Aug. 14, 2012
-- At the recent "Black Hat" cybersecurity conference in Las Vegas, USA, the new cybersecurity card game "Control-Alt-
Hack" was publicised for the first time. The card game seeks to increase players' computer security awareness in the context of an entertaining game.
The game, which has yet to go on public sale, allows each player to take on the role of a "white hat" (or ethical) hacker, employed by a computer security consultancy. The players must complete "missions" of various kinds, related to security testing for clients. The missions are helped or hindered by various events that occur when other cards are drawn by the player. Many of these events relate to security threats, while others involve the player's in-game hacking skills or accumulated game money. Each game lasts for about an hour.
The motivation for the creators of "Control-Alt-
Hack" was to design the game so that it would provide enjoyable gameplay rather than an obviously "educational"
experience: in fact, they were at pains to incorporate humour into the game wherever possible. They aim to see the game used in various kinds of educational setting: a corporate training session for employees, a university tutorial for computer science students, or even secondary school pupils with an interest in computing.
Briony Williams, a security consultant at information security firm commissum (see http://www.commissum.com
), commented: "This is an encouraging development in 'out-of-the-
box' thinking, as regards cybersecurity awareness raising and education. Too often, a corporate security training and awareness session can leave little mark on those who have attended it. But using the enjoyable context of a game changes the dynamics of the situation, and makes it far more likely that the security message will get through people's mental defences."
A secondary goal of the game is to encourage positive perceptions of information security as a possible career option, on the part of people who might not otherwise have given it serious consideration. This includes an attempt to shift the perceptions of the public by presenting positive images of ethical hackers, far removed from the stereotype of the sun-hating adolescent male.
Briony Williams of commissum (http://www.commissum.com/en/security-testing/
) additionally commented: "Not enough suitable people are currently entering the information security profession. In fact, this was the message stressed by Mark Weatherford of the US Department of Homeland Security, at the recent Black Hat cybersecurity conference, when he told the delegates: 'We have a problem. There are not enough smart people in the public or private sector to help us defend our country'. So it is all the more encouraging to see a resource like Control-Alt-
Hack, which may well encourage more people to enter the profession. A game can engage the emotions and the imagination in a way that no amount of corporate training can manage, and will appeal to exactly the kind of creative and radical thinker that the profession needs. It will be very interesting to watch the progress of this game when it goes on sale later this year."