So we've done a number of Overwatch-related posts on this blog. And I wanted to talk about the method behind the madness. First of all, I wanted to talk about what you see when you read cyber policy papers: simple game theory inspired by the arguments around nuclear deterrence.
The problem with this kind of work is that no matter how many variables people add to these models, they don't capture the nature of either cyber offense or cyber defense in a way that can start to predict real world behavior.
Practitioners have other frameworks and models (c.f. Matt Monte's book), and the one I've chosen is Overwatch for the following reasons:
- Overwatch is extremely popular in the hacking community and almost universally well understood, even at the highest levels (more so than other sports, such as Football or Basketball). It's possible this is because Overwatch's themes and story resonate strongly in this day and age, for reasons beyond this blog.
- As an E-sport, tactical development in Overwatch is directly measured and both teams are on identical ground (no amount of steroids can overcome a bad strategy)
- The diverse character set and abilities explore nicely the entire space of possibilities and translates well to the cyber war domain
- Overwatch analysis has a rich, coherent and well understood terminology set (Shotcallers, "Sustain", win-condition, Deathballs, meta changes, team-comp, wombo-combos, etc.).
This keynote explains our model for adversarial action in the cyber domain using Overwatch analogies.
Immunity is not the only team to use this kind of language to develop an analysis framework for extremely complex systems. An extremely popular series of biology videos on YouTube right now is the Tier Zoo videos, where he discusses various animals as if they were playable Overwatch character classes. The key thing here being: This is a much more illuminating way to classify survival strategies than you might have imagined. And of course, it demonstrates this model works at the most complex levels available (aka, the real world).
Treating cyber security offense and defense as discrete automata may still provide some value for policy decision making, but it is more likely that an Overwatch-based model will be able to provide predictive value - much as simple expert systems have now been replaced for complex decision making by deep learning algorithms.