whyframeshot - stock.adobe.com


The benefits of network wargaming for enterprises

Wargaming isn't just for cybersecurity. Network wargaming gives network teams the skills they need to address non-cybersecurity events and emergencies.

It's no surprise that IT wargaming usually centers around cybersecurity -- after all, cyber enemies exist. But the technique is broadly useful in other parts of IT as well, where the enemy is more likely to be error or entropy than actual bad actors. Network wargaming is a prime example.

In this article, we discuss how network wargaming can help network professionals test their networks, plan incident response strategies and establish team communication.

Practicing and testing

At its most fundamental, wargaming is practicing a response to an event. The underlying question is: If X happens, what do you do? It's a type of role-playing game and, like all RPGs, it relies on a facilitator to build a scenario to which participants practice responding.

Wargaming is often also tied to specific policies, such as incident response and disaster recovery. Here, the goal is to test the policy's ability to correctly guide action in a given situation. For example, if you follow the policy, what happens? Does the policy cover what it should? War games can reveal that a policy goes too far -- it might too narrowly restrict the courses of action a person can follow -- or show that it fails to provide useful guidance in a test scenario.

Network teams should participate in cybersecurity wargames. The network is likely to be crucial in detecting and responding to an attack, even if it's initially unclear whether an anomalous network event is the result of an attack or a different problem.

But network teams should also conduct focused network wargaming exercises to sharpen and refine their responses to non-cybersecurity events and emergencies.

Decision-making and brainstorming

A good wargaming approach focuses on the key skills essential to effective incident response. These skills include the following:

  • Process the information available.
  • Sort fact from opinion.
  • Make decisions under pressure.

These underpin the observe, orient, decide and act loop. With OODA, participants observe the information provided, orient themselves as to what they know about and what they assume, and then decide what they would do in the event. In a wargaming scenario, however, participants don't follow through and literally act on the findings.

Teams don't need an emergency -- literally, an emergent situation -- to conduct network wargaming. An effective wargaming technique encourages participants -- individually or in small groups -- to propose courses of action to address potential vulnerabilities. This strategy helps teams and other stakeholders discover fresh approaches to chronic or recurring problems as easily as investigative emergency responses. Discussing the proposed actions enables participants to uncover the strengths and weaknesses of each approach.


Another benefit of network wargaming is that teams practice how to communicate clearly with each other in difficult situations. Team leaders learn how to convey the outcomes they're looking for, and everyone improves at asking more detailed questions. This skill set carries over into less stressful situations as well.

Wargaming is an essential organizational skill. It can't just be focused on cybersecurity. The next major event could be a natural disaster, a staffing disaster, a technological disaster or a PR disaster. Successful enterprises need a network-centric approach to wargaming and understand how to do it well. And they should be wargaming frequently -- at least quarterly, but preferably monthly or more.

John Burke is CTO and principal research analyst with Nemertes Research. With nearly two decades of technology experience, he has worked at all levels of IT, including end-user support specialist, programmer, system administrator, database specialist, network administrator, network architect and systems architect. His focus areas include AI, cloud, networking, infrastructure, automation and cybersecurity.

Dig Deeper on Network strategy and planning

Unified Communications
Mobile Computing
Data Center