I was one of the team leaders for a tabletop exercise held during the November 2017 Cyber3 Conference at Keio University in Tokyo. The following are some of the lessons learned from a joint task force tabletop exercise:

The most effective participants communicated rapidly with domestic and international partners, shared information, and formed conclusions that helped mitigate the DDoS attacks and the power grid disruption. Other teams chose not to make key recommendations to higher authorities because they questioned their legality. Some players tried to send requests directly up the chain of command to lead agencies, instead of sharing horizontally.

Aside from the importance of sharing information and communicating across regulatory jurisdictions, one of the most important lessons gained from the TTX is that participants need to develop situational awareness as events unfold. This involves understanding how the individual pieces fit into the bigger picture, as well as being aware of the timeline of phishing attacks transitioning to power grid disruptions. The same will hold for any large cyber incident.

Operation Rugby Daemon showed that Japan must develop a series of TTXs to raise awareness about cybersecurity for the upcoming sports events. It must develop experienced game veterans who can offer useful recommendations in real-world situations. Japan also needs experts with the ability to make decisions based on incomplete information – a stressful experience that can only be prepared for during TTX exercises like the Rugby World Cup scenario. Book knowledge and checklists are no match for the ability to coordinate, share information and make quick decisions that can have a huge impact in a crisis.

The exercise was quite enjoyable and an interesting exercise in seeing how representatives from disparate agencies can collaborate in real-time on important issues potentially impacting an important event. My team was a tough one. They were more concerned with the legality of some of the questions rather than taking quick action to resolve a situation.

It was quite eye opening, and actually more terrifying than anything. If the task force actually took these actions during the event the outcome would most likely have been catastrophic.

Senior cyber security military leadership has recently convened for the National Defense Symposium conference focusing on how to secure the nations networks (emphasis added):

The two-day Cyber Security for National Defense Symposium kicked off Tuesday with an address from Adm. Michael Rogers, the head U.S. Cyber Command and director of the National Security Agency. Rogers is one of more than half a dozen top level military cyber leaders slated to speak during the event, which is hosted by the Defense Strategies Institute just outside Washington, D.C.

The symposium carries renewed relevance as the Obama administration redoubles efforts to secure government networks following a hack of the Office of Personnel Management this summer that compromised more than 21.5 million personnel records.

The symposium is closed to media, and officials with Defense Strategies Institute did not immediately respond to queries about what led to that decision. According to the agenda posted on the Defense Strategies Institute’s website, the symposium will focus on “policy, operations and technology designed to defend critical networks and allow for the freedom of operation in the cyber domain.”

“Cyber intrusions … threaten the ability of U.S. defense and security personnel to operate effectively,” the agenda states.

Military leaders have worked to bolster cyber security capabilities in recent years, including looking for ways to better integrate cyber warriors into offensive battlefield operations where they can gather actionable intelligence or cripple an enemy’s ability to communicate. In the Marine Corps, Marine air ground task force planning staffs now include cyber advisers.

Interop Tokyo 2015
Just a nice quick wide-angle shot of Interop Tokyo 2015 at Makuhari Messe on Friday June 12, the final day of the three-day yearly event. It was a long day of standing at the Intel Security booth but overall a lot of fun.