Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Symantec Conducts Company-wide CyberWar Games

CyberWar Games Highlight the Increasing Danger from and to an Interconnected World

“The next significant cyber attack will likely involve targeting the connected ecosystem of a major business, municipality or nation state, setting off, whether on accident or on purpose, the ‘domino effect’ that forces a change in global power.”

CyberWar Games Highlight the Increasing Danger from and to an Interconnected World

“The next significant cyber attack will likely involve targeting the connected ecosystem of a major business, municipality or nation state, setting off, whether on accident or on purpose, the ‘domino effect’ that forces a change in global power.”

This is the conclusion of the latest annual Symantec CyberWar Games excercise. 

Each year Symantec builds a full kinetic representation of a new and emerging technology, and invites its 11,000-strong global workforce to attack it. Five years ago, it was ‘nation states’. This was followed by oil and gas and SCADA systems; then finserv; and then healthcare. This year the chosen target was the global supply chain; bringing together the various technologies that enable it (mobile devices, digital currencies, SCADA, autonomous vehicles, and commodities).

Samir Kapuria, SVP and GM of Symantec’s cyber security services, explained the multiple purposes of the CyberWar Games. The first is effectively a massive staff training session — a way of honing the threat IQ of its people and the collective IQ of the company. The second is to uncover new and emerging threat vectors and existing vulnerabilities; and the third is to feed that knowledge back to the industry and into its own products.

The CyberWar Games are open to all Symantec employees, and there are no restrictions on what skills can be used. “Everyone — from Accounts, HR, Marketing, Technical — is invited to take part in the first phase, which is online. From this, the top ten teams from around the world are flown into Mountain View where we have this large kinetic representation of real industry. Our technical staff would use their technical skills, but marketing and HR people might explore methods of social engineering since that’s more in line with their own expertise.”

The teams are given a goal. This year they were asked to examine the insider threat, extortion and what could happen if SCADA controlling an agricultural watering systems was breached, forcing over-watering and destroying entire crops. “Then we moved to ‘siege’, said Kapuria. “What happens if all of the autonomous vehicles and IOT devices are taken over in a command and control type manner, so that everything could be forced to stop at a certain time? What action could the government take, and what should it be?” The purpose is to examine how today’s technology could become tomorrow’s threat, and to learn how to prevent it.

Symantec Conducts Company-wide War Games

(Image Credit: Symantec)

Advertisement. Scroll to continue reading.

But this is not some massive simulation, like the flight simulators used to train pilots. “What we’ve done is create a safe physical environment for people to explore — explore and learn. We have no idea how each of these teams are going to do anything. This is one of the only industries where you have an active adversary changing the whole spectrum of the environment on a daily basis. The ground is always changing and evolving at a rapid pace. Because of that, we don’t create a fictitious simulator like a pilot’s simulation that has rules and parameters, where people have to fly within those rules.” 

Doing similar within the CyberWar Games would introduce cognitive bias — would limit attack vectors to those already known to the games designers. “Instead, we build a planet; and say, here’s a planet, you figure out how to fly. We give them a task — but because it’s a complete kinetic environment, there is no imposed bias on how they might achieve that task.”

The CyberWar Games tap into the collective IQ of one of the world’s largest security firms — and what comes out is often a new and fresh look at possible attack vectors and the discovery of new 0-day vulnerabilities within that environment. 

The results from the Games are best seen from last year’s event, since those have already been resolved. The Symantec wargames against the healthcare industry discovered 20 0-days in a three-day period — effectively two-fifths of all the 0-days discovered by the rest of the industry in the entire year. “When we discovered the 20 0-days in various healthcare technologies, from EMR systems to diffusion pumps and POS in pharmacies,” explained Kapuria, “the first thing we did was to engage all the different vendors, and the users we knew about through our managed services. Since we had the teams that discovered the attacks, we could also design the solutions — which we gave back to the industry.”

This year, the result of the games has highlighted what Kapuria calls the ‘digital domino effect’ enabled by the increasingly interconnected nature of society and commerce — the effect of a successful cyber-attack can ripple through supply chains. “While devastating to a business,” he explains in an associated blog, “the ‘digital domino effect’ could have a greater societal impact by escalating a seemingly small cyber attack to an exchange of global power and influence by targeting the production and trade of important commodities like oil, metals and agricultural products.”

During this year’s CyberWar Games, he continues, “teams were able to infiltrate multiple entry points within a business targeting the fabric of connected devices. They were also able to use these smart systems to string together a series of attacks creating that ‘digital domino effect’, leading to an ultimate shift in the global power and influence scale through commodities trading. Given these results, we can conclude the next significant cyber attack will likely involve targeting the connected ecosystem of a major business, municipality or nation state, setting off, whether on accident or on purpose, the ‘domino effect’ that forces a change in global power.”

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...