A cyber war game, also known as a simulation exercise or cyber crisis exercise (or cyber exercise) is a realistic, scripted simulation designed to assess and improve an organisation's ability to prevent, detect and respond to cyber attacks.
Inspired by military exercises, it generally involves opposing teams (eg: Red Team vs Blue Team) that reproduce attacker tactics and defence mechanisms in a controlled environment.
π― Main objectives
- Testing defences identifying vulnerabilities technical and organisational.
- Improving incident response Validate the effectiveness of crisis plans (IRP) and decision-making processes.
- Training teams strengthening technical skills (threat huntinglog analysis) and inter-departmental coordination (IT, legal, communication).
- Assess the resilience Measuring the ability to maintain critical operations during and after an attack.
π Types of war games
- Red Team vs Blue Team :
- Red Team simulates attackers (e.g. : APT, ransomware) using TTP real (MITRE ATT&CK).
- Blue Team defends the infrastructure, monitors alerts and neutralises threats.
- Purple Team Collaboration between Red and Blue Teams to optimise detection and share feedback.
- Tabletop exercise (Tabletop exercise) Theoretical simulation in the classroom, focusing on strategic decision-making (e.g. management of a company). data leakage).
- Full-scale simulation Reproduction of a complex cyber attack with impact on production systems.
Examples of scenarios
- Targeted attack Compromise of a critical server via a vulnerability zero-day.
- Ransomware : encryption data and ransom demand with threat of exfiltration.
- Social engineering campaign phishing targeting executives (whaling).
- Supply chain attack Intrusion via an unsecured third-party supplier.
Key stages
- Preparation :
- Execution :
- Inject indicators of compromise (IOC) and observe the reactions.
- Post-exercise analysis :
- Document shortcomings (e.g. response time too long, lack of backups).
- Prioritise corrective actions (updates, training).
β Benefits
- Strengthening the cyber posture Proactive detection of vulnerabilities before a real attack.
- Improving collaboration Breaking down the silos between technical and business teams.
- Compliance To meet regulatory requirements (e.g: NIS2, RGPD).
Tools and references
- Executives MITRE ATT&CK (to model TTPs), NIST CSF (function Respond).
- Platforms Caldera (automated attack simulation), RangeForce (interactive training).
- Best practice anonymise sensitive dataTo avoid any real operational impact.
Current issues
- Increasing complexity integrating AI (deepfakesautomated attacks) in the scenarios.
- Management of bias avoid overconfidence after a successful exercise ("We're ready!").
- Costs Limiting the resources required (time, budget, expertise) for SMEs.
