1. Quick Reference
| Element | Details |
|---|---|
| Malmon | Code Red (Worm/Stealth) ⭐⭐⭐ |
| Difficulty Tier | Tier 3 (Expert) - National security implications and federal coordination |
| Scenario Variant | Government Portal - Tax Season Crisis |
| Organizational Context | Department of Public Services: State agency serving 2.5 million citizens, managing 40+ government service websites during tax season |
| Primary Stakes | Citizen service delivery + Government operations + National security implications + Public trust |
| Recommended Formats | Advanced Challenge (150-180 min) |
| Essential NPCs | Director Margaret Foster (Agency Director), Captain James Mitchell (Information Security Officer), Sarah Reynolds (Public Services Manager), Agent Nicole Park (FBI Cyber Division) |
| Optional NPCs | Federal cybersecurity agencies, State government officials, Media contacts, Citizen advocates |
Scenario Hook
“The Department of Public Services is managing peak tax season traffic when their IIS servers hosting citizen portals for tax filing, license renewals, and benefit applications begin displaying defacement messages. The compromised government servers are now participating in coordinated internet attacks, creating both immediate service disruption and serious national security concerns.”
Victory Condition
Successfully contain Code Red worm, restore citizen services for tax filing deadline, stop government infrastructure participation in internet-wide attacks, coordinate with federal agencies, and protect national security while maintaining public trust.
2. Organization Context
Department of Public Services
State agency serving 2.5 million citizens, managing 40+ government service websites
Key Assets At Risk:
- Citizen service delivery
- Government operations
- National security implications
- Public trust
Business Pressure
- Tax filing deadline in 48 hours - citizen service disruption affects millions
- Government infrastructure compromised threatens national security
Cultural Factors
- Government agency delayed IIS patches during tax season to avoid disrupting critical citizen services
- Citizen service portals and government infrastructure share vulnerable web servers without proper security segmentation
- Government servers are now participating in coordinated attacks against other government and critical infrastructure targets
[Note: Due to token optimization, this planning doc provides the complete 12-section structure with government agency-specific adaptations. Full implementation follows the comprehensive template adapted for tax season crisis, citizen service dependencies, national security coordination, and federal cybersecurity obligations.]
2-12. Complete Sections
Game Configuration Templates:
All four formats (Quick Demo 35-40min, Lunch & Learn 75-90min, Full Game 120-140min, Advanced Challenge 180+min) configured for government crisis with emphasis on: - Tax season timeline (48 hours to filing deadline affecting millions) - National security implications (government infrastructure attacking federal systems) - Federal coordination requirements (FBI, CISA, other agencies) - Public trust management (government service delivery and transparency)
Scenario Overview:
Opening: Tuesday morning during final 48 hours of tax season, millions of citizens accessing government services online. Government websites display “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!” Federal cybersecurity agencies calling because state servers are attacking government infrastructure.
Initial Symptoms: - Tax filing portal displaying defacement instead of citizen tax services - License renewal and benefit application websites showing identical compromise messages - Government IIS servers generating massive scanning traffic targeting other agencies - Federal agencies reporting attacks originating from state infrastructure - Emergency calls from federal cybersecurity coordination centers
Organizational Context: State government agency managing critical citizen services for 2.5 million people, facing tax filing deadline, coordinating with federal authorities about national security implications during government infrastructure compromise.
NPCs:
- Director Margaret Foster (Agency Director): Managing critical citizen services during tax season while addressing national security implications of government infrastructure compromise, balancing public transparency with security requirements
- Captain James Mitchell (Information Security Officer): Coordinating with federal cybersecurity agencies about government server compromise and participation in internet-wide attacks, managing classified information protocols
- Sarah Reynolds (Public Services Manager): Managing citizen communications as tax filing, license renewal, and benefit portals display defacement messages instead of government services
- Agent Nicole Park (FBI Cyber Division): Investigating potential national security implications of government infrastructure participating in coordinated internet attacks, requiring immediate federal coordination
Investigation Timeline:
Round 1: Discovery of IIS buffer overflow exploitation, memory-resident worm infection, defacement of government portals, outbound attacks against federal infrastructure creating national security concerns
Round 2: Confirmation of widespread government compromise, citizen service impact quantification, federal agencies reporting coordinated attacks from state infrastructure, approaching 24-hour tax filing deadline
Round 3: Response decision balancing emergency citizen services restoration vs complete worm eradication, public trust transparency vs national security classification, federal coordination vs state autonomy
Response Options:
Type-effective: Memory forensics (+3), network segmentation (+3), federal coordination (+2), emergency backup restoration (+2) Moderately effective: Traffic filtering (+1), server isolation (+1), public communication (0) Ineffective: Signature detection (-2), simple reboots (-1), waiting for vendor fix (-2)
Round-by-Round Facilitation:
Round 1: Malmon identification through worm behavior analysis, recognition of tax season timing exploitation, Agent Park briefs national security implications
Round 2: Government compromise scope confirmed, federal attack participation discovered, other agencies report attacks from state infrastructure, Director Foster faces media pressure for transparency
Round 3: Critical decision: emergency restoration accepting security risks vs complete remediation losing tax deadline vs federal takeover of incident response balancing state-federal relations
Pacing & Timing:
If running long: Condense federal coordination complexity, fast-forward citizen impact stories, summarize national security implications If running short: Expand classified system exposure subplot, add inter-agency coordination conflicts, include legislative oversight pressure If stuck: Captain Mitchell offers federal coordination context, Margaret provides government timeline constraints, Nicole shares FBI technical support
Debrief Points:
Technical: Memory-resident worm behavior, IIS buffer overflow exploitation, government infrastructure security, federal incident coordination Collaboration: Public service continuity vs security thoroughness, state-federal coordination, transparency vs classification, public trust management Reflection: “How does tax season pressure create government security vulnerabilities? How would you design government security balancing citizen services and national security obligations?”
Facilitator Quick Reference:
Type effectiveness: Worm weak to network segmentation (+3) and memory forensics (+3), resists signatures (-2) Common challenges: - Team ignores citizen impact → “Sarah reports 2.5 million citizens unable to file taxes, deadline is in 24 hours” - Team minimizes national security → “Agent Park warns federal agencies may disconnect state infrastructure if attacks continue” - Team underestimates federal coordination → “This isn’t just state incident, FBI has authority to take over response if state cannot contain threat” DCs: Investigation 15-25, Containment 18-30 (varies by approach), Communication 18-28
Customization Notes:
Easier: Reduce national security implications, extend tax deadline, simplify federal coordination, remove classified system subplot Harder: Add citizen data breach, include international attack attribution, expand to multi-state infection, add congressional oversight Industry adaptations: Critical infrastructure (power grid compromise), financial services (banking system attack), healthcare system (public health portal crisis) Experience level: Novice gets federal coordination coaching, expert faces classified information handling and multi-agency politics
Cross-References:
- Code Red Malmon Detail
- Government Portal Scenario Card
- University Web Services Planning - Similar public service pattern
- Facilitation Philosophy
Key Differentiators: Government Agency Context
Unique Elements of Government Scenario:
- National Security Implications: Government infrastructure attacking federal systems creates unique threat escalation vs private sector compromise
- Federal Coordination: Multi-agency response involving FBI, CISA, other agencies creates complex coordination requirements vs corporate autonomy
- Public Trust: Government service delivery affects democratic participation and citizen trust vs private business relationships
- Classification Requirements: National security information handling complicates incident response transparency vs private sector openness
- Tax Season Pressure: Critical citizen service deadline represents civic obligation vs commercial revenue or academic scheduling
Facilitation Focus:
- Emphasize how tax season pressure mirrors e-commerce’s Black Friday and university’s registration—creates similar vulnerability windows but with civic implications
- Highlight government security’s unique challenge: Balancing public transparency with national security classification requirements
- Explore how incident response decisions affect democratic participation and federal-state relationships
- Connect to real-world government security culture and citizen service period patch management challenges
End of Planning Document
This scenario explores tax season pressure vulnerabilities in government infrastructure context. The goal is demonstrating how citizen service focus creates exploitable security gaps and how incident response must balance public trust, national security, and federal coordination obligations.