Emerging Tech

Blog archive
Tron MIT cyber defense gaming

How a ‘Tron’ model can improve agency IT security

I used to love working in computer security. Suiting up in my glowing armor, loading up my weapons, and heading out on patrol in cyberspace, ready to do battle with all types of hackers and malware was all in a day’s work.

I know what you’re thinking, that it sounds like a fantasy based on the movie “Tron.” Real IT security involves watching streams of completely uninteresting data and reports or, more likely, listening to some user complaining about his computer acting funny.

But it doesn’t have to be like that. The folks over at Lincoln Laboratories at the Massachusetts Institute of Technology think that it’s possible to make computer security more like a video game, or more like the “Tron.” And they say that doing so would actually make security more efficient, bringing the human equation into the mix.

The researchers lay out their plans in the NewScientist. Basically, the MIT team took all that data and put it into a graphical interface, like you might find inside a shooter video game. Maps of an actual physical infrastructure were combined with network topology data and fed into a gaming engine called Unity, which rendered it all in 3D.

Then engineers were assigned to different parts of the mapped network. When suspicious activity was detected, the security personnel could warp, or simply run, over to the troubled node using either a keyboard or a video game controller. Messages can be sent to other guardians as well, in case backup is needed, or to check out nearby systems for signs of the infection.

Once the virtual/real IT folks got on the scene, the protectors of the network can use tools to eliminate the threat. Eventually, the MIT team wants to incorporate anti-hacking programs into the game interface, so that running an AV scan might be like drawing a pistol or a sword. The idea is to make sure that those tasked with defending a network stay focused.

Plus, with a staff of real IT humans on the job, hackers won’t be able to block the defenders, since they are essentially real people interacting with the virtual environment. You can’t trigger a stack overflow against a real person, after all. The system has been tested on a 5,000-node computer network, and the results were encouraging, according to the creators.

I can’t help but think that public sector agencies could benefit from using this type of system, and actual human resources, to combat computer-based threats. For one thing, their systems — from military and federal civilian to state and education — are constantly under electronic siege in one form or another.

For another, forecasters expect a shortage in the IT security workforce in the years to come. Public/private groups are always looking for ways to attract young talent into the growing list of cybersecurity programs at universities. Making the defense of a network into something of a game might just get a few people interested.

Plus, I really want to load up and gun down some malware, gangster style.

Posted by John Breeden II on Oct 12, 2012 at 9:39 AM


Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.