CyberFish offer facilitated and self-paced Exercising and Learning modules for the wider crisis management team via our Resilience Dojo Platform.
Making Teams Crisis-Ready – The Exercise Scenario Library
1. Exercise Scenario - MoneySafe Ransomware
This scenario focuses on the experience of MoneySafe Bank, as it is targeted by a developing malicious ransomware cyber-attack. The attack impacts the investment banking branch first before spreading to the retail and corporate parts of the business. Playing the scenario, delegates will be addressing a number of events and will be taken through technical, organisational and professional challenges. Players will take on the role of the Bank’s Incident Response Team.
They will be expected to make key assessments, decisions and recommendations over the course of the incidents as the attack intensifies across the Bank, managing the demands of the panicked clients, the public and media, financial regulators and data protection authorities, investigatory authorities and international information-sharing networks among other challenges.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Crisis Management Teams and Comms Teams
Competencies Exercised:
- IR process (NIST), Data Protection (GDPR), Ransomware Playbooks, Crisis Communications, Debriefing Senior Stakeholders and Media Representatives
2. Exercise Scenario - MoneySafe DeepFake Crisis
This scenario focuses on the experience of MoneySafe Bank, as it becomes victim of a complex disinformation and misinformation attack. The incident involves the deliberate spread across social media of both mis and disinformation efforts to undermine the reputation of the company, damage its reputation and undermine the legitimacy of its CEO. The incident subsequently includes a deepfake video (a synthetically machine generated video), which is released online, the issue immediately becomes more serious and impact to the company more consequential.
Delegates will practice response to combat future mis and disinformation attacks, and how to safeguard the reputation of the business following an incident.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Financial Sector & Government
Competencies Exercised:
- RESIST 2 Counter Disinformation Framework, Data Protection (GDPR), Crisis Communications, Decision Making, Stakeholder Management, Wider Impact of Dis/Misinformation Attacks
3. Exercise Scenario - SafeCom 2FA Fraud
The scenario is set in a fictitious country, Ambrosia, where SafeCom are the main telecommunications provider. Safecom recently became majority-owned by a global telco, headquartered in Denver, Americas. This scenario’s challenges focus on the experience of SafeCom as it is targeted by an advanced cybercrime group: they have managed to get access to a part of the carrier’s network signalling equipment.
The local banks in Ambrosia rely on SMS as a 2FA tool in their security processes... Delegates will take on the role of SafeCom’s Board (minus an absent CEO). The technical challenges are amplified by widely publicised news of cybercrime nearly claiming the life of Amina, a local restaurant owner in Ambrosia, who is claiming that she had been a
victim of banking fraud.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
Competencies Exercised:
- IR process, Supply Chain (NIST), Leadership, Crisis Comms, Statements, Regulatory Issues, Decision Making, Business & Societal Impact of Cyber Attacks
4. Exercise Scenario - AWU Supply Chain
The exercise takes participants back to Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. Playing the previous AWU exercise is not prerequisite to understanding this game. This exercise challenges cross-functional business understanding, and recognition of internal team / supply chain challenges from different perspectives. Participating will foster cross functional business understanding between teams and help to developing a shared language for crisis management decision-making and comms between IT and commercial teams.
Delegates will take the role of Board members at AWU and the objective of the exercise will be to arrive at mutually acceptable ways of co-operating and experiencing pressures from different perspectives revolving around a supply chain & contract breach.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Supply Chain Partners and Different Organisational Units to Play Together
Competencies Exercised:
- Cross-Functional Co-Operation, Regulatory Compliance (NIS, DWI, NIST), Crisis Comms, Decision-Making (Strategic and Tactical) & Business Implications
5. Exercise Scenario - AWU - OT / IT
The incident is playing out in a private UK water company, Amazonia Water UK (AWU), which was recently acquired by a US energy company, as part of their ‘greening’ programme. The management of the US company don’t see water as a major part of the Group’s revenue or value... The water company has an IT estate and an OT estate. There are barriers between these estates, for security and monitoring purposes, but many years of nothing going seriously wrong has allowed some OT-side monitoring computers to have direct connections to management systems in the IT estate...
Delegates will take the role of Board members at AWU and will be making decisions responding to the technical incursion. They will have to take into account the risks to the public, health and reputation of the company, and the public’s expectations, whilst defending the business interests and reputation of their parent company.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Critical National Infrastructure
Competencies Exercised:
- Regulatory Compliance (NIS, DWI, NIST), Cyber Security Strategy, Crisis Comms, Press Conference Practice, Decision-Making
6. Exercise Scenario - Trusted Foods Safety
Could eco-warriors manage to get access to the internal OT network of a food producer’s mill operations, and adjust the ingredients going into organic food production? Or is an insider behind the evolving attack at Trusted Foods? An exercise geared towards production environments in the food supply chain and/or FMCG IR teams. Delegates will be taking the role of the Incident Response team at Trusted Foods Ltd., as it's targeted by a global environmental movement, who seems to have gained access to confidential information from the company networks.
Participants will be challenged across different areas, such as customer safety issues, working with regulators and making key decisions as they progress through the different stages of the evolving attack.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Crisis Management Team, Comms Team, Quality Assurance Teams in FMCG Production
Competencies Exercised:
- Cross-Functional Co-Operation, Regulatory Compliance, Crisis Comms, Decision-Making, Customer Relationships Management, Food Supply Chain and Foods Safety
7. Exercise Scenario - City of Londonia Police
This scenario focuses on an APT attack against a nation-state (United Queendom, capital city Londonia). Participants will assume the role of new Head of Security Operations of the National Cyber Security Centre and will be tasked with reacting, responding, and mitigation of a series of escalating cyber and cyber-physical threats. The attack culminates with malicious activity targeting the nation’s central police databases. Several cyber security incidents are covered in the scenario, such as a DDoS attack, VPN vulnerabilities, business email compromise fraud, malware and data theft.
Other challenges and decision points include issues about remote working, supply chain vulnerabilities, Critical National Infrastructure regulatory compliance including a Water Plant, human aspects of cyber security such as a suspected insider threat and social engineering. Participants will be responding to challenges including threat intelligence and threat modelling, law enforcement capabilities, and communications and stakeholder management in a major incident context.
Play time:
- Full Exercise: 4 hours (Facilitated)
- Basic Challenges: 90 mins (Automated)
Technical Maturity:
Recommended Delegates:
- Government, Law Enforcement, Critical National Infrastructure
Competencies Exercised:
- CNI Regulatory Compliance, Cyber Crime Investigations, Cross-Border Co-Operation, Leadership, Decision-Making, Stakeholder Communications, Cross-Cultural Communications
