MICHAEL SULMEYER AND DMITRI ALPEROVITCH
The Cipher Brief hosted its 2nd annual threat conference at beautiful Cloister Resort on Sea Island, Ga., this month. While there, Dmitri Alperovitch as well as I ran cyber exercises that pushed participants, many of whom are quondam senior regime leaders, to measuring into the shoes of U.S.A. national safety decision-makers to resolve international crisis situations. Because the sessions were alone off-the-record, I won’t hash out how specific participants reacted as well as what they recommended, but rather I volition reverberate on what lessons tin sack hold out learned from these types of exercises as well as how The Cipher Brief’s tin sack hold out a model for others.
Be clear on what yous desire to exercise: Last year, nosotros wanted to press our participants on how they would acquire ahead of the threats that nosotros asserted were looming. We provided a fact pattern that created sufficient danger to warrant a serious national-security discussion, but at that topographic point were plenty off-ramps that our teams could recommend ways to decease along tensions from boiling over. This year, nosotros changed focus as well as forced our participants to develop response options afterwards complex attacks had already occurred. Whatever your focus may be, come inwards clear as well as repeat it ofttimes thus that participants select no dubiety on what they are beingness tested.
Think through inwards advance the response options that the teams volition deliberate on: Make certainly the scenario provides for plenty ambiguity as well as challenges to supply for a goodness debate alongside the teams every bit they are see how to answer to an outlined threat. One of the things that brand cyber policy issues thus challenging is that they ofttimes occupy the grayness zone betwixt state of war as well as peace. If the scenario incorporates attacks that are likewise catastrophic inwards nature, the determination infinite becomes real uncomplicated – nosotros are at state of war as well as hitting dorsum at the enemy hard. If on the other mitt the attacks are real express inwards nature, the decision-makers may force to do nix as well as merely ignore the problem. The play tricks is inwards doing plenty to come inwards impactful but non likewise much thus every bit to eliminate the non-kinetic options from consideration.
Don’t distract with extraneous information: To decease along the focus on response options, nosotros didn’t desire our fact pattern to contain likewise many distractions that would Pb participants astray. One of the easiest distractions we’ve observed is the effect of attribution. Of course, if the objective of an practise is to seek how participants react inwards the absence of knowing “whodunnit it,” facts that exploit uncertainties nigh it are helpful. Yet with only 10-20 minutes for teams to laid upward their briefings to our mock president, nosotros chose to command for the attribution variable past times stipulating that inwards our scenario, specific intelligence agencies had high confidence inwards their findings. This kept the teams representing the intelligence community, the province department, as well as the armed services on runway as well as tailored their discussions to actionable proposals they could convey to the table.
Know your participants as well as interruption interagency stovepipes: Dmitri as well as I select run exercises for participants with a make of dissimilar experiences as well as backgrounds. The participants at The Cipher Brief’s threat conference select an amazing breadth as well as depth of sense across manufacture as well as government. The chance for us was non to learn cyber policy, but rather to blueprint scenarios that pushed experienced leaders into uncomfortable positions. For example, a senior diplomat mightiness hold out asked to Pb the squad representing the views of the military. Usually, these leaders relish the run a jeopardy to decease exterior their comfort zone.
Be creative with the purpose of the media: While decision-makers search for the best recommendations for how to handgrip a national safety crisis, they also must fence with how whatever they do or don’t do volition hold out viewed inwards the media. Last year, nosotros selected a few participants to play the purpose of the mainstream U.S.A. media. This year, nosotros asked them to assume the purpose of a tidings outlet sponsored past times a unusual adversary.
How these “reporters” twisted our fact pattern as well as spun the Twitterverse was instructive non exactly for us every bit scenario designers, but for participants every bit well, since they saw their carefully crafted policy proposals distorted beyond recognition.
The adversary gets a vote: We wanted our participants to confront the additional challenge non exactly of briefing a mock U.S.A. president, but also to larn how a squad representing the adversary would react to their recommendations. Adversary teams are corking when they are staffed with truthful surface area experts with deep knowledge of the province as well as its history. After all, the destination of such squad is non to merely hold out a fun spoiler as well as troublemaker, but to lay themselves into the shoes of the opposing country’s regime as well as thinking through their objectives, constraints as well as priorities. We were fortunate that thus many participants at The Cipher Brief conference own this fluency: they proved to hold out an fantabulous validator of the proposals offered past times the other teams.
Don’t attempt to do likewise much inwards likewise petty time: We had xc minutes afterwards lunch, as well as nosotros select both been involved into likewise many exercises that inquire participants to see likewise many details inwards likewise petty time. Given that fourth dimension limit, nosotros express each of our 2 scenarios to ane adversary, as well as nosotros express each adversary to 5 or 6 discrete actions that participants were as well as then forced to react to. We expedited internal discussions to 10-20 minutes, but allow our mock president interrogate squad leaders for 35 minutes per scenario.
Regardless of how futurity scenario designers create their fact patterns as well as staff their teams, nosotros promise the factors highlighted inwards a higher house assist create a to a greater extent than realistic simulation environment.
Buat lebih berguna, kongsi:
