How Cyber War Games Can Impact the Cyber Security Industry

Author: Editorial Team

Collaboration and communication within the cybersecurity industry are key to thwarting cyber attacks from threat actors. As we have repeatedly seen, threat actors constantly communicate with each other, especially through the dark web, attempting to sell their services and products. The third annual Cyber War Games, expertly crafted by our partner, TLR Communications, took place in Australia to change how government departments – as well as private and public companies –  interact with each other from a cyber security perspective.

With the mass of recent data breaches, we felt it was important to explain why no one notices exposures until it’s too late.

GroupSense had a multifaceted role in the Cyber War Games by providing intelligence and advisories to participants in the games. Both the intelligence and advisories were  created from real-world situations delivered to past clients. Intelligence was tightly integrated into the games and allowed red team contestants to understand various attack vectors, identify targets and exploit weaknesses. In some cases, the intel provided hints in order to help red teams navigate the various challenges. The intel highlighted dangerous scenarios and actual threats behind the cyber war “games.”


Figure 1: An example of an intelligence brief provided by GroupSense to the participants.

Background
The widely-publicized Cyber War Games drew more than 40 cyber security experts from 14 different organizations worldwide to take down Shell Cove, a replica of a town made up of over 100,000 pieces of Lego®. Australia’s Department of Human Services hosted the games and used the agency’s state-of-the-art cyber range. This allowed judges of the games to monitor the actions of the attackers and the defenders in real time.

Figure 2: The Lego® city had working traffic lights, trains, a lighthouse, radar, air traffic control lights, a jail, a bank, a dam and a fire house.

Attendees were made up of five red teams and set about discovering ways to attack Shell Cove’s cyber defenses. Each attendee has a role in their respective cyber security departments to protect against cyber attacks and find threats to their governments or businesses. Some members of the red teams came from jobs in operations, while others had penetration testing experience. Some were even reverse engineering and language experts.     

The red teams represented different units of one single entity that would have varying attack paths to execute, and different skill sets to reach those tasks. Ultimately, all the red teams had the same final goal: Take down Shell Cove! Stuart Robert, Australian Minister for Government Services, even encouraged the red teams to do their best to take down the city’s infrastructure by any means necessary. Throwing everything at this simulated city would help Australia understand its weaknesses while also providing time to find solutions.

Each team was free to create its own organizational structure as long as they included one liaison to interact with the other red teams. The teams were equipped with conference calling capabilities to facilitate communication. They were also encouraged to freely travel by foot to communicate. (Very advanced systems, indeed!) One blue team of professionals from the government and private industry had the task of monitoring Shell Cove’s systems and protecting them from attack.

To encourage the teams to collaborate and communicate with each other, GroupSense at times provided intel to one red team that would benefit another. Once the red teams realized they could directly communicate with one another, they began to print, analyze, mark up, highlight and pass around the advisories they received. Without this collaboration, teams lacked the visibility required to finish their tasks. This further emphasized how important it is to distribute intelligence to accomplish their cyber security goals OUTSIDE the context of the games.

Figure 3 & 4: An example of an advisory provided by GroupSense to the participants.

Importance of Intelligence Sharing and Collaboration
There are certainly industries boasting strong peer communication, but most organizations lack appropriate communication channels inter-departmentally and with their partners or industry cohorts. Participants of the games were expected to be able to attack and exploit a wide variety of systems, but would not be able to achieve their goals without strong communication. Participants needed to “know their advisory” to take action. A tech stack can only get you so far; the intelligence gives context on how to attack (or defend) with “extreme prejudice.” Exercises such as this series of war games give cyber security experts the ability to step into the minds of threat actors and attempt to use new and existing tools and techniques to attack critical infrastructure. 

Analysis
The objective of the games was to illustrate the benefit and need for inter-department communication, within industry and public and private sector communications. It also ideally introduced and connected cyber security professionals from all over the world. Professionals found that intelligence may not always benefit them or their business, but it may be beneficial to preventing threats elsewhere. It is this key takeaway that cyber security experts worldwide should also realize.

Australia, host of the Cyber War Games, faces aggressive adversaries and readily admits more work needs to be done; they are committed to growth in cyber security, fostering an energized and productive environment. Events like the war games bring people together who are willing to communicate and challenge one another, showing how businesses and governments are limited to bubbles where they cannot grow and thrive.

How GroupSense Can Help
GroupSense always looks to provide relevant, actionable intel to clients to combat any potential threats or risks of data exposure they may face. However, GroupSense attempts to share intel to non-clients if it can protect from data breaches or notify companies about data exposures of which they are not aware. GroupSense collaborates internationally with governments and businesses, always looking to offer these services to new, interested parties. Reach out to us to inquire about our services.