Technical Stream
Technical Stream
Kaspersky interactive protection simulation scenario

Abstract:

Kaspersky Industrial Protection Simulation (KIPS), a 2h-long role-playing game, establishes an understanding between decision-makers (CxO, business, IT), and changes their perception of the problem.

Teams of participants compete in running a simulated company. As the company experiences a series of attacks, they see an unexpected impact on performance, and have to adopt financial, IT or security strategies to minimize loss and maintain profits.  Every response a team makes has a knock-on effect, so participants need to analyze data and make decisions despite uncertain information and limited resources! Sound like real life? That’s the point!

Your task: The task is to develop a scenario and content for such a training course for one of the following industries:

  • Healthcare
  • Retail
  • Metallurgy

The scenario should be based on existing software engine features (details and access to the engine is provided upon request together with the relevant training). The proposals may be used for real product development.

1. Story Requirements

What is your story about? Create a story typical for the chosen industry based on how the technological process can be built and controlled by computers. Create a diagram of the production/service process based on the sample maps provided:

2. Kaspersky Interactive Protection Simulation Scenario

What are the chief lessons that the players should take away from this story?

Materials and details

Create a close-to-reality yet simplified diagram of the chosen process. Depict the basic process and its IT infrastructure. Figure out which nodes in your imagined company are especially interesting/vulnerable from the point of view of cyber security and what type of attack they may be subject to:

  1. A story: a logical and reasonable sequence of attacks, and their consequences for the system. Ideally, the attacks should be based on real incidents that have occurred in the industry.
  2. Algorithm – the ideal scenario for cyber security to prevent the incidents and/or incident response – what actions should be taken.
  3. The list of actions available for players in the form of action cards. Sample set of Action Cards.
  4. The game balance – total amount of money and time units that players will get and the cost of each action card.
  5. A working game model in xls file and/or in-game engine (the game engine will be provided).
  6. Graphics for the game in the style of KIPS
  • Game board (overlays can be used, but 3 pieces maximum). Sample Game board.
  • Action cards

2. Task Delivery Format

The format should comply with the KIPS engine requirements. To understand how the training works, please watch the related PPTx. A sample map and access to the KIPS platform with a sample scenario are provided upon request. The following materials should be provided:

  • Basic mechanics description: step-by-step attacks, game balance, ideal scenario, key messages
  • Game Board and Action cards – AI file + png/pdf preview or sketches (the idea/meaning is more important than the design J)
  • Working model in xls or game engine (access to the game engine and instructions will be provided upon request)
  • Game Rules slides – pptx file. The sample Game Rules.

Intermediate approval and support are provided by the Kaspersky Lab Team.

3. Requirements for KIPS Scenario

KIPS is a computer-assisted tabletop turn-based strategy simulator. The recommended number of turns is 5, but may be slightly more if necessary. At each turn the players get input from the system, consider their actions and input them into computer. So, the scenario should contain:

  1. Reasonable system response for each and every action of the players;
  2. State machines for all the objects on the game board;
  3. A scenario that is relatively difficult to figure out from the point of view of the player – plus a clear explanation of its logic at the stage when the scenario unveiled;
  4. A cyber safety situation that is close to the reality of a situation in the chosen industry.

Testing of the scenario will be performed at an additional competition stage after evaluating the descriptions provided and intermediate approval.

4. Evaluation criteria

The scenario will be evaluated based on the following criteria:

  1. The quality of the story: how close the story is to the real life and how typical the situations described are;
  2. Quality of teaching moments: whether or not the participants of this training course will be persuaded by the simulation and the threats described; will they get the obvious key messages from the scenario or not;
  3. Game balance – will the suggested game mechanics maintain an interest in the topics viewed within the training course.

5. Supplementary materials

  1. Example of existing game and all related materials;
  2. 2-hour Webex training with explanations;
  3. Access to the KIPS game.