The latest edition of the European Conference on Cyber Warfare and Security (July 2019) contains several papers that address aspects of wargaming. Here is just a sample. It’s all gated, so you’ll need institutional access to ProQuest or EBSCO to read it.
Ormrod, David; Scott, Keith; Scheinman, Lynn; Kodalle, Thorsten; Sample, Char; et al., “The Persuasion Game: Developing a Serious Game Based Model for Information Warfare and Influence Studies.”
In an age of hybrid, asymmetric, and non-linear conflict, the role of Information Operations has become ever more important; this paper presents a study of a recent research project. The project examined ways of better enabling stakeholders to respond to the increasing use of influence in warfare, hybrid conflict, competition, and the realms of hard and soft politics. An international and cross-sector research group drawing on military, government, and academic expertise from seven different countries met in October 2018 to understand the best way to wargame influence. In the space of four weeks, the group worked towards the successful achievement of their initial goal; the creation of an influence wargaming community supported by a modular wargaming package and development roadmap. This paper introduces the context which has led to the establishment of the multi-national, multi-disciplinary team; discusses the reasons for employing serious gaming as a research tool for studying influence; outlines the development of the project of its initial four-week span; and summarises the initial key findings and directions for further research. The use of wargaming as a training and research tool is familiar in both the military and civil contexts; the project discussed here presents a truly innovative approach to influence studies, and shows the benefits of an interdisciplinary, cross-domain research team. The final section introduces a new influence wargaming framework that has emerged from the study.
Ormrod, David; and Scott, Keith, “Strategic Foresight and Resilience Through Cyber-Wargaming.”
Cyber-capabilities provide nation and non-nation state actors, including criminal organisations and individuals, with the ability to project power and influence across borders and into critical infrastructure, corporate networks and military systems with relative anonymity and impunity. Employed on their own or as part of a broader influence activity, cyberattacks can use vulnerabilities within networked and digitally-enabled systems to create opportunities to undertake a variety of malicious actions, including the theft of intellectual property or financial data, engage in aspects of hybrid warfare or undertake the destruction and/or disabling of physical property that is network connected. Traditionally, strategic and military planners have undertaken wargaming as a means of anticipating potential outcomes relating to system vulnerabilities and failures, as a means of optimizing a system of systems and increasing resilience. However, cyberwargaming as a strategic planning activity has suffered conceptual and practical problems due to the disconnect between technological design and the conceptual models used for physical systems and critical infrastructure. Traditional concepts such as time, which have generally been easily represented within wargames, are much more difficult to represent in the cyber domain. The lack of suitable models has led to two different approaches; a focus on the operational and technical through red teaming and cyber exercises, or a focus on the strategic through executive table-top activities and matrix wargames. Cyber-wargaming is an iterative approach to optimizing the information security posture of an organisation, whilst simultaneously increasing the knowledge of the participants about their environment. Cyber-wargaming ensures the organisation evolves as a collective and has an opportunity to engage in a safe way with potential risks and threats. This paper proposes a unique cyber-wargaming model which seeks to achieve strategic foresight and increase the resilience of the system of systems. The model provides organisations and individuals with a way of understanding vulnerabilities across the systems of systems within cyber-space, in a way that facilitates understanding of the fundamental risks to an organisation. The cyber-wargaming model proposed by this paper will allow participants to reduce risk, enhance understanding and increase collaboration to address the fundamental socio-technical issues they must address to succeed. This unique approach extends on existing assurance programs and governance frameworks, by recognizing the role of the malicious actor, incorporating a view of the cyber-ecosystem and aligning strategic organizational imperatives with information and communication technology security programs.
Thorsten Kodalle; Char Sample; David Ormrod; and Keith Scott, “Thoughts About a General Theory of Influence in a DIME/PMESII/ASCOP/IRC2 Model.”
