Fighting Terrorism with Simulation

Posted on May 15, 2015 in Serious Games

The homeland security, defense, and justice communities require extensive and diverse forensic support that relies heavily on innovative training of analysts and agents. But physical or virtual, on the ground, from the air, or via the Internet, terrorism can target us all. Corporations and nonprofit organizations experience the same types of systems and data attacks, such as hacking to steal user and customer information, proprietary product and strategic information; DDoS (distributed denial of service) attacks that disable systems and communications; and other types of hacking and malware attacks. How common and widespread are such attacks? Just look at the 2014 Digital Attack Map to discover the sources, targets, and types of both large and unusual digital attacks involving the US and 14 other nations – and the map shows only the top 2% of those identified, and for only the date you access the page. You can click on dates along the timeline at the bottom of the webpage and scroll back through to see that, overall, attacks are increasing.

Organizations can certainly hire security consultants, install security systems, and establish security policies and protocols. But if your employees aren’t thoroughly trained and receive regular reinforcement of that training, nothing can effectively protect you.

Problem: deploying effective security measures. Solution: real-world simulation-based training.

What kind of training and reinforcement works best to enable your employees to deter, detect, and combat attacks on your sensitive data and physical premises? Immersive real-world simulations. And regular reinforcement of that training through related games (nobody wants to do “drills”) will keep the training front-of-mind.

How do we know that? Brandon Hall recently awarded Sealund and Forensic Innovation Center the Silver Award for ‘Best Advance in Simulation Technology’ category entitled: Fighting Terrorism with Simulation, and published in the Brandon Hall Group Member Center research library.

The Navy EOD (Explosive Ordnance Disposal) unit reported that this simulation-based training, especially for their foreign partners, had these measurable outcomes:

  • Improved their relationship with the partners
  • Improved the safety of the foreign partners; thereby, improving US safety in joint operations
  • Improved evidence collection and reporting which better allows them to assess the threat.

Critical elements of simulation-based training


Virtual Sensitive Site Exploitation

Realism is important, with attention to details. And the learners’ interactions with elements the environment must be likewise realistic and motivating – with immediate feedback for correct and incorrect actions.

Demonstrate the real and the ideal, and challenge them with realistic situations in which to perform tactical analysis and appropriate behavior.

These example graphics illustrate how Sealund developed mission critical Sensitive Site Exploitation (SSE) simulation training for the Combating Terrorism Technical Support Office (CTTSO) Technical Support Working Group (TSWG). Simulating real world environments tactical analysis after an incident, as in CSI or NCIS, Sealund designed and developed training in multiple 3D environments emulating learners’ use of tools to collect evidence for combating terrorism.


Brandon Hall Award Winning Simulations

Program requirements included that the courseware be efficient to deliver, administer, and maintain. It must also provide meaningful learning measurements and performance reports within a safe learning environment. For the SSE courseware, each simulation used unique 3D virtual worlds as a cost-effective method of delivering SSE eLearning via a system that measures and reports performance. The online environments provide a safe surrounding wherein military users experience SSE in time sensitive, hazardous situations while they utilize evidence collection tools, exploitation procedures, search methods, and site documentation.


Learner Control Utilizing Tools for Virtual Sensitive Site Exploitation

The tutorial teaches learners how to interact with the environments while immersed in the 3D virtual world. Both the Tactical and Ideal SSE simulations immerse the learner in exploratory interaction with the environments, with minimal direction about types of evidence they will find there. Learners apply what they learned in Tutorial training to exploit the environment and leave within the time constraints before enemy combatants invade. Note that the learner’s use of the tool options is entirely learner-controlled. The design element of learner control is crucial for simulated environments, but it is also a key factor in effective adult learning, and especially easy to design into eLearning.

But my employees’ lives aren’t on the line, and only a few are on the Security Team

Their jobs, though, depend on the organization’s health and survival. This course created a virtual military environment, but the same issues apply for your organization’s information security. Employees—usually those administering the security system, but possibly any employee answering a phone or email from an “enemy combatant” (a technical hacker or a competitor’s industrial espionage team running a social engineering technique)—must be vigilant to formal alerts, environmental elements that appear unusual, or interactions that just don’t feel right. That awareness can be most effectively reinforced through games, and once you have the virtual environments developed for the initial training, related games can be developed and managed quite efficiently using a game engine with motivating forms of interactivities. Games can further motivate through leaderboards for inter-group or individual competition and prizes—or simply the thrill of recognition—for high scores.
And in their real work-world, real rewards for alerting supervisors and Security Team members of potential “corporate terrorist” attacks are a small cost compared to repairing the damage that such attacks cause.

For expert publications on the hazards and handling—and preferably prevention—of organizational information and physical site attacks, these books may be helpful to you, your CIO, or CRO (Chief Risk Officer):

The Definitive Handbook of Business Continuity Management

Business Continuity and Disaster Recovery Planning for IT Professionals

The Grey Line: Modern Corporate Espionage & Counter Intelligence

Social Engineering: The Art of Human Hacking

Security Risk Management: Building an Information Security Risk Management Program from the Ground Up

Data-Driven Security – Analysis, Visualization and Dashboards

What did you find useful in the posting? What more would you like to know? Please share your comments.

