By Martyn Ruks
Through this site we’ve been providing some insight into our innovative cyber security event known as HackFu. This event is far more than a capture the flag or training course and that is reflected by what we learn from some of the challenges within it. In this article we’ll look In detail at another component introduced for the first time at last year’s event, which we think tells us something interesting about the problem space HackFu is designed to address.
In last year’s event we introduced a final challenge for the teams that led them to a showdown borrowed from game theory that’s known as a prisoner’s dilemma. Daytime television watchers in the UK will recognise this from the ITV quiz show Goldenballs, where it was used to divide prize money between two winning contestants at the end of the show.
But for those of you who aren’t familiar with the dilemma
it works like this.
The Prisoner's Dilemma
There are two contestants, in our case we had representatives from the two teams that qualified for the final round of the showdown. At stake was a prize fund of points that could boost their team’s score at the event and ultimately allow them to claim victory overall. The catch was that each contestant might end up with all, half or none of the prize depending on whether they each chose to split or steal it.
In simple terms, if one steals and the other splits the stealer takes all the points, if they both split they each get half and if they both steal they both get nothing. They get a few minutes to discuss the dilemma with each other and then make a choice in secret about whether to split or steal. Both choices are then revealed to everyone at the same time.
So this creates a conundrum, be satisfied with half of the points (in this instance it wasn’t enough to take the overall lead in the event), be greedy and try and take them all or potentially end up with nothing.
To make this a dilemma there needs to be something at stake. Unless there is a real incentive to take a risk in an effort to grab all the money then we don’t learn anything from the result. When we look at HackFu and the way we used this challenge within the gameplay we made sure that this mattered to the teams and their representatives.
Firstly, all the teams and players were invested in the
event by the time the big showdown occurred. They were faced with this
situation after 48 hours of hard competition and many taxing challenges. Every
team was still in the running to win the event and the points on offer really
mattered to the overall result.
Whilst there are other more important things that attendance at HackFu brings you, being in the winning team is still a prestigious accolade. Therefore, our dilemma was important to the individuals concerned and stealing all the points would have tipped the scales in that team’s favour, potentially enabling them to take the champion’s crown. Add to that the fact that the two people involved in this were appointed by their teams to represent them, they weren’t acting purely on their own but truly representing the aspirations of their teammates as well.
In a world inhabited by machines and with no human interaction or relationships then the process for success is clear. Convince the other party you will share and then steal everything from them. If you use this approach as an individual though it turns out to be a very short term approach as the immediate benefit is clear but the long term fallout from a breach of trust with colleagues and industry peers. This is something that isn’t easy to measure and would usually be irrelevant if a machine were required to make the choice.
Likewise if you consider HackFu as purely a game or a simple competition to be won you could argue that the winner takes all approach is the optimum outcome. However, when we throw the fact that this is a dilemma for real people and more importantly for participants who need to work with each other after the event, the steal now and worry later approach becomes less desirable.
But at this point we shouldn’t forget that HackFu isn’t just a game, it’s a construct through which we are looking for solutions to the big picture. That big picture needs us to solve some tough problems and ones that we can’t solve on our own. In fact the challenges in cyber security that we collectively face must be solved together. This is something that immediately precludes short term individual gain at the expense of long term collective success.
To solve our problems we need to work with our competitors as well as other parties with different objectives and philosophies to our own. In that world, short term gain and breach of trust can be far more damaging in the long term when we realise that we must work together to be successful.
So what happened in the big showdown at HackFu?
You may or may not be surprised to hear that the
contestants chose to split the points and in the process ultimately sacrificed
a gilt edged opportunity of winning the event for their team. So what, doesn’t
this just show that they aren’t competitive people or that they didn’t realise
that victory was within their grasp?
Talking to the individuals involved in the showdown after the event it turned out that this wasn’t the case. The contestants know each other well and whilst they work in different departments, they rely on each other in their working lives. It turned out that they clearly saw that simply pursuing the short term gains would not adequately offset by the price of the loss in the trust and confidence of their peers in the longer term.
Deep down we all know that doing the right thing in the long term is what we should be doing, yet we generally find it very difficult to do that at the expense of short term success. What this outcome may have shown us is that if we are in this industry for the long haul then we can overcome the obstacles that short term profiteering can put in our way.
This single component in last year’s HackFu could therefore be viewed as a microcosm of our industry and one signpost pointing us at the approach we should be taking. Or maybe it’s just a bit of fun and a simple game with no relevance.
Whether the result we witnessed ourselves at HackFu was as a result of our company culture influenced long-termism, pure gameplay or whether it is something that tells us nothing at all, we’ll never really be sure. It may however provide a fascinating glimpse into the psyche of the people we’ll need to navigate the complex landscape of cyber security now and in the future.
So if you ran a prisoner’s dilemma in your company, with some real benefit to the participants as an outcome, what would the result be? What would that result tell you about your company and its people? And would it really matter?
In our opening article we discuss how we see the problem space and what some of the challenges are so given all of that, what are we looking to achieve with this website.
As we said previously we don’t claim to know all the solutions but we are certainly trying things that will enable us to find them. Along the way we’ll learn lots of lessons, we’ll no doubt have a few false starts but we’ll also get some stuff right. It’s that journey that we’re going to share on this site, including all the initiatives and events that we’re planning to run to support it all.
We don’t know yet exactly what will be on this site but the one thing we’re certain of is that it will be thought provoking, philosophical, challenging and most importantly it will be fun and engaging. We’ll get techie at times, something we make no apology for, as well as extracting the concepts and key points that we encounter along the way.
We also want your help on our journey. We want you to tell us your thoughts and experiences of what we’re doing and hopefully some stories about how you’ve taken our ideas and turned them into your own projects, events and general awesomeness. We want to know the good, the bad and the ugly and to get involved please get in contact via Twitter and then keep coming back to this hub for more insight and information.
So hold on tight, this will be a wild ride for all of us.