Cyber Security Exercises and Reality

Cybersecurity Exercises and The Reality

Alexandre Dulaunoy

version 0.1 - 2017-11-30

When you are facing a potential threat, the most difficult aspect is to understand what you are fighting against. Evaluating a threat in information security is a complex aspect especially when you have no simple ways to scale the threat and know if you have the organisational and technical capabilities to respond to such threat.

In the past years, many cyber security exercises appear at local, national or international levels with the aim to improve the capabilities at organisational or/and technical levels. There are many different organisations involved in such exercise and there are many models depending of their respective focus. After being involved in many of those (including designing or/and playing), I compiled my thoughts and especially the shortcomings in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches.

Synthetic information/evidences

Reducing operational security aspects to simple games

A critical issue in my eyes with cyber security exercises is to simplify cyber security threats at a level which make these understandable for the political or non-operational managerial level. There are some significant risks to reduce complexity of the reality. When operational security teams face real and concrete incidents, their work could be just seen like solving a challenge. In incident response, it’s quite common to face complex topics, with different contexts and ultimately being incapable to reach a complete solution of the analysis from partial evidences, multi-compromised infrastructures