April 2017 3 Computerized war game simulation · April 2017 3 Computerized war game simulation ....
Transcript of April 2017 3 Computerized war game simulation · April 2017 3 Computerized war game simulation ....
Being prepared
Introducing computerized war-gaming
to mitigate cyber risks
Driving security improvements with simulations
April 2017 Computerized war game simulation 2
April 2017 Computerized war game simulation 3
Introduction to “Winter in Andalusia” wargame
The "Winter in Andalusia" war gaming simulation was carried out by IATA On
the 30th of November 2015 and continued for 2 hours and 35 minutes
April 2017 Computerized war game simulation 4
Game objectives
Identify Cyber Attack
Examine coordination/ collaboration
Test hierarchy/ business process
Assess crisis management
response efficiency
April 2017 Computerized war game simulation 6
Existing processes integrated into system
April 2017 Computerized war game simulation 7
The War-Game itself is a team exercise
The Platform Game Controllers
Players
April 2017 Computerized war game simulation 8
Interacting to solve dilemmas
April 2017 Computerized war game simulation 9
Understanding the decision making process
April 2017 Computerized war game simulation 10
Understanding the players intensity levels
Incoming Items
Chat Messages
Dilemmas0
50
100
150
200
Incoming Items
Sent Items
Chat Messages
Challenges
Dilemmas
Decisions
April 2017 Computerized war game simulation 11
Word analysis reflecting the organization culture
April 2017 Computerized war game simulation 12
Process analysis with graphic tools
Interactions Heat Map
April 2017 Computerized war game simulation 13
Event comparison projecting critical gaps
Business operations
Technical support
April 2017 Computerized war game simulation 14
Hold transfers until further information is
received
Potential problem with security
Risk of fraudulent transactions
Need to coordinate banking and R&S
Should we cancel settlements today as a preventive actions ?
Decision tree showing the players behavior
April 2017 Computerized war game simulation 15
Lessons learned
FINDINGS
• No declaration of the crisis and threat
• Lack of organizational / global threat
assessment process
• Absence of formal crisis management
process and methodology
• No formal crisis conduct between
departments and players during the
event
IMPACT
• Threat was not assessed as an
organizational and global level
• Large amounts of noise that interfered
with the decision making process
• The decision was made based on the
confusion, not fact
• No guarantee to an efficient and
effective response to cyber attacks
"The panic mode
started soon, but the
lack of real evidence
and the confusion of
messages
complicated the
decision making.
People tended to do
actions in an
uncoordinated mode
and we needed to
better share
information and agree
actions"
April 2017 Computerized war game simulation 16
What the tool enabled us to do
Understand our level of preparedness
Analyze expected reactions versus real
reactions
Compare management of events
between departments
Debrief using quick report turnaround
Understand the decision maker’s
cognitive process
Provide analytical inputs to assess the
effectiveness of the process
April 2017 Computerized war game simulation 17
Complex = Industry
level
Integrated = cross industry function
Combined = multi
dimention attacks
Technical = Simple
attack vector
Knowledge of the unknown
Hierarchical libraires to capitalize
information sharing into new
knowledge
Mandatory to develop collective
intelligence to adapt to the
unknown
Open source
Shared within A-ISAC
Shared within the
supply chain
April 2017 Computerized war game simulation 18