CyberX 2.0: From Hacks to Head Games - Evolving Cyber Defence with Strategic Twists and Tactical Consequences

Abstract

CyberX is a unique, large-scale cyber operations exercise that incorporates a cyber-kinetic battlespace, designed to provide participants with a realistic, multifaceted problem space. The original environment offered limited support for Information Environment operations beyond scenarios for Defensive Cyber Operations, Offensive Cyber Operations, and Computer Network Exploitation. These scenarios did not initially include aspects of information operations or cognitive influence, such as diplomacy, propaganda, fake news, social media manipulation, and political subversion—key elements associated with hybrid warfare. This paper presents the ongoing evolution of CyberX, which introduces new dimensions of Information Operations to enhance the exercise scenarios and broaden learning opportunities for participants. The goal is to incorporate open-source intelligence and cognitive influence elements into Information Environment operations. New features include a geopolitical context for the mission scenario and a cognitive dimension to the Information Environment, ensuring that decisions made at the tactical cyberspace level carry real consequences. An integrated social media environment now supports Information Operations scenarios, populated by simulated personas and social media interactions. Exercise control referees use this platform to set up the scenario and manage gameplay. The platform leverages AI to semi-automatically generate message content, blending AI-generated rumors with ground-truth information. This simulated information space provides commanders with a more nuanced understanding of adversary disposition and movements. However, with this enhanced insight comes a greater strategic responsibility, requiring commanders to operate within the cognitive geopolitical space. This evolution makes the CyberX mission scenarios more tangible and realistic. The goal is to ensure that decisions made at the tactical cyberspace layer have real consequences. Choices aimed at locally optimizing risk in response to a cyber threat at the expense of overall mission success are discouraged. The learning outcomes now emphasize the integrated nature of cyber operations with other operational domains and their interdependence for mission success.