Cyber security strategist Cliff Kittle has a post on the CyberTheory website on how cyber war games can improve an organization's manueverability and flexibility to prepare for and respond to a cyber attack. Quoting General Eisenhower that "in preparing for battle I have always found that plans are useless, but planning is indispensable", Kittle describes how war games prepare an individual or team to improvise when the unexpected occurs and plans are useless.
Here is a summary of his points:
- The goal of war gaming is innovation. To achieve this goal requires a diversity of experience so individuals with different backgrounds can share their knowledge and grapple with the possibilities, risks and uncertainties of cyber security. Team building leads to an appreciation of each individual and makes an organization more secure and resilient to a cyber attack.
- War gaming is a leadership learning tactic. Wisdom is the product of experience, Putting people into different situations and discussing their behavior is the most effective way to adapt to an uncertain future. War games enable senior leaders to evaluate their subordinates' ability to make "in the moment" decisions.
- War games give an organization the ability to achieve a tempo superior to an attacker, gaining control of the situation. An organization can test and if necessary alter its strategic plan so decision makers can properly prepare for the complexity and uncertainty of a cyber attack.
- War games test a company's readiness for a cyber attack and determine if their security team can identify and assess a breach quickly. They show how individuals react to stress. To ensure optimal security, people must be exposed to the latest malicious activity.
- Cybersecurity transformation requires modernization of people, processes and technology,. Organizations must create an environment that fosters learning and willingness to change. This requires feedback that is consistent, regular, immediate and unambiguous.
- War games create mental models to simplify complexity in order to better manage the uncertainty of a cyber attack. In a risk free environment participants can develop a different perspective on security challenges.
- Cyber war games are invaluable in testing potential response strategies and scenario planning. War gaming strengthens trust and team learning while reducing dependence on a single analyst.
The full post is at https://cybertheory.io/wargaming-the-cyber-mind-sport/.