10 Jan 11. Taking a fortress approach may help organizations protect sensitive and valuable cyber systems from outsiders, but those efforts do little to stop one of the most insidious threats – the one that’s already inside. Espionage and sabotage from within, by a trusted employee who’s been granted access and privileges, is pernicious and highly difficult to uncover. Who is in the best position to prevent these threats? How can they be trained to detect and pre-empt cyber espionage and sabotage before they occur?
Aptima, which applies expertise in how humans think, learn, and behave, is addressing this problem by developing RESIST-EM, “Resisting Espionage and Sabotage with an Intelligent System for Training Expert Managers.” RESIST-EM will be a “serious game” for training front line Department of Defense managers to identify and manage the insider threat. Aptima is teaming with Battelle/Pacific Northwest National Laboratory, Altadyn Corp., and Florida State University. The Air Force Research Laboratory (711 HPW/RHAM) in Mesa, Arizona is sponsoring the effort.
RESIST-EM will be a training platform that performs much like an intelligent tutor, featuring an “Accelerated Learning Architecture” that speeds the training of novices to master practitioners in the complex, hard-to-define missions encountered by today’s modern military. This system of learning tools will be combined with applied research in psychosocial factors, organizational policy, and managerial tactics to provide the technical and managerial skills to detect and manage insider threat.
RESIST-EM in Action
Delivered as a browser-based gaming system, RESIST-EM will feature a library of scenarios that immerse front-line managers in a simulated office environment, where they’ll interact with email, reports, and voicemail that contain clues to an insider threat. Trainees must analyze and assess the potential threats in their midst, and state the actions they would take, responding to a variety of factors presented in each scenario that are predictive of an insider threat.
RESIST-EM will score their performance and provide feedback on their detection, analysis, and response skills.
The Training Challenge
Protecting data is typically the responsibility of information systems managers, who rely on cyber technologies to prevent external attacks. Few decision aids or training systems address the insider threat. RESIST-EM focuses on training front line managers to recognize the human behaviors that may predict an insider attack.
“Insiders pose perhaps the most dangerous threat to information systems. They know where the valuable information lies, they have access, they often know how to cover their trails, and they are trusted by the very organization they violate,” said Jared Freeman, Ph.D., Aptima’s Chief Research Officer and the Program Manager for RESIST-EM.
“Managers may have the best vantage point from which to monitor, assess, and address these threats, but they need to be trained to observe and understand the subtle dynamics of individual behavior and the state of the environment from the telltale signals of the discontented employee, to the stressors in the company workplace that can aggravate them to act.”
The challenge in developing simulation or game-based instruction for complex, ill-defined domains that involve multiple disciplines, is how to move the trainee along an optimal learning path so they can acquire, retain, and apply their knowledge to real-world problems. RESIST-EM will guide the learning process, using computational intelligence to reach into an instructional library to offer up the most appropriate training scenarios.
RESIST-EM is being developed through a Small Business Innovative Research (SBIR) Phase II contract. Intended initially for protecting DoD information systems, the Accelerated Learning Architecture that underlies the product will be generally ap