Wargames – Reducing Cyber Risk with Cyber Attack Simulations

Wargames – Reducing Cyber Risk with Cyber Attack Simulations

Wargames – Reducing Cyber Risk with Cyber Attack Simulations

By Fabio Lior Rahamim

March 4, 2021

Wargaming is a unique and effective means of testing cyber readiness – by improving an organization’s ability to effectively handle real cyber attacks using planned attack simulations and practicing how to react to different threat scenarios.

Wargames generally involve one or more of the most common attack methods including DDoS, code injection, reverse engineering, exploitation, evasion techniques, zero-day vulnerabilities, or brute force attacks. Wargame strategies relate to common cyber attack vectors such as compromised or weak credentials, malicious insiders, poor or missing encryption, misconfiguration, ransomware, phishing, and more.

The process of wargaming helps organizations understand the kinds of damage that can be caused by these types of cyber attack. Wargames facilitate better preparation for a crisis by providing greater insight into risk and offering an opportunity to practice collaborative procedures and rapid decision-making – and it can lead to changes in organizational policy that speed up mitigation processes and reduce impact.

wargaming improves decision-making and risk mitigation processes

Wargames at the State Level

Today, wargames are being conducted not just within the private sector but also at the state level. Governments are concerned about the potentially catastrophic impact of cyber warfare and want to learn how to mitigate the risks.

In the EU, for example, wargames were conducted recently that simulate cyber attack by Russia and China – and in the US, wargames have been used for several years that simulate attacks against U.S. critical infrastructure.

Wargaming allows countries to focus on exactly how their enemies might operate during a cyber attack, while also providing the opportunity to explore how different government agencies and resources interact to facilitate a successful response. State-level cyber response involves extensive collaboration not just between multiple departments in large organizations but also between various government offices.

Recent Growth of State-Sponsored Cyber Attacks

Cyber warfare has become an increasingly widespread mode of attack. As pointed out by Tamir Pardo, former Director of the Mossad and currently President of XM Cyber, in CyberProof’s Smarter SOC Virtual Summit, cyber warfare is less expensive than other types of traditional warfare – both financially, and when considering the human cost of military interventions. These advantages may be part of what’s behind its growing popularity.

Many memorable, state-sponsored cyber attacks have made the headlines in recent years. The most famous include the Russian interference in the 2016 US election and attacks by the Chinese government. There was also the attack on the Ukraine power grid in 2015, and a malicious computer worm called Stuxnet that targeted the covert Iranian nuclear program.

State-sponsored cyber attacks are becoming not just more numerous but also are growing more sophisticated, and more extensive in scope. To date, the largest state-sponsored attack by far is SolarWinds, exposed in December by cybersecurity company FireEye. SolarWinds was an incredibly extensive attack by Russian hackers that compromised the US Departments of State, Homeland Security, and Commerce, the US Treasury, and the National Institutes of Health, in addition to breaching corporate entities such as Microsoft, Credit Suisse, Ford, and Visa.

Protecting Critical Services

Earlier this month, a cyber attack that attempted to poison Florida city’s water supply provided just one more example of the kinds of threats that are on the horizon. As this kind of potential threat to essential services grows – and as state-sponsored cyber attack becomes viewed, increasingly, as a legitimate area of conflict – it is more essential than ever for countries to practice their response.

Wargames at the state level can be used to simulate situations in which services such as the national power grid, the water supply, and medical facilities are threatened. The large-scale simulations provide a setting in which governmental sources can practice how to protect their most significant networks and find the best methods of responding quickly to avoid loss of life.

Key Benefits of Wargames

So, how does it actually work? What skills are gained by wargaming? From an operational perspective, running wargames allows multiple teams that need to work together during an attack – and are usually spread out in different locations, with very different roles, responsibilities, and work processes – to sharpen their collaborative capabilities and figure things out exactly how to respond, step by step. Here are some of the types of knowledge, skills, and experiences that wargaming can provide:

  • Handling a wide variety of situations, from preventing an attack or stopping it in its initial stages to mitigating risk after a network has been penetrated through a backdoor, or after an attacking team has succeeded in taking control of the server.
  • Out-of-the-box thinking, helping team members expand their knowledge and sharpen skills and providing a more in-depth understanding of possible threats – allowing individuals to contribute more actively to the development of attack and defense tactics based on their experiences.
  • Division of work in large groups, under pressure, i.e., encouraging cooperation among individuals, teams, and groups working in different locations. Wargames bring together people who never worked together before, who have different organizational cultures, and who may bring to the table a wide range of knowledge levels.
  • Improvement of policies that have never been implemented before. Wargaming increases knowledge of the regulations and helps prepare teams for inspection and review processes. It’s an opportunity to share information and focus on making operations and defense systems more effective.
  • Better decision-making capabilities, by providing situations that demand rapid decision-making under intense pressure. In wargames, it is necessary to make clear, understandable decisions where sensitive information as well as the organization’s reputation may be in peril. In the case of state-sponsored attack simulations, the stakes may be even higher – with human safety on the line.

 

wargames sharpens the collaborative capabilities and security teams' response

Who Participates?

Wargames generally involve a Red Team, a Blue Team, and a White Team, where the Red Team represents the attackers, the Blue Team represents the defenders, and the White Team is neutral and is responsible for the infrastructure. 

Participants in a wargame may include attack and defense specialists, systems engineers, information security managers, regulatory experts, and developers with technical knowledge. 

In addition, participants in wargames generally should include legal and public relations teams – as these individuals handle key aspects of the public response during a real cyber attack.

cover

The Inner Workings of
Cyber Defenders

Real Examples of How Security Operations Teams Can Collaborate to Mitigate Key Threats

The Collaboration Essential to Cyber Response

Wargames provide opportunities for groups within an organization or across multiple organizations to create dialog and develop important personal relationships that can be crucial to success in responding to real cyber attacks. 

Different departments or offices that don’t usually interact with each other must work together intensely in a wargame. People with key responsibilities in cyber response (who have nothing to do with each other during routine security operations) get to know each other in a way that does not happen in other organizational contexts, and these relationships are a huge asset in a real attack.

Moreover, as part of a wargame, new resources can be developed that play an essential role in cyber response. A primary example is the war room. In the war room, the incident is managed and a shared system is developed for recording attack-related data in real time. Furthermore, in organizations with multiple groups at different locations around the world, a dedicated knowledge-sharing system might be set up as part of a wargaming exercise – and this is a resource that can play a key role in responding to a real cyber attack.

wargames supports collaboration in security teams

Wargames Help Optimize Your Cyber Security Spend

Any investment in cyber security is ineffective if you don’t know how to handle an attack in real time. And this requires practice. 

Wargames are an essential tool for improving cyber readiness. Simulating attack provides opportunities to optimize incident response procedures – ensuring they can be used in real attack scenarios. This type of activity is crucial not just in the private sector but at the state level, as well.

Want to learn more about how to use wargames to mitigate the risk of cyber attack? Contact us today!

 

Fabio Lior Rahamim
Written by Fabio Lior Rahamim
Lior has over ten years of experience in Information Technology, with a focus on cyber security. He is the author of an extensive blog on information security that is a source of up-to-date and comprehensive information for the Israeli security community, with over 3,000 views per month, and he is a regular contributor to Wikipedia. Lior has extensive experience in SOC management, incident response, auditing, penetration testing and cyber education.