A CyberStrategy egy remek társasjáték, 2 - 5 játékos részére, az átlagos játékidő hosszabb, akár 1.5 - 2 óra is lehet. A társast, 12 éves kortól ajánljuk kipróbálni. A játékmenet erősen épít a terület befolyásolás/irányítás, az események és a roles with asymmetric information mechanizmusokra.
CyberStrategy is an asymmetric, educational strategy board game in which 2 teams face each other: (1) a Chief Information Security Officer (CISO) tries to protect the bank's corporate network and its assets with security measures and (2) one or more hackers attack it trying to reveal the master password.
The CISO wins when he successfully fends off the attacks and reveals the identity of the hackers (all hackers lost all 3 identity tokens) or the hackers run out of bitcoin to fund their operation. In the other case, the hacker with the highest individual score (bitcoin) wins; which creates some healthy paranoia amongst the hackers.
The CISO starts with (at least) one defence card ("security measure") per type of attack and a starting budget in euro. Each hacker starts with 3 attacks of their choice, 3 identity tokens, and a starting money stack in bitcoin.
Each player also has a hidden goal for the game, which - when completed - gives them a leg up.
The game plays in 3 phases per round:
(1) the EVENT phase:
(a) the CISO receives his budgets (which depends on the number of hackers) and
(b) both CISO and hackers draw an event card (which is resolved as indicated on the card)
(2) the PLANNING phase:
(a) the CISO can spend budget to purchase additional security measures (= draw cards) and can deploy security measures (= ready cards)
(b) the hackers can learn additional attacks (= draw cards, up to a hand limit of 4) and can plan attacks
(3) the ATTACK phase:
(a) the hackers declare (joint or separate) attacks on the assets of the bank, starting with the assets at the outer rim of the corporate infrastructure (ATM, router,...) and pay for the attack (in bitcoins)
(b) the CISO then checks if they security measures they put in play are sufficient to block the attack
=> if the attack succeeded (defence value is lower than total attack value), the asset is hacked and the hackers receive a bitcoin reward for the successful attack
=> if the attack failed, the hacker leading the attack hands over 1 identity token to the CISO