Attend this highly interactive and realistic cyber exercise. It will be an advanced tabletop exercise, which is a realistic and more interactive experience than a basic tabletop exercise and is used to more deeply explore the breach problem. This experience will deepen attendee’s understanding of the complex issues that a significant cyber breach can cause. This will be done through exercise injects and realistic media from the “perpetrator.”
The narrative for this exercise will have lots of nooks and crannies to then develop interesting and challenging injects for the exercise players to grapple with. This type of exercise has a certain complexity that can’t be avoided. The story progresses through the injects.
The exercise players will receive injects on paper and then the players must develop a response. Once they know how they want to resolve the issue, they will go over to the simulator table and engage a Simulator who will interact with the exercise player about the inject and their response. The Simulators may think the idea is a good one, or they may push back, or they may respond somewhere in between. The idea is to get the player to think more deeply about the answer they provided. This interplay really helps deepen the experience for both the player and the simulator.
One of the key aspects of a cyber narrative is the potential damage to the reputation of the company. To damage that reputation, we have to “out” the story. We usually do this early in the exercise by having the “perpetrator” post the story on a social media platform such as Twitter. (NOTE: Of course, we don’t put a real post on Twitter. This is all done via “exercise magic.”)
At the conclusion of the exercise, a debrief will be held at each table; the top findings will be reported out by the table spokesperson. An after-action report for the exercise will be developed, and all exercise materials will be made available to the players as an exercise “take-home.”