Crucible and GHOSTS: Enabling Realistic Cyber Simulations
To empower developers of cyber simulations, the SEI offers some useful tools: Crucible for creating simulated virtual environments and GHOSTS for creating non-player characters (NPCs) within these environments.
Cyber simulations today are frequently developed manually with proprietary systems. Manual methods are time intensive and can introduce human error. Proprietary software creates a dependency on a single vendor, which can result in vendor lock-in and higher costs. In response, the SEI’s open source Crucible cyber simulation framework uses open standards and modular application program interfaces (APIs) to deliver low-cost, dynamic virtual environments that maximize interoperability and scalability. Virtual environments in Crucible are deployed using an infrastructure-as-code approach, which enables reuse and iteration. Crucible simulates environments for training labs, team-based exercises, operational tests, and rehearsals. It automates the workflow for creating, deploying, facilitating, and assessing simulations. Developers can reuse existing templates for topologies, scenarios, assessments, and user interfaces.
In cyber simulations, human participants are called players, while non-human participants are called non-player characters (NPCs). In these simulations, players and NPCs interact in realistic contexts and situations. GHOSTS automates and orchestrates NPCs, whose activities produce realistic network traffic. NPCs can range from friendly to hostile. GHOSTS employs machine-learning algorithms to combine NPC personas, preferences, and events to influence NPC decisions. The behaviors of GHOSTS NPCs are hard to distinguish from the behaviors of humans and thus defenders struggle to filter out NPC traffic.
Cybersecurity content developers can use Crucible and GHOSTS with their existing tools to create realistic simulations, reduce knowledge gaps within their organizations, evaluate cyber-mission readiness, and cultivate expert cyber teams.