CyberSTEPS

CyberSTEPS

Research:

Staying secure by keeping one step ahead

Keeping current with cyber security guidelines is like hitting a moving target – it’s constantly changing. There is a whole community of individuals researching and publishing findings, but making it possible for IT professionals to find, digest, and apply the latest, best practices is daunting. CyberSTEPS is a solution that captures the most up-to-date information and delivers it in a training platform so cyber system designers can practice and demonstrate proficiency before applying the information on the job.

Cyber Security: Integrated training and performance support

Project Details

Proposal Title:
CyberSTEPS: Cyber Skills Training with Electronic Performance Support
Agency:
United States Air Force
Contract Number:
FA8650-16-M-6751
Start Date:
2016

There are many challenges in creating Air Force systems that are resilient against cyber threats. The cyber environment and its threats are highly dynamic, requiring practices and training to be dynamic as well. CyberSTEPS helps Air Force software engineers and architects leverage evolving best practices when designing or modifying systems.

How we did it

CyberSTEPS is a sophisticated training system integrated with an electronic performance support system (EPSS), which is a continuously-maintained body of knowledge capturing the most up-to-date techniques gathered by the cyber defense community. It included three additional areas of development: (1) a taxonomy of cyber resiliency domain knowledge, processes, and roles to facilitate content organization; (2) an EPSS and governance model to support cyber system designers; and (3) a competency-based learning experience that focuses on solving authentic problems in simulated practice environments.

We designed CyberSTEPS to help the Air Force promote organizational learning agility—an organization’s ability to adapt its capabilities quickly to meet the challenges of an ever-changing environment. When combined, the EPSS and complex skills training components create an agile learning system that ensures the organization has a consistent, shared mental model of cyber resiliency. This includes the ability to support and train on specific roles, and the ability to learn, share, and apply new information as it evolves. It includes a dynamic knowledge base, so that training in the rapidly evolving field doesn’t become outdated. The resulting system has applicability not only to the cyber resiliency domain, but can be applied to any organization that requires training complex skills with a rapidly changing body of knowledge.