How to Play Cyber Siege

Game Overview

Cyber Siege is a turn-based strategy game where players take on the role of either the Red Team (attackers) or Blue Team (defenders) in a cyber security scenario.

Red Team (Attackers)

Your goal is to progress through the kill chain and reach the COMPROMISED state before Blue Team can detect and respond to 10 alerts.

Blue Team (Defenders)

Your goal is to detect and respond to 5 alerts before the Red Team reaches the COMPROMISED state.

The Kill Chain

The Red Team progresses through the MITRE ATT&CK framework stages:

1
Initial Access
2
Execution
3
Persistence
4
Privilege Escalation
5
Defense Evasion
6
Lateral Movement
7
Collection
8
Exfiltration
9
Impact (COMPROMISED)

The Network

The game board represents a network with different types of nodes:

Servers

Critical infrastructure with valuable data

Databases

Store sensitive information and records

Endpoints

User workstations and computers

Routers

Network infrastructure connecting nodes

Each node has two key attributes:

Security Level
Vulnerability Level

Game Actions

Red Team Actions

Attack Actions

Red Team has different attack options based on their current stage in the kill chain. Each attack generates an alert for the Blue Team.

Kill Chain Progression

If Blue Team fails to properly respond to an alert, Red Team advances to the next stage of the kill chain.

Phishing Attacks

Phishing attacks are most effective against endpoints. Successfully phishing an unprotected endpoint will advance Red Team in the kill chain.

Attack Mitigation

When Blue Team successfully mitigates an attack, Red Team is pushed back one stage in the kill chain.

Victory Condition

Red Team wins by reaching the final stage (COMPROMISED) of the kill chain.

Blue Team Actions

Alert Response

Blue Team must choose the appropriate response based on the alert severity (low, medium, high).

Response Appropriateness

Choosing an inappropriate response will allow Red Team to advance in the kill chain and result in point penalties.

Isolate Systems

Blue Team can isolate compromised systems by selecting a node and using the "Isolate System" action. This takes the system offline and pushes Red Team back in the kill chain.

Customer Support

Do not Isolate more than 3 customers as this will cause significant impact on the business making you lose the game.

Victory Condition

Blue Team wins by successfully detecting and responding to 10 alerts before Red Team reaches the COMPROMISED state.

Alert Severity and Responses

Alerts have three severity levels, and each requires an appropriate response:

LOW SEVERITY

Early-stage reconnaissance or minor suspicious activity.

Appropriate Responses:
  • • Monitor Activity
  • • Investigate Alert
  • • Patch Vulnerabilities
MEDIUM SEVERITY

Potential exploitation attempts or suspicious execution.

Appropriate Responses:
  • • Investigate Alert
  • • Patch Vulnerabilities
  • • Isolate System
  • • Block Traffic
HIGH SEVERITY

Active exploitation, data exfiltration, or critical system compromise.

Appropriate Responses:
  • • Isolate System
  • • Wipe and Restore