Dynamic Cyber Training with Moodle Adam Welle Dynamic Cyber Training with Moodle Moodle's open source and highly configurable platform has enabled us to create training for cyber operators with high levels of fidelity and realism. In this presentation we'll review the unique requirements for training students in cyber security. Additionally, we'll cover the customizations we've made to Moodle plugins that allow for dynamic hands-on training in virtual environments, and finally our incorporation of automated assessment. Who is the cyber workforce? What are challenges in training cyber? Three types of training: individual, small unit, and multi-team training What tools do we use at each level? What is a cyber exercise?
Copyright 2018 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. This material was prepared for the exclusive use of MoodleMoot US 2018 Conference and may not be used for any other purpose without the written consent of permission@sei.cmu.edu. Carnegie Mellon® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM18-1222 This material is based upon work funded and supported by the Department of Defense under Contract with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.
Federally Funded Research and Development Center (FFRDC) Who are we? Federally Funded Research and Development Center (FFRDC)
Training the cyber workforce College and university courses Vender training On the job training Self paced online training courses
Individual Training We have our own LMS, STEPfwd provides recorded lectures slide presentations quizzes dynamically deployed virtual machine lab environment
Team Training Large, persistent lab environment Multiple teams work with or against each other to achieve their objectives Can scale to hundreds of participants, dozens of ESXi servers, 1000s of virtual machines
What is a Cyber Exercise? White Cell Blue – friendly forces Red – opposing forces White – runs the exercise Green – runs the range Black – runs the infrastructure Uses cyber ranges – virtualization and hardware in the loop Attack and defend Blue Cell RED Cell Green Cell Black Cell
Cyber Training Challenges Realism Ensuring that virtualized systems are realistic representations of real world systems we try to develop new technologies, like wireless simulation, to bridge those gaps Creating realistic network traffic simulations so that blue team has more difficulty in finding red team our latest user simulation tool is called ghosts
Cyber Training Challenges Assessment Tracking and assessing the performance of the team members command line tools gui tools programming knowledge differentiation of user skill
Why we wanted to Use MOODLE Robust quiz engine Moodle solves many of our challenges by providing a robust quiz engine great metrics – score history for tracking performance over time regex questions are my favorite! feedback mechanisms both to student and to course designer xapi
Why we wanted to Use MOODLE Interactive videos with H5P H5P makes for more training with better user engagement xapi We are transiting some training courses to moodle and are converting old videos to H5P interactive videos
Why we wanted to Use MOODLE Virtual Programming Labs Cyber operators require programming knowledge VPL makes is possible to grade programming assignments
Virtual Programming Labs We modify the VPL activity to execute the student’s scripts and programs on the actual virtual machines inside of their lab rather than in a jail The first image shows the VPL activity where we have students enter their code The second image shows the networking used to execute the VPL grading scripts on VMs inside the student’s lab
Why we wanted to Use MOODLE xAPI and Metrics Great metrics Student history Real time logging of student performance Data collection via an LRS How long did it take a student to accomplish a task? What was the exact command required to accomplish the task?
xApi & the LRS MELLK STACK Actor - verb - object Experience API User – Action – Activity Using xapi from moodle, h5p, and custom command line logging to derive information about student performance MELLK STACK Actor - verb - object
MELLK Stack Conglomeration of technologies Moodle ElasticSearch LogsSash Learning Locker Kibana
Why we wanted to Use MOODLE Plugins OAUTH It is incredibly easy to create plugins to expand its functionality… as we will now show on the next few slides OAUTH allows us to integrate with other solutions we are building for next generation cyber range technologies
Plugins We Have Created Boost theme Course import We created two plugins so far: a boost theme to match our organization new color theme for other applications an import plugin that allows us to transfer content from old custom LMS into moodle
Future Moodle Work Integrate with new technology to: Deploy VMs from Moodle Create a new activity Use OAUTH to communicate with integrated range deployment tool
Future Moodle Work Integrate with new technology to: View VM console inside Moodle Embed the virtual machine HTML5 console in a an iframe in the moodle activity
Future Moodle Work Integrate with new technology to: Receive real-time performance metrics from VMs in a lab Automatically grade and advance student’s task Then, receive metrics like xapi from the virtual machine and have the moodle activity automatically score and advance task
Thank you!