Capture-the-Flag in a Box Cyber Security Exercise Capability with NAWCTSD Cooperative Research and Development Agreement

July 16, 2021 by Leslie Provenzano

Future conflicts will involve attempts to disrupt information systems that are critical for communication and assured operation of sophisticated weapons systems. Disruption is already a capability of potential adversaries and will spread to secondary threats allied with them.  Training cyber defenders to rapidly recognize and defeat network security threats is critical to future operations and warfighting campaigns.

Naval Air Warfare Center Training Systems Division (NAWCTSD) identified a need for a small footprint, yet high fidelity network defense training system for use in conducting capture-the-flag exercises at Navy and Marine Corps bases throughout the country. To achieve this Capture-the-Flag in a Box Cyber Security Exercise Capability, NAWCTSD partnered with SCALABLE Network Technologies (SCALABLE) to leverage their network digital twin development tools and capabilities through a Cooperative Research and Development Agreement (CRADA).  This innovative approach to training system prototyping enabled each party to apply their own resources and expertise to rapidly design and create a highly relevant, useful, and portable cyber defender exercise capability.

To ensure relevance to current Naval operations, NAWCTSD and SCALABLE developed a cyber defender exercise scenario that closely parallels live operations being conducted as part of the Multi-Nation Rim of the Pacific (RIMPAC) 2020 Exercise. Platforms and networks being used for RIMPAC 2020 command, control, and targeting events, including a SINKEX, are emulated in the NAWCTSD Next Generation Threat System (NGTS) and SCALABLE’s Network Defense Trainer (NDT), interfaced using the Department of Navy Modeling and Simulation (DON M&S) Architecture Management Integration Environment (AMIE).  Using this high fidelity representation of real-world RIMPAC 2020 platforms and networks, Capture-the-Flag in Box Cyber Security Exercise participants can identify cyber attacks based on communication performance and packet content, identify nodes/networks that cannot be trusted and identify sensors providing faulty targeting information.  Apprentice, journeyman, and master cyber defense analyst standards are evaluated as follows:


  • A003 Basic knowledge of packet-level analysis.
  • A009 Knowledge of network security architecture concepts including topology, protocols, components, and principles.
  • A016 Skill in diagnosing connectivity problems.
  • A028 Knowledge of the use of common network tools and how to interpret the information results.


  • J008 Knowledge of basic wireless applications, including vulnerabilities in various types of wireless applications.
  • J017 Skill in analyzing essential network data (e.g., router configuration files, routing protocols).
  • J032 Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark) in order to identify specific information within network packets indicating anomalous or malicious behavior within network traffic flows.


  • M004 Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi]. paging, cellular, satellite dishes), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.
  • M024 Skill in using packet crafting tools and packet-level analysis tools to craft, record, and replay network traffic flows.

Using this Capture-the-Flag in a Box Cyber Security Exercise capability, NAWCTSD can quickly schedule, set up, and execute cyber defender training at any desired location. Trainees can interact with high fidelity emulations of operational networks, responding to cyber activities in the network digital twin without risking negative effects on live network components or propagation of misinformation during live events. The ability to conduct high fidelity cyber defender training anywhere greatly increases its availability and provides significant time and travel savings as compared to conducting similar training only at fixed cyber ranges.

With the return to great power competition, there is an urgent need for cyber training to incorporate real-world cyber, communications, and networking effects to ensure operating concepts and plans will be effective against near-peer adversaries. The complexity of a multi-domain, combined cyber and kinetic battlefield requires incorporation of high fidelity, physics-based network digital twins into future training environments to counter potential impacts resulting from degraded network operations and/or cyber vulnerabilities on overall mission outcomes.  The Capture-the-Flag in a Box Cyber Security Exercise capability developed by this project is being incorporated into future NAWCTSD training events to address this need in an easy-to-use, flexible, portable and cost-effective manner.

Join us on July 23rd for the first look at SCALABLE Network Technologies’ small footprint, high-fidelity “Capture-the-Flag-in-a-Box” network defense training system built on a CRADA with Naval Air Warfare Center Training Systems Division (NAWCTSD). Register here: