Dstl deals out lessons in cyber security
Defence Science and Technology Laboratory wins an award for a card game that teaches players about cyber threats
A card game that teaches cyber security developed by a team within the Defence Science and Technology Laboratory (Dstl) has won an Institute of Engineering and Technology award.
The Cyber Red Team Training Game was chosen as the winner in the cyber security category earlier this month, where Comedian Sally Phillips presented the team with their award.
The game was developed as a personal innovation project and exploits gamification science via a card-based approach. It uses the insight of national and international defence partners and requires no IT to run. This makes it particularly accessible as participants do not need to have technical knowledge.
The trainees are asked to work together as a team to attack a fictional organisation by using and obtaining access, and gaining hidden information and other resources, and in doing so they gain a deeper understanding of how to protect an organisation from a cyber-attack.
It takes about two hours to complete the game, after which its approach should provide in-depth training suitable for both employees and senior managers. There's no security classification associated as the game as it only uses open source and abstracted attack techniques.
"We were up against commercial companies so this award demonstrates how Dstl's work is competitive in this field," said the lead scientist at Dstl. "The card game was a result of many months of hard work by the team.
"It increases education and awareness of the fundamentals of cyber-security. This area is of growing importance and we must be ahead of the curve when it comes to looking at the risks for defence and for wider security."
According to Dstl, around 80% of cyber breaches can be accounted for by a lack of implementation of cyber fundamentals, like being able to avoid basic phishing attacks.
The Cyber Card Game is advertised for licence at no cost through Dstl's Easy Access IP scheme and is just waiting for you to deal in.