USA flag logo/image

An Official Website of the United States Government

Micro Games for Cyber Threat Awareness

Award Information

Agency:
Department of Defense
Branch:
N/A
Award ID:
92756
Program Year/Program:
2010 / SBIR
Agency Tracking Number:
F083-032-2203
Solicitation Year:
2008
Solicitation Topic Code:
AF083-032
Solicitation Number:
2008.3
Small Business Information
Wombat Security Technologies
4620 Henry Street, Third Floor Pittsburgh, PA -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2010
Title: Micro Games for Cyber Threat Awareness
Agency: DOD
Contract: FA8650-10-C-6128
Award Amount: $745,536.00
 

Abstract:

The goal of this SBIR Phase II proposal is to develop a web-based platform that (1) hosts a collection of micro games for cybersecurity awareness and training; (2) simplifies the development of micro games by maximizing re-use of functionality; (3) helps administrators manage and deploy micro games; and (4) helps analysts assess readiness through a suite of tools for analytics. In Phase I, we explored this design space, developing the requirements for this platform as well as several interface prototypes. We also developed an interactive prototype of a new micro game named Anti-Phishing Phyllis. For Phase II, we will refine Anti-Phishing Phyllis and prepare it for commercial use. We will also develop a robust version of the platform for micro games. Our team is comprised of three computer science faculty from Carnegie Mellon University who co-founded Wombat Security Technologies to commercialize their research in anti-phishing. Part of this research was in developing fun and effective training to protect people from phishing scams, the most successful of which has been a game played over 100,000 people with scientific results demonstrating its effectiveness. As of this writing, the game has been licensed for use by several hundred thousand users. BENEFIT: Organizations often do not have the time to choose between a variety of training options, or deal with the integration and deployment overhead associated with individual training modules. A training platform that facilitates the development and deployment of compelling training games reduces this hassle for organizations, thereby making cyber security training more cost effective. In addition, our work will offer five additional benefits. First, it will make it easier for end-users to educate themselves through a variety of games for security training and assess how they are doing. Second, it will make it simpler for developers to deploy security training games, by providing support for common features. Third, our platform will provide a single centralized location for administrators, rather than having to manage and configure each game individually. Fourth, our platform will make it easier for analysts to assess how an organization is doing with regards to security training and retention. Fifth, our platform, coupled with a large set of games for security training, will lead to better and more effective security training for individuals, thus leading to better overall preparedness for an organization. Our existing anti-phishing game is in use across a broad variety of organizations, including those in finance (e.g. Depository Trust and Clearing Corporation, TD Ameritrade, Banca Popolare di Sondrio), government (e.g. US Department of State, US Department of Energy, BBB, Florida Department of Transportation), schools (e.g. Carnegie Mellon University, University of Buffalo, Dalhousie University), health care (e.g. Children Hospital Los Angeles), ISPs (e.g. Portugal Telecom), and others (e.g. Booz Allen Hamilton, Transplace, CERT Japan). However, the cost of developing a single game remains high, and the cost of deploying individual games may deter organizations from acquiring a comprehensive suite of cyber security awareness and training solutions. Through the new platform we propose to develop and validate under the proposed SBIR grant, we expect to significantly reduce the development and deployment costs and time associated with the introduction of new games. With cyber security threats continuing to evolve quite rapidly, this is critical if one is to ensure that training material remains current and accessible to a broad range of organizations rather to the select few who can afford the necessary investments today.

Principal Investigator:

Jason Hong
CTO
(412) 266-6253
jasonh@wombatsecurity.com

Business Contact:

Norman Sadeh
CEO
(412) 268-8144
sadeh@wombatsecurity.com
Small Business Information at Submission:

Wombat Security Technologies
1000 Heberton St Pittsburgh, PA -

EIN/Tax ID: 262870433
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No