Software Engineering Institute

As cybersecurity becomes increasingly important, leaders must meet the challenge of providing optimal training and exercises in a growing number of scenarios. Security operators need to train as they fight. Over the past decade, the CERT Division of Carnegie Mellon University's Software Engineering Institute conducted hundreds of successful, high-fidelity, team-based cyber range exercise events. This presentation covers the research and technology behind the GHOSTS framework for thinking about and implementing realism in a simulation, training, or exercise event. GHOSTS is a non-player character (NPC) orchestration generator that creates a wide range of realistic characters who produce network traffic that appear authentic. This tool helps cybersecurity experts to test their skills by training in a realistic environment. We'll describe our research into building realism into each aspect of the event and the challenges involved in creating high-fidelity and authentic data. Finally, we'll outline the resulting data and the opportunities we see for using it to improve real-world operations.