordnance Disposal) unit reported that this simulation-based training, especially for their foreign partners, had these measurable outcomes:
- Improved their relationship with the partners
- Improved the safety of the foreign partners; thereby, improving US safety in joint operations
- Improved evidence collection and reporting which better allows them to assess the threat.
Critical elements of simulation-based training
Realism is important, with attention to details. And the learners’ interactions with elements the environment must be likewise realistic and motivating – with immediate feedback for correct and incorrect actions.
Demonstrate the real and the ideal, and challenge them with realistic situations in which to perform tactical analysis and appropriate behavior.
These example graphics illustrate how Sealund developed mission critical Sensitive Site Exploitation (SSE) simulation training for the Combating Terrorism Technical Support Office (CTTSO) Technical Support Working Group (TSWG). Simulating real world environments tactical analysis after an incident, as in CSI or NCIS, Sealund designed and developed training in multiple 3D environments emulating learners’ use of tools to collect evidence for combating terrorism.
Brandon Hall Award Winning Simulations
Program requirements included that the courseware be efficient to deliver, administer, and maintain. It must also provide meaningful learning measurements and performance reports within a safe learning environment. For the SSE courseware, each simulation used unique 3D virtual worlds as a cost-effective method of delivering SSE eLearning via a system that measures and reports performance. The online environments provide a safe surrounding wherein military users experience SSE in time sensitive, hazardous situations while they utilize evidence collection tools, exploitation procedures, search methods, and site documentation.
The tutorial teaches learners how to interact with the environments while immersed in the 3D virtual world. Both the Tactical and Ideal SSE simulations immerse the learner in exploratory interaction with the environments, with minimal direction about types of evidence they will find there. Learners apply what they learned in Tutorial training to exploit the environment and leave within the time constraints before enemy combatants invade. Note that the learner’s use of the tool options is entirely learner-controlled. The design element of learner control is crucial for simulated environments, but it is also a key factor in effective adult learning, and especially easy to design into eLearning.
But my employees’ lives aren’t on the line, and only a few are on the Security Team
Their jobs, though, depend on the organization’s health and survival. This course created a virtual military environment, but the same issues apply for your organization’s information security. Employees—usually those administering the security system, but possibly any employee answering a phone or email from an “enemy combatant” (a technical hacker or a competitor’s industrial espionage team running a social engineering technique)—must be vigilant to formal alerts, environmental elements that appear unusual, or interactions that just don’t feel right. That awareness can be most effectively reinforced through games, and once you have the virtual environments developed for the initial training, related games can be developed and managed quite efficiently using a game engine with motivating forms of interactivities. Games can further motivate through leaderboards for inter-group or individual competition and prizes—or simply the thrill of recognition—for high scores.
And in their real work-world, real rewards for alerting supervisors and Security Team members of potential “corporate terrorist” attacks are a small cost compared to repairing the damage that such attacks cause.
For expert publications on the hazards and handling—and preferably prevention—of organizational information and physical site attacks, these books may be helpful to you, your CIO, or CRO (Chief Risk Officer):
What did you find useful in the posting? What more would you like to know? Please share your comments.