Count2zero, a Serious Escape Room Challenge for Cybersecurity Training
摘要
The digitization of military missions and the networking of critical infrastructures lead to threat situations in cyberspace. Situation reports document that both the number and complexity of attacks on information networks are increasing, along with the pivotal role of the human factor. We propose a serious game to raise awareness of cybersecurity in critical infrastructure and military missions. The serious game “Count2zero” is an escape game; as an escape game, it is particularly immersive and combines puzzles, teamwork, and time pressure. This article presents the serious escape game Count2zero, its design process, and selected challenges of the escape game. The escape room is located in an air-raid bunker and replicates a realistic cyber-physical environment in which IT infrastructure, IoT components, and networked end devices are combined. The article describes the background and related work, the didactic and technical concepts of Count2zero, and five exemplary modules, which are called a PC with login data, NFC interactions, a laptop with an HID attack mouse, a bedroom scenario with an emergency email, and a locker with adhesive tape, and discusses them with regard to security-relevant behavior. Finally, initial evaluation results are presented, and implications for research and practice of security awareness programs are derived.