Emerging Tech

Blog archive
Tron MIT cyber defense gaming

How a ‘Tron’ model can improve agency IT security

I used to love working in computer security. Suiting up in my glowing armor, loading up my weapons, and heading out on patrol in cyberspace, ready to do battle with all types of hackers and malware was all in a day’s work.

I know what you’re thinking, that it sounds like a fantasy based on the movie “Tron.” Real IT security involves watching streams of completely uninteresting data and reports or, more likely, listening to some user complaining about his computer acting funny.

But it doesn’t have to be like that. The folks over at Lincoln Laboratories at the Massachusetts Institute of Technology think that it’s possible to make computer security more like a video game, or more like the “Tron.” And they say that doing so would actually make security more efficient, bringing the human equation into the mix.

The researchers lay out their plans in the NewScientist. Basically, the MIT team took all that data and put it into a graphical interface, like you might find inside a shooter video game. Maps of an actual physical infrastructure were combined with network topology data and fed into a gaming engine called Unity, which rendered it all in 3D.

Then engineers were assigned to different parts of the mapped network. When suspicious activity was detected, the security personnel could warp, or simply run, over to the troubled node using either a keyboard or a video game controller. Messages can be sent to other guardians as well, in case backup is needed, or to check out nearby systems for signs of the infection.

Once the virtual/real IT folks got on the scene, the protectors of the network can use tools to eliminate the threat. Eventually, the MIT team wants to incorporate anti-hacking programs into the game interface, so that running an AV scan might be like drawing a pistol or a sword. The idea is to make sure that those tasked with defending a network stay focused.

Plus, with a staff of real IT humans on the job, hackers won’t be able to block the defenders, since they are essentially real people interacting with the virtual environment. You can’t trigger a stack overflow against a real person, after all. The system has been tested on a 5,000-node computer network, and the results were encouraging, according to the creators.

I can’t help but think that public sector agencies could benefit from using this type of system, and actual human resources, to combat computer-based threats. For one thing, their systems — from military and federal civilian to state and education — are constantly under electronic siege in one form or another.

For another, forecasters expect a shortage in the IT security workforce in the years to come. Public/private groups are always looking for ways to attract young talent into the growing list of cybersecurity programs at universities. Making the defense of a network into something of a game might just get a few people interested.

Plus, I really want to load up and gun down some malware, gangster style.

Posted by John Breeden II on Oct 12, 2012 at 9:39 AM


Reader Comments

Mon, Oct 22, 2012 Milly Bornes

I agree. I have to work late a lot, and I notice more errors cropping up as I get more tired. Sometimes it's not that I'm actually "tired" but just bored from looking at all the data all day. Putting it into the format of a game, or at least something more interesting that just data, would improve productivity and accuracy.

Wed, Oct 17, 2012 DEFENDER OF THE FREE WORLD

Yes, having graphical representations of the data will allow someone to readily identify patterns and charectoristics of data breaches and malfeasance than veiwing data. I work with spreadsheets, budgets, equipment lists all day and if you are not paying attention or tired, it is very easy to gloss over an error or mistake in figures. You would also get people more energized in the process if it were a game.

Mon, Oct 15, 2012 Ron Miller

Have you played the new Xcom: Enemy Unknown game? Now if they could get IT security to be like THAT, I would work overtime every night.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities