HITB LAB: When Sh*t’s on Fire: Digital Crisis Simulation

This workshop is a live digital crisis simulation game. Attendees are split into teams and roleplay a typical telco CERT. They have to deal with an escalating high-stakes incident that put them under pressure. They have to use strategic and analytical skills to solve the crisis, while keeping the company running and the executive board happy. This simulation pushes them to work together and keep their actions precise and thoroughly documented, while actively communicating with the company’s board, the press, and related third parties to minimise potential collateral damage.

Flow

• The attendees are split into teams of 4 to 5 people and each team represents a typical telco CERT.
• The trainers provide each team with an overview of the telco’s network assets and how the scoring system of the game works.
• The first incident is a DDoS alert from the telco’s fictitious SOC, which is escalated to the CERT. Each team can analyse the pcap provided by the SOC.
• A series of incidents start to happen, each at intervals of time that get shorter and shorter as the simulation progresses. These incidents seem innocent at first.
• An official threat is made to the company by a well-known evil hacker group.
• The teams start getting pressure from the board, the press, and even the government.

The teams have to combine the knowledge on forensics, OSINT, threat intelligence, threat hunting and malware analysis acquired during the training to identify the real source of the threat while preserving the peace by regularly communicating with the board and the press.

The teams have to report each incident using forensics reporting principles and they individually decide when to go into crisis mode.

Each team’s performance is measured by three meters: financial damage, reputation, and operational reliability, and an executive happiness level. These metrics and how they are influenced are made clear at the start of the simulation.

If a team goes into crisis mode, certain bonuses and penalties apply to the metrics. At the end of the simulation, the team with the best score wins the game.