Tuesday, 1 August 2023

The Information Game at COW 2023

I’ve worked in IT for decades, latterly in architecture and risk management and I worked in partnership with our Chief Information Security Officer on managing security. I signed up for Toms game 'The Information Game' as I remain interested in how you can make a game out of information management and cyber security without it being hideously complex or very domain specific. 

This specific session was a military training game around information management in the modern environment, covering the challenges of acquiring (reliable) data, turning that into information and generating knowledge. Meanwhile other people are doing the same thing, and possibly trying to interfere with your efforts.

We had a limited initial budget with which to purchase data collection facilities (sigint etc), information processing capabilities and various offensive or defensive cyber capabilities. There was then a limited amount of regular funding available each turn.




Tom outlines how it all works. Essentially we had to generate valid information tiles (the light coloured stack of cards on the left) to play on the big grid, from a big stack of data tiles (the bigger stack beside the information tiles).



The poker chips are our budget, and the cards on the bottom left are the Data Collectors, the ones on the right, Information Management and Cyber capabilities. Naturally we don't have enough cash for everything, and some of these capabilities come with operating costs. With a budget of only two chips per turn, you can't have high operating costs.

We were playing competitively against another team, and the task was to be the first to find a particular target in an un-named geographical location. Our team comprised myself, Mike Elliott and Alex Kleanthous. We went heavily for Information Processing capabilities, a bit light on Data Collection and very light indeed on offensive or defensive cyber. Critically, we bought a data archive and extra (surge) data processing capability, so we could process data into information twice as fast and failed information collection attempts could be stored in an archive for later processing.


As we generated information cards, we had to arrange them on the grid, essentially this was map jigsaw and you needed to line up the roads, railways, contours etc which proved harder than it sounds. The big cross is the target, but at this stage we couldn't be sure if we had the vertical and horizontal alignment right.

It became apparent fairly early on that our opponents had adopted a different strategy as our information grid had half a dozen tiles on it while they only had a couple. We were soon subject to repeated cyber attacks and had to invest in some better defences, and after much puzzling it soon became apparent that we had also been fed some duff data. It didn’t matter though as our information processing throughput was so vast by now that once we realised what the problem was, we could filter out the incorrect information quite quickly and we handily identified the target by process of elimination. The other team were only a couple of turns behind too, but were forced to resort to (informed) guesswork to catch up.


End game. We've filtered out the duff data and got the map aligned properly. You don't need to fill the entire grid, just get the target zone aligned properly. Drone strike to A4 please.

A very clever game design indeed, I wouldn’t know where to start with such a thing, and one which reinforced the learning points Tom needed to make. I suspect having two information management specialists on our team helped, whereas the others were a bit cyber heavy, but again the point of the game was to demonstrate successful strategies. If I was to play again I’d probably get more data collection resources up front, although in the game we managed to acquire some more half way through.











No comments:

Post a Comment