Case study on Tyburn  team supporting a branch of the UK Armed Forces. The focus of the exercise programme was on cyber security threats to the service’s ability to sustain operations. A key requirement was ensuring the credibility of the exercise for a discerning audience. Exercises employed multimedia injects and AI generated content to drive immersion and to demonstrate capability; they successfully raised senior-level awareness of the threat posed by blended cyber-informational campaigns. 

This case study is based on an engagement conducted by Tyburn for a large UK based research organisation. Exercising was provided as part of a wider annual incident response retainer (IRR) with Tyburn, including for the organisation’s leadership team. Exercises went beyond cyber to encompass the full range of threats to the organisation’s security. They enabled the organisation to continue operations despite multiple ongoing events. The organisation’s CRO described their IRR with Tyburn as “the best money we have ever spent”.

The MC ‘02 exercise provides a valuable case study of the challenges that arise in the design and conduct of exercises. The representation of the adversary within the scenario is another instructive area to examine. Unrealistic adversary design or scenario can significantly denude the value of exercising at all.

In 2002, the US military conducted a large-scale exercise called Millennium Challenge (MC ‘02). The exercise was intended to test a set of ideas about how the US military should fight future wars. It also became a case study into how not to conduct exercises.