From a36f2b1aa9e39b43f9b07d02ba1185b1098c6662 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 28 Dec 2025 18:20:53 +0000
Subject: [PATCH] Add Mission 4 metadata file (mission.json)

Mission display information and CyBOK mappings:
- Display name: Critical Failure
- Difficulty: 2 (Intermediate)
- SecGen scenario: vulnerability_analysis
- 6 CyBOK knowledge areas mapped
- Focus: SCADA/ICS security, infrastructure protection, combat

CyBOK areas: NS, SS, IS, AB, HF, IR
---
 scenarios/m04_critical_failure/mission.json | 39 +++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 scenarios/m04_critical_failure/mission.json

diff --git a/scenarios/m04_critical_failure/mission.json b/scenarios/m04_critical_failure/mission.json
new file mode 100644
index 0000000..ea54552
--- /dev/null
+++ b/scenarios/m04_critical_failure/mission.json
@@ -0,0 +1,39 @@
+{
+  "display_name": "Critical Failure",
+  "description": "Infiltrate Pacific Northwest Regional Water Treatment Facility to stop ENTROPY's Critical Mass cell from weaponizing chlorine dosing systems. With 240,000 residents at risk, investigate SCADA network compromise, engage hostile operatives, and prevent infrastructure attack before 0800 trigger time. First mission featuring combat encounters.",
+  "difficulty_level": 2,
+  "secgen_scenario": "vulnerability_analysis",
+  "collection": "season_1",
+  "cybok": [
+    {
+      "ka": "NS",
+      "topic": "Network Security",
+      "keywords": ["SCADA networks", "ICS security", "Network scanning (Nmap)", "Service enumeration", "FTP analysis", "HTTP analysis", "Network topology"]
+    },
+    {
+      "ka": "SS",
+      "topic": "Systems Security",
+      "keywords": ["Vulnerability exploitation", "distcc CVE-2004-2687", "Privilege escalation", "sudo Baron CVE-2021-3156", "Linux security", "Remote code execution"]
+    },
+    {
+      "ka": "IS",
+      "topic": "Infrastructure Security",
+      "keywords": ["SCADA/ICS protection", "Critical infrastructure", "Water treatment systems", "Industrial control systems", "Physical security integration"]
+    },
+    {
+      "ka": "AB",
+      "topic": "Adversarial Behaviours",
+      "keywords": ["Infrastructure attacks", "Multi-cell coordination", "APT tactics", "Physical + cyber attacks", "Insider threats", "Cover identities"]
+    },
+    {
+      "ka": "HF",
+      "topic": "Human Factors",
+      "keywords": ["Social engineering", "Cover identity maintenance", "Crisis decision-making", "Tactical choices", "Public disclosure ethics", "Operational security"]
+    },
+    {
+      "ka": "IR",
+      "topic": "Incident Response",
+      "keywords": ["Infrastructure incident response", "Attack mechanism analysis", "Multi-vector attack mitigation", "Crisis intervention", "Evidence collection"]
+    }
+  ]
+}