Wargaming is a unique and effective means of testing cyber readiness – by improving an organization’s ability to effectively handle real cyber attacks using planned attack simulations and practicing how to react to different threat scenarios.
Wargames generally involve one or more of the most common attack methods including DDoS, code injection, reverse engineering, exploitation, evasion techniques, zero-day vulnerabilities, or brute force attacks. Wargame strategies relate to common cyber attack vectors such as compromised or weak credentials, malicious insiders, poor or missing encryption, misconfiguration, ransomware, phishing, and more.
The process of wargaming helps organizations understand the kinds of damage that can be caused by these types of cyber attack. Wargames facilitate better preparation for a crisis by providing greater insight into risk and offering an opportunity to practice collaborative procedures and rapid decision-making – and it can lead to changes in organizational policy that speed up mitigation processes and reduce impact.
Wargames at the State Level
Today, wargames are being conducted not just within the private sector but also at the state level. Governments are concerned about the potentially catastrophic impact of cyber warfare and want to learn how to mitigate the risks.
In the EU, for example, wargames were conducted recently that simulate cyber attack by Russia and China – and in the US, wargames have been used for several years that simulate attacks against U.S. critical infrastructure.
Wargaming allows countries to focus on exactly how their enemies might operate during a cyber attack, while also providing the opportunity to explore how different government agencies and resources interact to facilitate a successful response. State-level cyber response involves extensive collaboration not just between multiple departments in large organizations but also between various government offices.
Recent Growth of State-Sponsored Cyber Attacks
Cyber warfare has become an increasingly widespread mode of attack. As pointed out by Tamir Pardo, former Director of the Mossad and currently President of XM Cyber, in CyberProof’s Smarter SOC Virtual Summit, cyber warfare is less expensive than other types of traditional warfare – both financially, and when considering the human cost of military interventions. These advantages may be part of what’s behind its growing popularity.
Many memorable, state-sponsored cyber attacks have made the headlines in recent years. The most famous include the Russian interference in the 2016 US election and attacks by the Chinese government. There was also the attack on the Ukraine power grid in 2015, and a malicious computer worm called Stuxnet that targeted the covert Iranian nuclear program.
State-sponsored cyber attacks are becoming not just more numerous but also are growing more sophisticated, and more extensive in scope. To date, the largest state-sponsored attack by far is SolarWinds, exposed in December by cybersecurity company FireEye. SolarWinds was an incredibly extensive attack by Russian hackers that compromised the US Departments of State, Homeland Security, and Commerce, the US Treasury, and the National Institutes of Health, in addition to breaching corporate entities such as Microsoft, Credit Suisse, Ford, and Visa.
Protecting Critical Services
Earlier this month, a cyber attack that attempted to poison Florida city’s water supply provided just one more example of the kinds of threats that are on the horizon. As this kind of potential threat to essential services grows – and as state-sponsored cyber attack becomes viewed, increasingly, as a legitimate area of conflict – it is more essential than ever for countries to practice their response.
Wargames at the state level can be used to simulate situations in which services such as the national power grid, the water supply, and medical facilities are threatened. The large-scale simulations provide a setting in which governmental sources can practice how to protect their most significant networks and find the best methods of responding quickly to avoid loss of life.
Key Benefits of Wargames
So, how does it actually work? What skills are gained by wargaming? From an operational perspective, running wargames allows multiple teams that need to work together during an attack – and are usually spread out in different locations, with very different roles, responsibilities, and work processes – to sharpen their collaborative capabilities and figure things out exactly how to respond, step by step. Here are some of the types of knowledge, skills, and experiences that wargaming can provide:
- Handling a wide variety of situations, from preventing an attack or stopping it in its initial stages to mitigating risk after a network has been penetrated through a backdoor, or after an attacking team has succeeded in taking control of the server.
- Out-of-the-box thinking, helping team members expand their knowledge and sharpen skills and providing a more in-depth understanding of possible threats – allowing individuals to contribute more actively to the development of attack and defense tactics based on their experiences.
- Division of work in large groups, under pressure, i.e., encouraging cooperation among individuals, teams, and groups working in different locations. Wargames bring together people who never worked together before, who have different organizational cultures, and who may bring to the table a wide range of knowledge levels.
- Improvement of policies that have never been implemented before. Wargaming increases knowledge of the regulations and helps prepare teams for inspection and review processes. It’s an opportunity to share information and focus on making operations and defense systems more effective.
- Better decision-making capabilities, by providing situations that demand rapid decision-making under intense pressure. In wargames, it is necessary to make clear, understandable decisions where sensitive information as well as the organization’s reputation may be in peril. In the case of state-sponsored attack simulations, the stakes may be even higher – with human safety on the line.
Wargames generally involve a Red Team, a Blue Team, and a White Team, where the Red Team represents the attackers, the Blue Team represents the defenders, and the White Team is neutral and is responsible for the infrastructure.
Participants in a wargame may include attack and defense specialists, systems engineers, information security managers, regulatory experts, and developers with technical knowledge.
In addition, participants in wargames generally should include legal and public relations teams – as these individuals handle key aspects of the public response during a real cyber attack.