Kite's paper and model uses the above layout to standardize language so scenarios can be defined for training exercises. The example in the paper is as follows:
“Your mission is to identify your adversary’s security posture by enumerating the attack surface represented by their external network address 10.0.10.0/24. You must submit your findings by 17:00 ET today (1 hour from now). “
This is an interesting approach. I developed something simular in 2011 as recgnized the need for objective/goal based exercises to develop skill. I can borrow Kite's framework to expand upon my work to design a repeatable approach to practicing in my newly built out virtual environment.
In 2006, the US Chairman of the Joint Cheifs of Staff identified 11 core capabilities that need to be developed and perfected in order for the US to "gain and maintain information superiority." As I looked at this, I realized it was close to my DST model (minus the Surveillance and Theft aspects). The US Joint Forces doctrine defines the following skill-based categories as areas that need to be mastered in the adversarial informatics space in order to maintain cyber operations superiority:
Finally the paper provides a list of well-known simulations that i'll be exploring in the coming days. They are as follows:
Professional hacking is becoming a sport -- as I knew it always would. And with that, there's an added incentive to learn... competition and employability. IMHO, viewing hacking, and thus learning about hacking/security, as a game is the best motivation to practice and learn. Having an interest in computer security doesn't mean you're a criminal anymore. And striving to improve your skillset can be as appealing as sitting down to session in Tekken.
Future Blog/Topic: Adversarial Informatics: Exploring The Fighting Game Model