recommended reading

War gaming offers agencies methodology for assessing risk

Civilian agencies should take cues from the military and use war game tactics to identify risks and assess recovery plans in case of emergency, whether a cyberattack or environmental disaster, said an author who specializes in the market.

War gaming methodologies that test an organization's ability to react to unforeseen threats traditionally have been reserved for military operations as a means for preparing for combat. The Army plans a particular invasion, for example, and a war game stages the possible responses to identify weaknesses in strategy and to help ensure troops are prepared. The Homeland Security Department also has relied on war gaming tactics, most notably with Cyber Storm, that simulate a large-scale coordinated cyberattack on the nation's infrastructure. In that example, the war game effort tests government's ability to protect its networks.

But war gaming, which looks at the what-ifs in assessing threats, is sometimes overlooked by smaller agencies that might not recognize the potential benefits, particularly in strengthening IT security, said Mark Herman, vice president at Booz Allen Hamilton. Herman leads the consulting firm's modeling, simulation, war gaming and analysis work, and recently wrote Wargaming for Leaders: Strategic Decision Making From the Battlefield to the Boardroom (McGraw-Hill, 2008).

"In IT -- cyber in particular -- there has always been a reliance on trend analysis," for identifying potential risk, Herman said. "There's a presumption that everything will work, and if someone does do something nasty to the network, we'll just figure out how to fix it and keep going. But that's not always going to work. Put multiple levels of stress on anything, and sooner or later it's just going to break."

As standard practice, agencies essentially should imagine the worst, and then put in place the necessary parameters to ensure they're well-protected, he said. Too often when deploying IT, according to Herman, agencies focus more on mission requirements -- ensuring processes can get done -- and less on the operational side of the deployment.

"That's what has me worried, because typically we don't have a clue," he said. "Can someone fly under the radar? What will [the agency] do if this particular event happens to cause the system to go down? Who has jurisdiction? The challenge is actually the antithesis of technology -- it's about humans."

War gaming forces individuals to look at the whole picture, Herman said, by bringing together all the stakeholders in a room and outlining the potential scenarios. The methodology is by no means specific to technology, he said, but can be used by any organization to assess risk and ensure proper contingency plans are in place. The Treasury Department could participate in a war game to define response to a theoretical global financial crisis, for example, or the Agriculture Department could participate in a war game to ensure a bad crop season doesn't cause a food supply shortage.

"As the situation unfolds, [participants] start to respond with questions and maybe realize that they're not very pleased with the outcome," Herman said. "Now, there's awareness, and everyone is in the same room to come up with solutions."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.