Conflict simulation, peacebuilding, and development

Tag Archives: cyberwarfare

How can we credibly wargame cyber at an unclassified level?


The frighteningly-efficient Stephen Downes-Martin has been kind enough to pass on a game lab report from the recent Connections US 2018 wargaming conference on “How can we credibly wargame cyber at an unclassified level?”  (pdf).

A small minority of cyber experts with wargaming and research experience have security clearances. If cyber operations are researched and gamed only at high levels of classification, then we limit our use of the intellectual capital of the United States and Allies and put at risk our ability to gain edge over our adversaries. We must find ways to wargame cyber[1]at the unclassified level while dealing with information security dangers to best use the skills within academia, business and the gaming community. During the Connections US Wargaming Conference 2018 a small group of interested people gathered for about an hour to discuss the question:

“How can we credibly wargame cyber at an unclassified level?”

The group concluded that it is possible to wargame cyber credibly and usefully at the unclassified level and proposed eight methods for doing so. The group also suggested it is first necessary to demonstrate and socialize this idea by gaming the trade-offs between the classification level and the value gained from wargaming cyber.

[1]“Wargaming cyber” and “gaming cyber” are loose terms which group deliberately left as such to encourage divergent thinking and to avoid becoming too specific.

Cyber Operational Awareness Course matrix game

The following report was contributed by Major Tom Mouat, Directing Staff officer responsible for Modelling and Simulation at the Defence Academy of the UK.

I thought that PaxSims readers might like to hear how running a Matrix Game went down as part of the Cyber Operational Awareness Course at the Defence Academy of the UK.

cybercourseThe course “aims to contextualise Cyber within Defence by raising awareness of wider operational perspectives.” It lasts 3 ½ days and is Rank Ranged OR7-OF4 (Civilian D-C1), (Staff Sergeant to Colonel) which is somewhat unusual, but I think the course benefitted from the wide rank range due to the inclusion of senior NCOs, many of who were specialists in their own right and very interested in the subject. This certainly added to the classroom discussions.

The course is currently only available to UK MOD personnel and, while generally conducted at a low classification, takes place in a restricted area in case questions and discussion stray onto more classified topics.

On previous courses there was a “Planning Estimate” carried out, lasting about a day and featuring a 50 page background briefing about an entirely fictional scenario. This attracted a lot of criticism as it covered many things that had no cyber relevance and the background briefing was coma inducing because it was completely fictitious and was extremely difficult to follow (both for the students and the instructors).

It was decided to replace the Planning Estimate with a Cyber Matrix game. Matrix Games are extremely low overhead, free-form games, built around an evolving narrative through the means of a series of logical “Arguments” proposed by the participants to advance their position in the game. They are useful for rapid assessment of scenarios, as an alternate analytical method and for education. They are particularly suited to subjects where “effects” are more important than weapon system performance.

This represented something of a challenge as previously we had conducted Matrix Games with relatively few players and the course required the game to run with 35 participants. We elected to run the game with teams of about 4 players representing the different actors and use a couple of the more experienced participants to assist in the adjudication of the “Matrix Arguments”.

We conducted a trial with about 10 participants and a completely fictitious scenario which, while it ran adequately, was lacklustre. The scenario suffered from the same difficulty in identifying the different actors in the conflict and being able to present them in a realistically nuanced way. It was quite fun, but failed to bring out the learning points required, so required a significant re-think.

In the end the scenario was completely re-written to involve fictitious states as the primary actors, but within the real geo-political context of the Baltic States. This enabled us to reduce the briefing considerably and promote a better understanding of the scenario through the means of analogies. The teams were allocated as follows:

  • The NATO sympathetic State.
  • Their “cyber supporters”.
  • The Main Protagonist State, massing troops on the border and fomenting rebellion in border cities.
  • Their “cyber supporters”.
  • The USA.
  • An independent third party hacking group based in the Far East.
  • The Press (Global Network News – GNN)
  • Assessors (a couple of experienced students intended to help with adjudication).

In addition a map was constructed showing the military deployments, as well as things like refugee camps and significant infrastructure installations in order to provide player teams things to focus on.

The game was run in an afternoon in a large classroom with 2 projectors – one with the maps and deployments on it and one with a PowerPoint show with the “Press Headlines” from each turn. This served as a record of the results of the Matrix Arguments as well as a summary of international opinion at the end of each turn (each of which represented “about 2 weeks”).

CapabilityCardExample1We also decided to provide the actors at the start of the game with a number of “Capability Cards” representing certain cyber capabilities, to focus their minds but also to bring out specific learning points.

Team briefs included these Capability Cards, the much reduced background briefing (now limited to 4 pages and a map) and a one page briefing specific to the team (including their objectives).

In between turns the players were also asked general “cyber awareness” questions, such as “Who was responsible for the leak of 750,000 confidential US documents to Wikileaks in about 2010?” (Bradley (Chelsea) Manning). The correct answer would provide the team with an opportunity to re-roll the dice if there was chance of failure in an argument, and was intended to represent the “research” element of cyber operations – the better the research / reconnaissance phase, the higher the likelihood of success.

The game went well with good engagement all round. Student quantitative feedback scores were the highest for the Matrix Game session than any of the other sessions in the course and qualitative feedback comments were also good.

Points to note:

  • Adding a “Press” team to record results and present “International Opinion” worked very well and was very useful as part of the game debrief (and was fun).
  • The “Capability Cards” as specific pointers towards educational learning points worked well – they were used (or not used) appropriately, sold to other Teams, patched and made redundant, and generally added to the outcomes. This supports Canadian findings that player perceptions can be heavily influenced by the information provided and physical presentation. In an educational context this can be very useful.
  • There was one criticism in the qualitative feedback that the person running the game “didn’t always listed to the full arguments”. This is an easy trap to fall into when running Matrix Games, in that the person running the game ends up acting as an “Umpire” and occasionally imposing his world view, rather than as “Facilitator” for the event (again supporting the Canadian findings above). The inclusion of the “Assessor” team was intended to mitigate against this, but they weren’t sufficiently briefed.
  • While the game was very successful, the post-game briefing was merely adequate. More effort was needed to provide a structure to the debrief and identify the specific learning outcomes. The Capability Cards helped (especially with those teams who chose NOT to use them), but there is room to provide more obvious team objectives in order to bring out additional points.

Overall the inclusion of a Matrix Game in a cyber-focussed course was a success in promoting discussion and understanding of a subject resistant to conventional teaching methods, so we are likely to use it again in the future. I believe that Matrix Games are particularly suited to education about cyber operations as they avoid getting bogged down in unnecessary technical detail, while promoting insight and understanding.

Tom Mouat 

Review: Curry and Price, Dark Guest (Training Games for Cyber Warfare)

John Curry and Tim Price, Dark Guest: Training Games for Cyber Warfare (Volume 1: Wargaming Internet Based Attacks). 2nd edition. History of Wargaming Project, 2013. 97pp.  £12.95

darkguestThis booklet is intended as a guide and aid for those involved in promoting broader awareness of “cyber warfare” and information security within their organizations. It consists of a discussion of the challenges of training on the issue, and overview of cyberwargaming, and a brief discussion of the rise of hacking and hactivism. Thereafter, it presents five games that can be used (or modified) in a training context:

  • In “Enterprise Defender” a hacker team secretly prepares descriptions of possible cyber attacks while a security team identifies IT defences. These are then discussed and resolved by an umpire as a way of both exploring the issue and generating a broader exploration of the topic.
  • “All Your Secrets are Mine” is a matrix game, whereby participants examine hacking and military-industrial espionage through a series of verbal actions and counter-actions that are assigned a probability weight by the umpire, then resolved with dice.
  • “Conspiracy” is a card game in which participants create the cards prior to game play, and is intended to show the interactive and interconnected nature of hacking and cyberwarfare.
  • “Media Wars” involves efforts by a fictional environmental group that has seized control of an oil refinery and is trying to get its message out, while the local government and other stakeholders also compete to influence the information space. Again, the primary game mechanism is one of teams developing media strategies, which are then rated by an umpire, with effects also dependent on a die-roll.
  • Finally, “Talinn  Soldier” is crisis game based on the 2007 attacks against Estonian government and private sector servers by pro-Russian activists.

The games are not technical ones. Indeed, experts in cybercrime, warfare, and hacktivism may find the lack of technical detail and analysis in this volume surprising.

If so, they would be missing the point. Dark Guest is intended to provide resources for those who have the task of spreading awareness of cyberwarfare issues within larger organizations, possibly inspiring them to modify the sample games provided or develop their own for their own particular needs. The games are thus designed to encourage non-IT specialists and managers to think about potential vulnerabilities (although some might also encourage IT specialists to go beyond issues of hardware and software to reflect on more general questions of policy, strategy, and context). All of the games are relatively free-form, and most are rather abstract. They are thus highly adaptable and designed to promote discussion-through-play. Most can also be played quite quickly, making them very suitable as ice-breakers or to provide a change-of-pace as part of a broader training programme. A previous edition of Dark Guest included a full rules-based card game on cyberwarfare, which has been dropped in this edition precisely because the authors feel that a book containing “generic ideas… [with] wider application” would be more useful for those seeking to integrate serious games into their training process.

One key aspect that the authors note, but could do more to address, is the fundamental importance of effective game facilitation and umpiring in free-form games such as these. Considerable skill is required to do this, since the moderator simultaneously needs to run the game, adjudicate actions (in a way that participants find convincing), maintain player engagement, deal with less cooperative players or those “fighting the scenario,” while all the time exploiting the teachable moments that the game generates. Experienced teachers may have some of these skills, and experienced role-playing-game “dungeon masters” have others—but not all neophytes have all of them. Given that this is volume 1 in what promise to be a continuing series—and given its association with the longstanding History of Wargaming research and publication project—this may well be an aspect that the authors turn to in a subsequent volume.


%d bloggers like this: