My apologies for being such a stranger here – end of summer is a busy time for everyone! My daughter is off to Wagner College on Staten Island to begin her 5 year masters program leading to sitting for the Physicians Assistant certs. I can’t tell you how impressed I am with the “Wagner Plan” for a results-oriented, highly interdisciplinary education! Not to mention her dorm room has a million dollar view of the Statue of Liberty and the Manhattan skyline…
Anyway back to more routine blogging!
Today we have a great review by Joe Saur of the “Dark Guest” book of Cyber Warfare Games.
Dark Guest: Training Games for Cyber Warfare
John Curry and Tim Price MBE
Dark Guest: Training Games for Cyber Warfare is written by John Curry and Tim Price MBE, and is published by http://www.wargaming.co, © 2012; softcover, ISBN 978-1-4710-8548-2; $24.81 (b&w), $46.66 (color).
This is not a book for your CISSP specialist, or for your Sys Admin, but rather for managers and leaders: what are my options when my C4ISR system is being attacked? It includes the following:
• A short history of politically-motivated hacking (“Worms Against Nuclear Killers”: WANK).
• Four card-based training games:
o Hack This! – This one is for non-technical managers to understand cyber operations: what motivates hackers? How do they operate? What are some historical aspects to understand: hosts, vectors, attacks, botnets, etc.?
o Enterprise Defender – Described as “…a straightforward educational training model for non-IT managers for effects based operations…” Again, what is the impact of a given policy? Where are my potential vulnerabilities? How can I decrease my risks? How should I prioritize my investments: What capabilities have the most/least impact? Where should I spend my limited resources? What is my best long-term strategy?
o All Your Secrets Are Belong To Us – International cybercrime; players represent various international actors, including State-based, contractor, and cybercrime entities.
o Exercise Tallinn Soldier – A command post exercise where the national commanders (Estonia, 2007) must deal with disruptions to normal C4ISR systems, and must decide whether, when and how to react.
Each game includes background information and player briefings, card decks, game design information, and umpire guidance. No guidance is given as to anticipated length of the games, but all appear to be intended as either full-day or multi-day seminar-style play.
While it may not be the final solution, this book is certainly a worthwhile start to cyber wargaming in that it recognizes that the challenge is not necessarily the technical reaction to a specific hacking action, but the impact of pre-attack policy decisions and investment strategies, the loss and/or degradation of command and control systems that impact one’s ability to react to other, more traditional kinetic attacks, and the legal implications of various defensive and offensive cyber operations.
Reviewed by Joe Saur, GTRI, “Fundamentals of Combat Modeling” Instructor; firstname.lastname@example.org