IGF 2021 Day 0 Event #41 Cyber Stability Games: Learning the Complexities of Technical Attribution

Time
Monday, 6th December, 2021 (08:30 UTC) - Monday, 6th December, 2021 (09:45 UTC)
Room
Plenary Room

Organizer 1: Anastasiya Kazakova, Senior Public Affairs Manager, Kaspersky (Eastern European Group)
Organizer 2: Pierre Delcher, Senior Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky (Western European Group)
Organizer 3: Vladimir Radunović, Director, E-diplomacy and Cybersecurity Programmes, DiploFoundation (Eastern European Group)

Speakers

Speaker 1: Anastasiya Kazakova, Senior Public Affairs Manager, Kaspersky (Eastern European Group)
Speaker 2: Pierre Delcher, Senior Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky (Western European Group)
Speaker 3: Vladimir Radunović, Director, E-diplomacy and Cybersecurity Programmes, DiploFoundation (Eastern European Group)

Our session will be highly interactive: it is a security training organized in the format of the game, where all participants will have the opportunity to speak, participate in the discussion, ask questions etc. throughout the entire session.

Onsite Moderator
Anastasiya Kazakova, Kaspersky
Online Moderator

Vladimir Radunović, DiploFoundation

Rapporteur

Anastasiya Kazakova, Kaspersky

Format

Cyber capacity building exercise in the format of simulation/gamification based security training

Duration (minutes)
75
Language

English

Description

Cyber Stability Games is a capacity building exercise organized by DiploFoundation and Kaspersky to help all professionals who do not have a technical background learn the complexities of technical attribution.

Please kindly note that the participation in this game training is only possible from a computer/laptop. Using mobile phones and pads would not allow technically to access the Game training. Apologies for this inconvenience. 

International cooperation as well as success in responding to security events, conducting technical analysis and evaluation of the events are important prerequisites to stability in cyberspace. That is why we have organized the capacity building exercise based on Kaspersky Interactive Protection Simulation (KIPS), which places players into a simulated environment where they face a series of unexpected cyber threats, while trying to maintain confidence. KIPS as a ‘detective learning exercise’ teaches players to build a cyber defense strategy by making choices among the best proactive and reactive controls available.

KIPS simulates a scenario where participants – playing diplomats in a fictional reality and world – face an attack(s) on the UN First Committee, which deals with matters of disarmament , global challenges and threats (including in cyberspace), and maintaining world peace and international security.

The technical attribution edition aims to teach players about the complexities of technical attribution; i.e., it is technical malware analysis. Action cards played and thus decisions made by players through five turns will either lead them to the most accurate technical analysis and help understand who is the culprit by collecting technical pieces of evidence, or will spark greater uncertainty and cyber-instability if the riddle is not solved.

The session will thus contribute to two IGF 2021 topics: 1. Inclusive internet governance ecosystems and digital cooperation. Particularly, the session aims to incentivize players to advance global digital cooperation for achieving higher results in the simulation. Through the simulation, players will face security events and thus will also learn more about their technical aspects as well as about technical internet governance. 2. Trust, security and stability. Particularly, the session aims to encourage discussions on addressing risks to cyber-stability through greater information sharing and exchange between different stakeholder groups. The session will focus on teaching players about the complexities of technical attribution in the context of a fictional reality and cyberattack on an international organization. Specially designed on-boarding and debriefing parts of the sessions aim to incentivize discussions on cyber-stability, roles and responsibility in protecting against cyber-attacks, existing practices and mechanisms for global cooperation.

The session has dedicated onboarding parts to facilitate participation – at the beginning and at the end of the session.

At the beginning moderators will place players into a simulated fictional reality and provide all necessary tools: a separate software application for the game/training where action cards and messages are in-built; cards with profiles of possible threat actors; and glossary with technical terms used in the game/training.

At the end, moderators will unveil the scenario and, through explaining what has actually happened, teach players on the complexities of technical attribution.

A separate part – debriefing – is also included to discuss with participants their reflections on a broader set of issues on global cooperation, cyber-stability, and existing and necessary mechanisms for the security of cyberspace.

The Games will be organized fully virtually.

Key Takeaways (* deadline 2 hours after session)

The game training on learning the complexities of technical attribution has been conducted and it has been highlighted that in dealing with unknown cyber events or incidents, it is important to focus on investigation and take time to gather all required information before deciding and taking action.

Technical attribution is complex. Many factors should be taken into account (TTPs, possible goals of attackers and motivation, incident severity, geopolitical context, etc.)

Call to Action (* deadline 2 hours after session)

Investigation & remediation will help collect the necessary pieces of evidence of what has happened for technical attribution and proper internal and external communication.

International cooperation, including with other States, CERTs, international organizations and private cybersecurity professionals will help in achieving all three stages: investigation, remediation, and technical attribution.