The leading question of this paper is: “How would influence warfare (“iWar”) work and how can we simulate it?” The paper discusses foundational aspects of atheory and model of influence warfare by discussing a framework built along the DIME/PMESII/ASCOP dimension forming a prism with three axes. The DIME concept groups the many instruments of power a nation state can muster into four categories: Diplomacy, Information, Military and Economy. PMESII describes the operational environment in six domains: Political, Military, Economic, Social, Information and Infrastructure. ASCOPE is used in counter insurgency (COIN) environments to analyze the cultural and human environment (aka the “human terrain”) and encompasses Areas, Structures, Capabilities, Organization, People and Events. In addition, the model reflects about aspects of information collection requirements (ICR) and information capabilities requirements (ICR) – hence DIME/PMESII/ASCOP/ICR2. This model was developed from an influence wargame that was conducted in October 2018. This paper introduces basic methodical questions around model building in general and puts a special focus on building a framework for the problem space ofinfluence/information/hybrid warfare takes its shape in. The article tries to describe mechanisms and principles in the information/influence space using cross discipline terminology (e.g. physics, chemistry and literature). On a more advanced level this article contributes to the Human, Social, Culture, Behavior (HSCB) models and community. One goal is to establish an academic, multinational and whole of government influence wargamer community. This paper introduces the idea of the perception field understood as a molecule of a story or narrative that influences an observer. This molecule can be drawn as aselection of vectors that can be built inside the DIME/PMESII/ASCOP prism. Each vector can be influenced by a shielding or shaping action. These ideas were explored in this influence wargame.
Hjalmarsson, Sara, “Live-Action Role-Play as a Scenario-Based Training Tool for Security and Emergency Services.”
Appropriate training and knowledge development is highly relevant to leaders and security professionals in the fields of information warfare and counter-terrorism. Scenario-based training methodology has a long history among military, law enforcement, emergency services and the private sector. It is recognised as an effective method for preparing leaders to make critical decisions under pressure. Over time, several models have been developed to illustrate its components and characteristics. Live-Action Role-Play (LARP) has been defined as a unique art form that, like scenario-based training, can only be experienced as it is being created. It is an international phenomenon with a diverse range of styles and characteristics. The current leading-edge developments occur in the Nordic countries (Sweden, Denmark, Finland and Norway). Although LARP is primarily used for entertaining games, the art form bears significant resemblance to scenario-based training and could be adapted for authentic tasking exercises. LARP contrasts with scenario-based training in its use of persona within a variable narrative engine and a context that includes many layers of complexity. Educational Live-Action Role-Play, known as Edu-LARP, has been integrated into the Danish school system via Østerskov Efterskole, a boarding school for students aged 14-17 that follows the Danish national curriculum. LARP participants are already being used in training exercises for emergency services due to their dynamic improvisation skills and cost-effectiveness. Experienced organisers and participants could contribute their ability to generate scenarios, work with uncertainty and “think like the enemy, without becoming the enemy.” to the design and execution of training exercises. Additionally, they could contribute to scenario generation for scenarios involving a high level of uncertainty, such as terrorist attacks and critical infrastructure incidents. LARP events themselves could also be adapted to the training needs and attributes of the audience, creating training that fully engages the trainee and results in improved learning outcomes. As in the case of scenario-based training, the use of LARP, LARP participants and LARP organisers must be implemented appropriately for them to be effective. This implies, for example, that participants and organisers must be experienced. It also implies that LARP used for training purposes would demand an appropriate narrative engine, educational framework and level of complexity suitable to the audience. Although this paper identifies that there is significant potential in the LARP art form, it also recommends that further research be conducted to explore the relevance of different styles, aspects relating to effective implementation and possible other uses of the art form.
Rege, Aunshul; Adams, Joe. “The Need for More Sophisticated Cyber-Physical Systems War Gaming Exercises.”
Cyber-physical systems (CPS) are highly integrated into critical infrastructures. These systems execute automated control of physical equipment in transportation networks, nuclear plants, water and gas distribution networks, and power plants. CPSs offer a unique cybersecurity challenge as cyberattacks against CPSs adversely affect public services (e.g., WannaCry attacks in Europe), research facilities (e.g., STUXNET), or transportation services (e.g., OnionDog’s attack on South Korea). It is critical to train and educate operators, owners, and users of CPSs on how these systems are subjected to cyberattacks; how to defend CPSs in real time; how to manage limited employee and monetary resources during and after cyberattacks; and how to better manage system confidentiality, integrity, and availability. Real-time CPS cybersecurity exercises serve as ideal training platforms. This paper reviews existing CPS cybersecurity red team-blue-team exercises (RTBTEs) conducted in USA. This paper highlights the many benefits of these exercises, such as understanding real-time attacks and defense, testing and validating security models, and also understanding human behavior of both attackers and defenders. While these are important contributions, they focus on a small subset of CPSs inside particular infrastructures within condensed temporal frameworks. Collectively, these factors approximate the reality of CPS cyberattacks, which take longer, are more sophisticated, and target multiple, connected infrastructures. This paper thus argues for a more sophisticated CPS wargame hosted in an environment more representative of reality. An advanced training environment is being constructed at Camp Grayling Michigan in collaboration with public industry and government agencies.
Labuschagne, William Aubrey; Eloff, Mariki, “The Effectiveness of Online Gaming as Part of a Security Awareness Program.”
Using cyberspace to conduct business and personal duties has become ubiquitous to an interconnected society. The use of information technology has provided humanity with a platform to evolve and contribute to the advancement of society. However duality also exists within the realm of cyberspace as shown by the expanding threats originating from cyber criminals who uses the information superhighway for nefarious purposes. Companies usually invest large amounts of money in the implementation of hardware and software controls to deter and prevent attacks on assets within these establishments. For example firewalls and anti-virus software are updated as threats evolve. In spite of these controls the weakest link in this security chain is still the human element whose actions can be considered as erratic and unpredictable thus posing a threat to the security of the organization. Security awareness programs aim to equip users of cyberspace with the necessary knowledge to identify and mitigate threats emanating from these platforms, including the Internet. Numerous security awareness frameworks exist which prescribes the required steps to design and implement an efficient and effective security awareness program. An understanding of the different steps is required to develop and customize such a program for a specific environment. Furthermore different methods which include training, newsletters and websites are used to deliver the security awareness content to the participants. The nature of these methods could be ineffective and be considered mundane and strenuous to the participants who do not always have the technical background in information technology, which, in turn could threaten the success of the implemented program. Therefore a proficient solution should be considered to attract and captivate a diverse group of employees when doing security awareness training. Moreover the effectiveness of these programs should be measured with the application of metrics defined within security awareness programs. This paper discusses the implementation and findings of a security awareness program. The aim of the security awareness program was to determine the effectiveness of using online gaming as an information security knowledge delivery method to enhance the efficacy of the participant’s awareness to identify and mitigate threats encountered within cyberspace. Subsequently the paper proposes improvements to the design of the security awareness program used during the study.
Blumbergs, Bernhards; Ottis, Rain; Vaarandi, Risto, “Crossed Swords: A Cyber Red Team Oriented Technical Exercise.”
This paper describes the use-case of international technical cyber exercise “Crossed Swords” aimed at training the NATO nation cyber red teams within a responsive cyber defence scenario. This exercise plays a full-spectrum cyber operation, incorporates novel red teaming techniques, tools, tactics and procedures (TTTPs), assesses team design and management, trains the skills for target information system covert infiltration, precision take-down, cyberattack attribution, and considers legal implications. Exercise developers and participants have confirmed the learning benefits, significant improvements in understanding the employed TTTPs, cyber-kinetic interaction, stealthy computer network infiltration and full-spectrum cyber operation execution.
Rege, Aunshul; Adams, Joe; Parker, Edward; Singer, Brian; Masceri, Nicholas; et al., “Using Cyber-Security Exercises to Study Adversarial Intrusion Chains, Decision-Making, and Group Dynamics.”
Increasingly adversaries are becoming more sophisticated and persistent in their cyber-attacks against critical infrastructures. Traditional incident management is response-driven, which is ineffective and costly, especially in countering adaptive adversaries. The security community has argued for a paradigm shift towards proactive and anticipatory cybersecurity. Defenders thus need to understand adaptive behaviors and dynamic decision-making processes of adversaries. Using a cyber-adversarial intrusion-chain model and empirical evidence of observations done at a force on force (“paintball”) exercise held at the 2015 North American International Cyber Summit (NAICS), this paper argues that understanding how adversaries adapt at various points in the intrusion chain is crucial in profiling adversaries and developing anticipatory cybersecurity measures. Specifically, this paper highlights the human aspects of cyber-attacks, with three specific objectives: (i) providing a preliminary temporal assessment of the cyber-attack process, (ii) understanding adversarial decision-making, cyber-attack disruptions and corresponding adaptability, and (iii) comprehending group dynamics, such as structure and interdependencies; cohesiveness and conflict; and division of labor.