The digitization of military missions and the networking of critical infrastructures lead to threat situations in cyberspace. Situation reports document that both the number and complexity of attacks on information networks are increasing, along with the pivotal role of the human factor. We propose a serious game to raise awareness of cybersecurity in critical infrastructure and military missions. The serious game “Count2zero” is an escape game; as an escape game, it is particularly immersive and combines puzzles, teamwork, and time pressure. This article presents the serious escape game Count2zero, its design process, and selected challenges of the escape game. The escape room is located in an air-raid bunker and replicates a realistic cyber-physical environment in which IT infrastructure, IoT components, and networked end devices are combined. The article describes the background and related work, the didactic and technical concepts of Count2zero, and five exemplary modules, which are called a PC with login data, NFC interactions, a laptop with an HID attack mouse, a bedroom scenario with an emergency email, and a locker with adhesive tape, and discusses them with regard to security-relevant behavior. Finally, initial evaluation results are presented, and implications for research and practice of security awareness programs are derived.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Count2zero, a Serious Escape Room Challenge for Cybersecurity Training

  • Markus Rebhan,
  • Jens Holtmannspötter,
  • Ulrike Lechner

摘要

The digitization of military missions and the networking of critical infrastructures lead to threat situations in cyberspace. Situation reports document that both the number and complexity of attacks on information networks are increasing, along with the pivotal role of the human factor. We propose a serious game to raise awareness of cybersecurity in critical infrastructure and military missions. The serious game “Count2zero” is an escape game; as an escape game, it is particularly immersive and combines puzzles, teamwork, and time pressure. This article presents the serious escape game Count2zero, its design process, and selected challenges of the escape game. The escape room is located in an air-raid bunker and replicates a realistic cyber-physical environment in which IT infrastructure, IoT components, and networked end devices are combined. The article describes the background and related work, the didactic and technical concepts of Count2zero, and five exemplary modules, which are called a PC with login data, NFC interactions, a laptop with an HID attack mouse, a bedroom scenario with an emergency email, and a locker with adhesive tape, and discusses them with regard to security-relevant behavior. Finally, initial evaluation results are presented, and implications for research and practice of security awareness programs are derived.