Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization

Black Hat USA 2017

Presented by: Jason Nichols
Date: Thursday July 27, 2017
Time: 12:10 - 13:00
Location: Mandalay Bay GH

The security industry faces a tough and growing problem: many of the fundamental decisions made which affect security are made by people that don't have the right cyber skills or experiences. This talk describes how the creation of a realistic, hands-on wargame environment can be leveraged to not only teach participants about attack and defense but to enable other organizational advantages.

The game environment puts two attacking teams competing in parallel with a single defending team, with all teams evaluated and scored. The game environment role-plays different attack motivation, technique and mindset with one team playing as hactivists and the other playing as nation state. The defending team manages a diverse mix of IT and OT assets, including an emulated oil refinery comprised of SCADA and HMI using industrial control protocol communications. And, the game leverages the human dimension, inclusive of insider threat and social engineering.

The game is 2.5 hours start to finish, comprised of short intro brief, teams then move to their operations areas where they are given team briefings, then an hour of gameplay, concluding with team post-briefs. Winning teams often are those that communicate best. The defending team has the most scoring opportunity but faces the toughest challenges.

This talk will present the technical architecture of the game environment for technical attendees interested in building their own. Our talk will present business value to the game for non-technical attendees interested in promoting their organizational capability, building brand awareness, or creating a customer-oriented training service. And, we will show screenshots, videos and detailed diagrams giving all attendees a close view of how the game is built and delivered.

Jason Nichols

Jason Nichols graduated with a bachelor's degree in computer science from Virginia Tech in 1990. He has spent his career in software development, product management, systems integration, management consulting, cloud computing, cyber security and big data analytics. Jason has spent half his career in technical roles, and the other half in business management roles. With this mix of expertise, he helps his customers and peers in industry find the practical application of emergent technologies to support strategic business and mission priorities. Jason manages the company's iSpace lab, a state of the art collaboration, demonstration and rapid integration facility designed for showcasing industry innovation in the areas of cloud computing, cyber security, biometrics, social media, mobile computing, Internet of Things, and data science. His work at the lab includes: Critical Infrastructure Protection (CIP) lab: a virtualized implementation of electric utility smart grid infrastructure assets including penetration test, internet web/email, IT network, SCADA, Advanced Metering Infrastructure (AMI) and Control-DMZ assets. This work has included assisting multiple customers in finding and fixing internet-based attacks and vulnerability in IT and OT systems, including forwarding attack signature data to multiple industry leading threat detection vendors. Big Data Analytics Prototype Development and Demonstration: implemented a Cloudera-based cluster used to support customer projects, research prototypes and demonstration of analytics solutions to our DoD, Intelligence Community and commercial clients. In his spare time, Jason spends his personal time with his daughters, wife, three dogs, and enjoys hobbies that include computer gaming and web application development.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats