Being prepared

Introducing computerized war-gaming

to mitigate cyber risks

Driving security improvements with simulations

April 2017 Computerized war game simulation 2

April 2017 Computerized war game simulation 3

Introduction to “Winter in Andalusia” wargame

The "Winter in Andalusia" war gaming simulation was carried out by IATA On

the 30th of November 2015 and continued for 2 hours and 35 minutes

April 2017 Computerized war game simulation 4

Game objectives

Identify Cyber Attack

Examine coordination/ collaboration

Test hierarchy/ business process

Assess crisis management

response efficiency

April 2017 Computerized war game simulation 6

Existing processes integrated into system

April 2017 Computerized war game simulation 7

The War-Game itself is a team exercise

The Platform Game Controllers

Players

April 2017 Computerized war game simulation 8

Interacting to solve dilemmas

April 2017 Computerized war game simulation 9

Understanding the decision making process

April 2017 Computerized war game simulation 10

Understanding the players intensity levels

Incoming Items

Chat Messages

Dilemmas0

50

100

150

200

Incoming Items

Sent Items

Chat Messages

Challenges

Dilemmas

Decisions

April 2017 Computerized war game simulation 11

Word analysis reflecting the organization culture

April 2017 Computerized war game simulation 12

Process analysis with graphic tools

Interactions Heat Map

April 2017 Computerized war game simulation 13

Event comparison projecting critical gaps

Business operations

Technical support

April 2017 Computerized war game simulation 14

Hold transfers until further information is

received

Potential problem with security

Risk of fraudulent transactions

Need to coordinate banking and R&S

Should we cancel settlements today as a preventive actions ?

Decision tree showing the players behavior

April 2017 Computerized war game simulation 15

Lessons learned

FINDINGS

• No declaration of the crisis and threat

• Lack of organizational / global threat

assessment process

• Absence of formal crisis management

process and methodology

• No formal crisis conduct between

departments and players during the

event

IMPACT

• Threat was not assessed as an

organizational and global level

• Large amounts of noise that interfered

with the decision making process

• The decision was made based on the

confusion, not fact

• No guarantee to an efficient and

effective response to cyber attacks

"The panic mode

started soon, but the

lack of real evidence

and the confusion of

messages

complicated the

decision making.

People tended to do

actions in an

uncoordinated mode

and we needed to

better share

information and agree

actions"

April 2017 Computerized war game simulation 16

What the tool enabled us to do

Understand our level of preparedness

Analyze expected reactions versus real

reactions

Compare management of events

between departments

Debrief using quick report turnaround

Understand the decision maker’s

cognitive process

Provide analytical inputs to assess the

effectiveness of the process

April 2017 Computerized war game simulation 17

Complex = Industry

level

Integrated = cross industry function

Combined = multi

dimention attacks

Technical = Simple

attack vector

Knowledge of the unknown

Hierarchical libraires to capitalize

information sharing into new

knowledge

Mandatory to develop collective

intelligence to adapt to the

unknown

Open source

Shared within A-ISAC

Shared within the

supply chain

April 2017 Computerized war game simulation 18