Sunday, February 24, 2008

Cyber Storm

In September 2006, the Department of Homeland Security ran an exercise named Cyber Storm to consider the U.S. response to a significant cyber attack. A wide variety of public and private sector agencies and entities were involved, leading to a better understanding of how the patchwork of responses by these groups could be better coordinated in the event of such an attack. The game report is available here.

Apparently, the game referees had to stop (overzealous?) participants from trying to hack the system the exercise was being run on:

In the middle of the war game, someone quietly attacked the very computers used to conduct the exercise. Perplexed organizers traced the incident to overzealous players and sent everyone an urgent e-mail marked "IMPORTANT!" reminding them not to probe or attack the game computers.

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."


The comments on this page have an interesting discussion of this incident, with some back and forth about whether this type of action should be allowable in the context of a game/exercise. A wargame called Millennium Challenge 2002 is referenced early in the discussion. Millennium Challenge '02 was a large-scale wargame conducted in 2002, pitting the U.S. against an unnamed Middle Eastern military. It achieved an unusual degree of notoriety for a wargame because the commander of the "Red" forces used several unconventional tactics to exploit weaknesses, which resulted in massive damage to the "Blue" fleet as it entered the Persian Gulf. The exercise was halted, and the Blue losses were "re-floated," causing some to cry foul. The Red commander himself said that the game was "fixed." The game has been in the news again lately after Iranian speedboats approaching U.S. Navy ships in the Persian Gulf recalled the tactics used in the game to devastate the Blue fleet (though the success of the tactic in the wargame was apparently predicated on a massive number of speedboats, cruise missiles, and other attack vectors making a simultaneous assault to overwhelm the capacities of the warships to track them and respond).

This comment (in the aforementioned discussion of the Cyber Storm exercise) in particular seems to get right at the issue:

My point is just that a particular wargame has a purpose. It's usually not run to find out who's the best or cleverest solider/commander/unit/force, even if that's what some of the participants want it to be. If the real purpose is damaged by people trying to figure out how to change the intended parameters of the game in order to "win", then players shouldn't be doing that.

In particular, I'd say that you shouldn't be trying to exploit the limits of the simulation. Hypothetically, suppose that you're supposed to be learning (among other things) how to deal with poor communications, so your radios have been jiggered to make them unreliable, or else the enemy can listen in, or something. I have no idea whether that's a plausible wargame, but just suppose.

Now, suppose you decide to adapt to your comms problems by using couriers. Fair enough, you'd think, but if the people designing the game didn't think of that, then their wargame might well not account for snipers either. Then all you've achieved, other than "winning", is to show that couriers are great if your opponent can't do anything about them.

That doesn't prepare you for a real war - obviously modern forces do have snipers, and your couriers would have a great deal more difficulty operating in a warzone than they did in the simulation. You've made the scenario be about couriers and snipers, when it was designed to be about something else (strategies that are robust against broken communications, maybe).

I agree that couriers should be considered in future planning, but if the consideration is, "they wouldn't last five minutes out there", then there's not much point allowing them in the simulation.

Of course for the Millennium Wargame, one accusation was that the envisaged scenario was a sweeping Blue victory no matter what Red did, with no intention to discover anything about real war. But such a "politically motivated" ruling, if that's what it was, doesn't detract from the fact that in general, wargames might have a reasonable purpose, and might need to use "unrealistic" restrictions to achieve that purpose.

I had initially intended for this post to go further into the whys and wherefores of things like "refloating" in the midst of a wargame, but so much has been written about Millennium Challenge 2002 over the years that I haven't finished going through it, much less finished thinking about the issues it presents. There have been a few blog posts this year that have been especially good at identifying the underlying issues. Yet another thing I'll have to come back to in a future post....

No comments: