Gaming Cyber Warfare
This is an Offside Report by Nick Luft of a discussion on gaming cyber warfare lead by Jim Wallman at the CLWG Conference in October 2014
Gaming Cyber Warfare
I was particularly interested in this session as I had run a discussion session and short game test at the Games Weekend in April 2013. I did not create a game – shame on me – but I still have aspirations to do so.
Jim started his session by drawing a parallel between the typical hidden movement, map wargames we often play at CLWG and a game on cyber-warfare. He wanted to be able to represent a cyber warfare game using some map or drawing and getting players to deploy resources and take decisions with their actions being partially hidden from other players.
The first part of the discussion focused on what model we should use of the ICT (Information & Communications Technology). We quickly isolated four layers of ICT – Hardware, Physical Connections, Transport Layer, and Applications Layer. Initially these were layered one above the other, based on a more complex Communications Model that Dave Boundy knew. On Jim’s schematic map the layers were drawn as separate boxes within a larger box representing the human or meat-ware wrapper. After some discussion it was decided that three of the layers Hardware, Application, and Transport were Operating System dependent which linked them or attacks on them to a certain extent.
The next part of the discussion was taken up with discussing what attacks could be launched at the five areas – for example the hardware layer could be attacked by break-ins, the human layer could be attacked by bribery, the transport layer could be attacked by a Denial of Service (DoS) attack etc.
We also considered what roles there would be for the players. We thought there would be a role of corporate wonks, hackers, criminals and possible the security forces, with several players in each “team”. The corporates would try to run a business, make a profit and design a security layer for their businesses, the hackers would attempt to gain kudos for “epic” hacks, the criminals would make money from the hacks and the police would just react! There was some debate about the police as doesn’t seem a great role.
The less conclusive aspect to the discussion was how these attacks would be resolved. For ease of discussion we proposed that each layer would have a number rating, the higher the better. These ratings could be reduced as new vulnerabilities appeared, and of course the weakest layer would be the way in to attack the corporate. Briefly discussed was how well these ratings would be known and the importance of reconnaissance to the game.
What we did not discuss in any detail was the money making game. Jim regarded this as a mere mechanism that would have to balance the purchase of cyber defences against making a profit.