The challenges our industry faces are almost too numerous to count. However, through collaboration, we can share ideas and expertise in an effort to devise strategies and approaches for managing the risks emerging in this new digital era. As RSA President Rohit Ghai said during his RSA Conference 2019 keynote, “cybersecurity is a team sport.”
To that end, I was honored to represent RSA at Cybereason’s Operation Blackout, an industry-driven, virtual tabletop exercise that brought together leaders from the public and private sectors to review and illustrate the threats to election security. Collaborative efforts, like Operation Blackout, are essential for helping address some of the greatest threats and challenges of our time.
Borrowing a page from the role-playing manuals of old, it ran as a tabletop exercise with 4 teams: red for attackers, blue for defenders, green for observers and white for game control and adjudication. With over 50 people in attendance -- from local universities in Boston, City and State officials in Massachusetts, Federal agencies and private companies -- we were all reminded of how powerful the defenders can be when united.
Some of the takeaways and learnings from the experience include:
- Specifics on communication around using media, channels and the community;
- Establishing go-to relationships with other government agencies;
- Developing playbooks;
- Coordinating with the private sector
Tabletop Exercises Remain a Tried-and-True Risk Management Tactic
Pioneered in its modern form in the 19th century by the Prussian army as kriegsspiel, and popularized by hobbyist tabletop gaming like Dungeons and Dragons, tabletop simulation remains a critical risk management exercise.
Given that peacetime is the time to prepare for the next conflict, there is no substitute for tabletop exercises. Remember, it's critical to include cross-organizational functions in these exercises. Together, every side has an opportunity to learn, collaborate and determine what role it plays in the mitigation of business risk.
Tabletops are used everywhere today: from business school to sales training to think tanks and project management. The best tabletop exercises enable immersion and fool the brain into thinking that what is happening is real, and then open the doors to analysis, learning and improvement.
The application for tabletop exercises extend beyond election security. They should be used by every organization in every industry that wants to prepare for future business challenges. That can range from risk management to vulnerability management or just testing operational resiliency.
Reflecting on the Role of Tabletop Exercises for Election Security
Weeks away from the 2020 Presidential Election, it's important, yet worrisome, to remember: it doesn’t take a large budget to create havoc. Yet, tabletop exercises can help get us ready.
Despite the efforts of Operation Blackout, there's more that needs to be done. The template isn't proprietary, and this type of exercise is essential to help state and local governments get safety right. It will help ensure that we establish the type of election we want; not the type of election the adversary wants.