Wargames - how safe is your school? - ANME Blog

Wargames - how safe is your school?

Posted on: 1st Feb 2022 by: Ian Stockbridge

Take a moment to congratulate yourselves and your teams for helping to provide education in the most challenging conditions since World War II. Covid-19 has taken the most terrible toll on friends, family and the economy globally. It can be hard to find a silver lining when something so tragic happens, but that is exactly what I would like to try to do.

Delivering education in these terrible conditions has made schools across the country look at IT in a completely different way, adopting new IT systems and practices in weeks that, in different circumstances, would have been delayed by years of procrastination and discussion. We have delivered benefits to staff and students that will last beyond Covid-19, and I take great heart in that.

The problem with having delivered remote access and teaching for education is that security policies and technical measures may not have adapted at the same rate. The world of cybercrime has been quick to take advantage of this. Ransomware attacks targeted at education and their devastating effects over the past 24 months have all too often made the headlines.

We as a society need to holistically review cyber security and acknowledge our dependence on technology. We all have a responsibility to better protect the systems we depend on. The Government has never been more explicit on this. So far this year, the Government has published a National Cyber Strategy 2022[1] and a Government Cyber Security Strategy 2022-2030[2].

It makes sense that we in the education sector do our part in reviewing our own cyber defences in 2022 and identify where improvements need to be made so that we can continue to do what we do best – help deliver education.

The most crucial first step in this journey is getting support from the highest level. It should be clear to all the value IT has delivered over the last two years in the education sector. It was our “Apollo 13” moment for myself and my team, delivering great success whilst facing a very real crisis. What may not be clear to governors, trustees, and senior management is how delivering these new services may have changed an organisation’s risks. It is essential that the whole organisation has a thorough understanding of the risks related to cyber security. Without support from the top, there is no mandate to bring in new policies and no justification for extra resources or funding. Cyber security needs to be evaluated from a “not if but when” perspective.

So let us start with questions that governors and trustees absolutely need to discuss with the school leaders...  The NCSC has published an excellent document[3] that provides eight insightful questions for governors and school leaders to get the ball rolling.

This should generate some probing questions for IT departments. To really get the discussion flowing the second and vital step is where you invite governors, trustees, and senior management to play a game of “Global Thermo Nuclear War”. Now all of you old enough to remember “Wargames” will be smiling (the younger staff can just go Google it) and thinking “what does this have to do with the governors, trustees and senior management?”. Well, in that film, the computer ran thousands of simulations to work out what would be the best way to “win a nuclear war” without actually having one.

So why can’t we simulate having a cyber incident without actually having one? The great news is that you can, and the process is sometimes described as “Wargaming” (tenuous link, but we got there in the end). Once again, the NCSC has delivered another excellent free resource for us. They call it rather unexcitingly “Exercise in a box”[4].

Whilst not as exciting as simulating the end of the world, it helps you simulate a series of different types of cyber-event without being under the pressure of dealing with an actual cyber-event. Ideally, you will want a representative from the board of governors or trustees, a member of senior management, your data protection officer, and the IT manager. If possible, get a teacher to effectively run the event like a presenter, allowing the key stakeholders to focus on their specialist areas.

These two processes will reveal one of two things:

  1. You are totally prepared and ever-vigilant to the changing cyber risks.
  2. You will have identified areas that require further attention.

The idea of this first blog is to get the ball rolling and get people asking the right questions about cyber security.

If you have found this helpful, I will follow up with some suggestions about what to do next.

May the force be with you.

Ian Stockbridge
ANME Member
ICT Manager at Concord College
Studying for BSc Cyber Security

Tags: Ian Stockbridge,

Latest News

Next Event/Meeting

Latest Tweet

Places still available for #WM13 where #ANME Ambassador @Mr_j_marshall will be leading a session on Thinking outsid… https://twitter.com/i/web/status/1529840212171448320

11 hours ago

Testimonials from Members & Partners

  • “Fantastic event, with interesting content and very well organised.”

    Alain Squiteri, Sales Director - InVentry

  • I thought the day was excellent. It was really good to have the companies there and invaluable for meeting and speaking with new contacts. I really hope this carries on as it was desperately needed in our field.

    Janet Cannell, Member

  • We’re really proud to be ANME’s platinum sponsor. It’s such a great platform for school network managers to get together and share ideas, plus it provides us the opportunity to speak directly to schools using our solutions and get their feedback and input into new features. Every event is always different, with fantastic speakers providing real insight and ideas on all things edtech.

    Al Kingsley, Group Managing Director, NetSupport Limited

  • ANME meetings provide valuable networking - being able to talk to other professionals doing the same role and understanding their approach and their context. This is a great way to challenge what you are doing in your own setting.

    Neil Limbrick, ANME Ambassador

  • A fantastic online resource of like-minded professionals that you can use to bounce ideas off, chat things through, get advice from. Invaluable.

    Ric Turner, Balshaws Church of England High School

  • The ANME is a priceless resource for anyone working in an IT support role in the education sector. The online forum is lively and informative and the regular meetings provide insight into new products and valuable networking opportunities with peers from other establishments. I've lost count of the number of valuable conversations and helpful tips that I've had since becoming a member. If you've not been to a meeting before then try to attend the next one in your area, you won't be disappointed.

    Dave Leonard, ANME Ambassador and ICT Manager at Matthew Moss High School

  • The ANME has been a great resource when you're a lone IT manager, now you have friends going through the same obstacles as you, with plenty of advice and guidance.

    Michael Frost, ANME Member & IT Network Manager at Parkwood Hall Co-operative Academy

  • Being part of the ANME is like being part of a large corporate IT department, there's always someone you can ask for advice

    Paul Gillon, ANME Member & Network Manager at West Hill School, Stalybridge

  • ANME is like having a team of IT experts at my fingertips. It helps me keep up to date with the latest trends in IT education.
    Rick and the ANME members have always helped when I've needed extra guidance to make great IT decisions

    Clifford Fernandes, ANME Member & IT Manager at Claremont High School

  • I attended my first ANME regional meeting recently which was great. It was Informative, relevant and useful! Unlike some meetings I attend where you get one or two useful nuggets of information, but other bits have been added to the agenda as fillers. Glad to be a member of this group of like-minded individuals.

    Adam Hall, ANME Member & IT Operations Manager at Four Oaks Learning Trust