I've decided to do something new here on the blog. I think I'm going to take a crack at short reviews of books I'm reading. This first entry is on a book I received for Christmas, that I quickly tore through, as it had been on my to-read list for a long while, and hits nearly all of my interests: technology, professional wargaming, game design, and self publishing. How does it stack up? Let's see.
Title: Dark Guest: Training Games for Cyber Warfare
Author(s): John Curry and Tim Price MBE
ISBN: 978-1-4710-8548-2 (Full color softcover), 978-1-4716-3415-4 (Black & white softcover)
This is a book of four training exercises to stress the importance of IT security to non-technical staff. In this aspect the book does well, especially for being very nearly alone in it's field -- this is perhaps the only widely-available text on the topic, at the moment, and I use 'widely' very loosely here.
The first of the four games included in the book, which happened to be the one I was least interested in, is a card game titled 'Hack This!'. It's extremely simplistic, but absolutely dripping with good educational research. Unfortunately, it also occupies 2/3 of the pages of the book because it's a card game, and has far too many cards to be distributed in a printed book format. Ah well. It looks like it would be a very good teaching tool for non-technical managers, but one can't help but notice the distinct lack of governmental agency in the design -- this is likely due to the fact that prior to the PRISM and X-Keyscore, etc. revelations (this book was written in Summer 2011), people weren't necessarily thinking about governmental actions in cyberspace, but at the same time it feels like a serious oversight given that the book is subtitled "Training Games for Cyber Warfare", as in "That thing that governments do under cover of the net."
Game 2, 'Enterprise Defender' is a business simulation thing, a very smooth 'what-if' scenario. Not too much to speak of in rules, but more as a way to help IT managers realize what they're missing in terms of policies and contingency plans. I might actually suggest this to my managers...
Game 3 is a simplified Matrix Game titled 'All Your Secrets Are Belong to Us', and it looks fantastic. The one sticking point I have with it is that it represents the hacker collective 'Anonymous' as a single player. But that can't necessarily be avoided. Good ideas and great execution. I'd love to give something like this a go sometime.
Game 4, 'Exercise Tallin Soldier' is a CPX-style game centering on the Estonian Internet Crisis of late spring 2007. It is modeled after a highly simplified version of the US' Exercise Cyber Storm (2006), reducing players from >1000 to 4, and umpires from >100 to 1. It is extremely railroady -- the exercise and events will unfold no matter what. As an educational tool, I see great use... as a game or a 'realistic' simulation, much less so. Still, a very useful model to grab ideas from... and it was a nice break from the norm with respect to involving the cyber-security realm heavily, as all of the attacks are purely infrastructurally targeted DDoSs.
It is a good read, but not without its blunders. For example, there are a large number of typos, and none of the images are scaled correctly, causing grainy, unclear artifacts in the text. But it is a self-published work, and that is to be expected -- it's such a niche work that no traditional publisher in their right minds would pick it up, as the profit margins are neigh non-existant. It is perhaps the best text in the field, simply because there are no other texts in the field... which is a shame, but it certainly gives me ideas.
Overall, I'd give it a 5/7.