ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > War game 🟩 Safety exercise

War game 🟩 Safety exercise

A cyber war game, also known as a simulation exercise or cyber crisis exercise (or cyber exercise) is a realistic, scripted simulation designed to assess and improve an organisation's ability to prevent, detect and respond to cyber attacks.

Inspired by military exercises, it generally involves opposing teams (eg: Red Team vs Blue Team) that reproduce attacker tactics and defence mechanisms in a controlled environment.

🎯 Main objectives

  1. Testing defences identifying vulnerabilities technical and organisational.
  2. Improving incident response Validate the effectiveness of crisis plans (IRP) and decision-making processes.
  3. Training teams strengthening technical skills (threat huntinglog analysis) and inter-departmental coordination (IT, legal, communication).
  4. Assess the resilience Measuring the ability to maintain critical operations during and after an attack.

πŸ‘‰ Types of war games

  • Red Team vs Blue Team :
    • Red Team simulates attackers (e.g. : APT, ransomware) using real TTPs (MITRE ATT&CK).
    • Blue Team defends the infrastructure, monitors alerts and neutralises threats.
  • Purple Team Collaboration between Red and Blue Teams to optimise detection and share feedback.
  • Tabletop exercise (Tabletop exercise) Theoretical simulation in the classroom, focusing on strategic decision-making (e.g. management of a company). data leakage).
  • Full-scale simulation Reproduction of a complex cyber attack with impact on production systems.

Examples of scenarios

  • Targeted attack Compromise of a critical server via a vulnerability zero-day.
  • Ransomware Data encryption and ransom demand with the threat of exfiltration.
  • Social engineering campaign phishing targeting executives (whaling).
  • Supply chain attack Intrusion via an unsecured third-party supplier.

Key stages

  1. Preparation :
    • Define objectives, rules and scope (e.g. prohibit attacks DDoS real).
    • Select the tools (sandbox environment, platforms such as Kali Linux or Metasploit).
  2. Execution :
    • Inject indicators of compromise (IOC) and observe the reactions.
  3. Post-exercise analysis :
    • Document shortcomings (e.g. response time too long, lack of backups).
    • Prioritise corrective actions (updates, training).

βœ” Benefits :

  • Strengthening the cyber posture Proactive detection of vulnerabilities before a real attack.
  • Improving collaboration Breaking down the silos between technical and business teams.
  • Compliance To meet regulatory requirements (e.g: NIS2RGPD).

Tools and references

  • Executives MITRE ATT&CK (to model TTPs), NIST CSF (function Respond).
  • Platforms Caldera (automated attack simulation), RangeForce (interactive training).
  • Best practice anonymising sensitive data and avoiding any real operational impact.

Current issues

  • Increasing complexity integrating AI (deepfakesautomated attacks) in the scenarios.
  • Bias management avoid overconfidence after a successful exercise ("We're ready!").
  • Costs Limiting the resources required (time, budget, expertise) for SMEs.

 

Back to Glossary

field of training

ο€­

Cybersecurity

associated training



Systems and network security, level 1



Hacking and security, level 1



Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity