War games have existed for a very long time. The first war game was called petteia, and was played in ancient Greece in 5th century B.C. Using black and white stones lined on opposite sides of a board, the objective was to capture an opponent’s stones by sandwiching them between two others.
Many of these early war games focused on strategy, but evolved to more tactical purposes — testing and validating responses to high-risks scenarios. As war games evolved, they were also adopted by branches of the government and corporations. The premise is simple – by subjecting your teams to specific (and worse case) scenarios, you can expose weaknesses, refine responses and learn from failures. This is why war games applied to cybersecurity makes sense. Being able to put yourself in the mindset of the attacker, understanding their tactics, techniques and goals will yield insights on where your holes are and how effective your team can be under pressure.
The challenge is how to take the red/blue team models – long available to only government and large organizations – and architect and scale them to meet the needs of all organizations. What are the most effective ways to implement cyber war games?
This is a discussion that I will be moderating in the RSA peer to peer session “Hacking Inward – Implementing Effective Cyber War Games”. I will explore the proper framework to conduct effective war games that can unearth people, process or technology issues. We will discuss what types of war games can help validate the effectiveness of an organization’s response to a cyber attack. We will also deep dive into technologies that can facilitate this.
At the end of the discussion, we hope to have a set of best practices that security leaders can bring back to their organizations for cyber war game consideration.
I invite you to join me next Wednesday at the RSA Peer-to-Peer session “Hacking Inward – Implementing Effective Cyber War Games”
Tweet me @itzikkotler or use #hackinginward if you have specific topics you would like me to explore in this session.