Tags: , , ,

Role-Based IT Security Fulfills FISMA Requirement

Posted on April 20, 2015 in Serious Games

Recent IT security breaches have made international headlines. Complexity in system security simply motivates innovation in hacking and hiding techniques, which in turn stimulate increasingly complex defenses. It’s an ever-escalating cycle, but the common element on both sides is people. And the most effective training methods can enable your organization to prevent the human errors on which all hackers rely to some degree, often as the first step in a devastating technical onslaught.

One such training technique is immersive, role-based avatars in virtual world simulations, such as our Silver Award Brandon Hall Group Award: a Case Study entitled Role-Based IT Security in the Best Use of Virtual Worlds category.

The Course’s Purpose

Sealund developed this innovative, reality-based courseware for the United States Office of Personnel Management (OPM) to help achieve their mission of “recruiting, retaining and honoring a world-class force to serve the American people.” The Role-Based IT Security training fulfills the FISMA (Federal Information Security Management Act) mandated annual training requirement for specialized Role-Based IT Security training. The training addressed three specific objectives in the service of the overall goal of achieving federal agencies’ FISMA-mandated role-based security training requirement for ten of the NIST (National Institute of Standards and Technology)-defined roles. Those objectives were:

OPM IT Security

Scenario-Based IT Security eLearning

  1. Determine whether knowledge objects could be dynamically presented in an adaptive learning paradigm that customizes the learning experience for individual learners.
  2. Create a knowledge object repository that would support workforce development, job aids, best practices, frequently asked questions, initial training, refresher training, and just-in-time training that is adaptive to the unique needs of the learner.
  3. Offer mandatory NIST role-based IT security training across the federal government as a potential cost savings over each agency creating their own individual courses.

Such objectives probably sound familiar to you. Very likely, your organization also ensures these type objectives are met to while ensuring their adaptability to individual learners and several departments.

Effectiveness and Efficiency of Learning Object Design

This courseware comprised a blended training matrix addressing ten NIST-defined roles with objectives at three learner levels: beginner, intermediate, and advanced. It provided context for the learner via an NIST cross-walk link on every page so the learner could see the exact NIST requirements for that instructional content. At the intermediate and advanced levels, the course assesses the learner’s knowledge through an immersive, first-person perspective 3D virtual world where they interact with animated members of a representative team. The technical approach ensured that the training met the NIST requirements so that all three levels achieved their annual FISMA-mandated role-based security training requirement.

The Virtual World Environment

The Role-based IT Security Training immerses the learner in a 3D virtual world with numerous scenarios as the learner interacts with avatars/colleagues such as the Agency Head, Assessor, Authorizing Official, Information Owner, Information Resources Manager, Internal Auditor, Network Administrator, Program and Functional Manager, Risk Executive, and System Owner. Each IT Security role is a 3D avatar that assumes the role and personification of the job function. You can design avatars with similar titles and job functions for your organization.

OPM IT Security

Virtual Worlds Provide Real Time Training for IT Security Roles

The virtual world was created through the integration of a combination of 3D avatars and environments such as conference rooms, offices, and computer centers and a variety of 3D assets including computers, phones, bookcases, notepads, and similar equipment. The learner interacts with the virtual world from a first person perspective, completely immersing the learner in the experience while increasing overall retention.

The learner interacts in the virtual world through a variety of scenarios. The interactions through each scenario are based on the NIST-defined objectives. The beginner level contains no virtual world interactions, but learners encounter the virtual worlds during the intermediate and advanced levels.

At the intermediate level, learners in each role go through a scenario for each phase of the System Development Life Cycle (SDLC) including Initiation, Development & Acquisition, Implementation & Assessment, Operations & Maintenance, and Disposal. Each scenario includes multiple scenes and diverse interactions. Throughout the scenarios, the learner has a mentor, an avatar who introduces the scenarios and provides meaningful feedback as learners move through the virtual world scenarios. During the intermediate level, the problems posed to the learner may not have a correct or incorrect answer but serve to determine which scenario segment (learning object) the learner experiences next. Branching scenarios enable learners to see the consequences of their decisions, making the experience more memorable and effective. The timing of the feedback varies, rather than provide immediate feedback for each response, encouraging learners to reflect on their choices. An effective tactic with delayed feedback is to pose a follow-up question asking learners to justify why they have chosen a previous response. The learner might be required to determine the best of several actions or may direct the team’s conversation along the most productive path.

OPM IT Security

“C” Level Meets on IT Security

For example, during the Initiation phase learners begin in a conference room where they are meeting with six other team members. During this meeting, the learner must answer questions based on the information presented and steer the direction of the meeting by asking questions. The answers provided and the direction of the meeting changes based on the questions asked. In this example, which question the learner asks will affect the learner’s overall score because the learner is expected to think critically about the information provided by their team members. Both questions may be good, but one may be better based on the requirements. Such scenarios challenge the learner to apply previous knowledge.

During each of the five intermediate level scenarios, the learner’s score is evaluated at specific times. If the learner’s score is not high enough, the learner must take remedial training prior to moving on to the next section of the scenario. After taking the remedial training, the learner can return to the scenario and continue.

At the advanced level, the learners in each role go through a scenario for each phase of the SDLC, but at this point the learner experiences only the sections relevant to them as an advanced member of the team. Each phase of the SDLC is divided into five sections: Manage, Acquire, Design & Develop, Implement & Operate, and Review & Evaluate. Matrices for each role were developed based on the NIST objectives. These matrices described which portions of the scenarios each role would encounter.

Figure 1: Matrix for the role of Information Owner.

Information Owner Manage Acquire Design & Develop Implement & Operate Review & Evaluate
Initiation 3.1A 3.1B 3.1C 3.1E
Development/Acquisition 3.2A 3.2E
Implementation/Assessment 3.3A 3.3B 3.3D 3.3E
Operations/Maintenance 3.4A 3.4B
Disposal 3.5A

The advanced level of training consists entirely of interactions in the immersive 3-D world. The advanced level extends the kind of decision making required at the intermediate level, requiring advanced analysis skills to determine the appropriate action or decision in a given situation. The mentor guides advanced learners through these interactions and provides feedback on their decisions.

Avatar “Character” Development

OPM IT Security

Exploratory Realistic Simulations

The design and development of the diverse avatars required personification of specific roles for IT Security personnel. Significant brainstorming produced the persona for each avatar’s role as well as for those avatars with which they would interface. The roles were then enacted and recorded for each avatar’s detailed design. Avatar storyboards were created for each role that included age range, gender, ethnicity, profession, appearance, personality, demeanor, and other factors. These storyboards guided the animation of the avatars in their environments and helped direct each avatar’s audio scripts for development.

Measureable Benefits: Time and Money

How can you present such an innovative project with predictably high effectiveness, but one with seemingly high up-front planning, design, and production costs, to a business unit owner or the CFO of your organization? By emphasizing the longer-term “payback” in savings of time and money. You can put dollar signs in front of concrete savings for any business domain from learning object re-usability, the efficiency of the training itself in learner labor hours, avoidance of role-performance errors on the job, and—for IT security specifically—avoidance of security breach costs (which are unpredictable, expensive to repair and recover from, and can have long-term negative effects on the market’s and customers’ trust in the organization).

Because of the innovative matrix approach used in developing the training, if deemed appropriate under an additional development effort, you can reuse knowledge objects from those existing roles “whole” or as models for similar roles in other departments.

Such a project can become the underlying architecture for future training, development, and knowledge management efforts by employing a content-centric model versus a traditional system-centric model in developing electronic access to domain specific knowledge repositories. This dynamic approach to supporting workforce performance improvement has the potential for use across all departments of your organization. Each objective screen displays the resources recommended by your organization (or your industry’s standards or regulatory agency) for a particular cell. Each resource is linked to a resource document. Particularly for organizations in regulated industries with periodic quality and standards-adherence audits, documented links to such standards and regulations can save employee time during the audit process and considerable money in fines should proof of the required training be insufficient.

In the case of our award-winning courseware, the development and delivery costs for multiple agencies to produce their own version of the training would have been significantly more than this single set of courseware used across the federal security training infrastructure. Not only is the approach of one version of the required training significantly less expensive, but it offers a reliable, standardized approach to deliver the training.

What did you find useful in the posting? What more would you like to know? Please share your comments.


  1. Distributed with permission of Brandon Hall Group.

The Spirit of Exploratory Learning

Posted on March 9, 2015 in Serious Games

Northrop Grumman

3D Virtual Environments Ensure Engaging Training

The Virtue of “Virtual”

Just as the spirit of giving and gratitude isn’t limited to the winter holidays, the spirit of learning pervades our everyday lives. It does that every day of our lives. Everywhere we go. We humans are the learning creatures by our very nature. We are curious, we explore, we draw conclusions that inform our future actions, we course correct, we probe further. In short, all living is learning. We learn not only what we have learned but how we learned it; discovering how we learn best is part of metacognition. And the closer all intentional learning is to actual living, the more effective it is. The more joy we take in it, and the “stickier” it is within us. That’s why virtual worlds and game-based challenges work so well.

Dive In


Learn How to Swim Cautiously with the Sharks

Learning by exploration within virtual worlds and games immerses learners in realistic scenarios and lets their avatars take risks they wouldn’t take in real life – and learn from those experiences to gain the confidence they need to apply those lessons in the real world. The youth in the picture at left is having fun, sure, but he’s also leaping into a pool that approximates the sea beyond. With enough skill-building and confidence, he’ll later take the plunge into the real thing. He’ll have learned to take real precautions against real sharks, but that won’t keep him from diving in. It will just make him better at doing what he loves.

OPM IT Security

Role-Based IT Security Training

Envision the Process and Outcome

If your employees can envision the work they enjoy, with all its rewards and challenges, and learn in a virtual world how to strive for the rewards while overcoming the challenges, they and your organization will enjoy both the end-game success and the journey leading to it.

What did you find useful in the posting? What more would you like to know? Please share your comments.