Papers
Topics
Authors
Recent
Search
2000 character limit reached

MARCIM-WG: A cyber wargame proposal based on math modeling applied in a naval scenario

Published 10 Jun 2026 in cs.CR | (2606.12395v1)

Abstract: As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness (CSA) therefore requires training mechanisms that expose decision-makers to evolving attack dynamics, constrained resources, and the need to align actions with incident-response procedures. This paper introduces MARCIM-WG, a learning-oriented maritime cyberdefense wargame designed following the NATO wargaming methodology and implemented as a hybrid tabletop experience combining a physical board (tokens, indicators, and special cards) with analytically-assisted adjudication supported by a computational simulation model. The proposal is specified through High-Level Design (HLD) and Low-Level Design (LLD) specifications and instantiated in a fictional maritime cyber crisis scenario to enable structured decision cycles, friction, and measurable consequences. Validation combines (i) an operational scenario-based assessment under three configurations (pessimistic, neutral/most likely, optimistic) to verify decision sensitivity and outcome coherence, and (ii) a CSA competency and learning-outcome evaluation using a comparative design against an equivalent control group. Results show a +34.0 percentage-point improvement in the intervention group, with the largest gains in comprehension-related competencies.

Summary

  • The paper introduces a hybrid maritime cyber wargame combining physical board elements with analytical simulation to enhance decision-making.
  • It details an adjudication methodology where player actions are mapped through the SERDUX-MARCIM model to quantify cyber risk across four levels.
  • Empirical validation demonstrates that structured resource allocation can maintain service levels above 80% and significantly boost cyber situational awareness.

MARCIM-WG: Hybrid Maritime Cyberdefense Wargaming with Analytical Adjudication

Context and Motivation

The digitization of maritime operations escalates systemic risk, demanding advanced training for leaders to navigate cyber crises that propagate rapidly across interconnected maritime networks. Traditional approaches to cyber wargaming frequently lack rigorous validation, consistent contextualization, and traceable relationships between player decisions and evolving cyber incidents. MARCIM-WG provides a domain-grounded, learning-oriented wargame framework for strategic actors, explicitly designed to cultivate Cyber Situational Awareness (CSA) encompassing perception, comprehension, and projection. Its methodology integrates NATO wargaming principles and leverages the SERDUX-MARCIM mathematical model for analytical adjudication.

Design Architecture and Operational Dynamics

MARCIM-WG implements a hybrid environment: physical board elements facilitate tactile interaction and collaborative sensemaking, while analytically-assisted adjudication is mediated by computational simulation. Player decisions, resource allocations, and use of scenario-specific assets are encoded, translated into model parameters, and processed by a NetLogo-adapted SERDUX-MARCIM engine. Quantitative outputs dynamically update the game state, closing the decision-adjudication-feedback loop. This structure establishes measurable decision-consequence cycles, crucial for effective CSA development. Figure 1

Figure 1: MARCIM-WG interaction loop model between players, game board, and the analytically-assisted adjudication system.

The physical gameboard supports the visualization of resource flows, network state evolution, and strategic allocations linked to cyber crisis dynamics. Figure 2

Figure 2: Physical MARCIM-WG gameboard used for gameplay, enabling resource allocation and state updates across adjudication cycles.

The adjudication software operationalizes the SERDUX-MARCIM model, mapping player decisions onto cyber risk variable hierarchies and simulating node-state transitions under variable attack conditions. Figure 3

Figure 3: MARCIM-WG adjudication software interface for encoding decisions and processing simulation outputs.

The game architecture is formalized through High-Level Design (HLD) and Low-Level Design (LLD) specifications. The HLD defines purpose, roles, and design elements following NATO guidelines: decisions, friction, consequences, and narrative. The LLD translates these into explicit game mechanics, scenario phases, operational constraints, and learning-outcome mapping. CSA competency assessment is integrated via a structured instrument, linking gameplay directly to measurable outcomes.

Analytical Model Integration and Adjudication Mechanism

MARCIM-WG’s adjudication process incorporates the compartmental epidemiological-inspired SERDUX-MARCIM model, capable of simulating dynamic cyberattack propagation on complex maritime networks. The model operationalizes cyber risk via hierarchical variables:

  • Level 0: global cyber risk severity
  • Level 1: likelihood and impact
  • Level 2: attacker and target-specific likelihood, impact reduction, attack degree
  • Level 3: granular attacker factors, defensive controls, target characteristics

Player actions modify Level 3 variables, influencing simulation parameters such as attacker proficiency, defensive posture, and resource sustainability. The facilitator encodes these decisions, triggers simulation cycles, and interprets quantitative feedback, ensuring traceability from strategic action to systemic effect. This approach avoids reliance on static scripts or subjective expert adjudication, providing consistency and measurable learning impact.

Scenario Application and Decision-Sensitive Dynamics

MARCIM-WG is instantiated in a fictional but structurally valid maritime cyber crisis scenario. Decision cycles enable escalation through resource allocation, special card activation, and iterative state updates under increasing adversarial sophistication. The scenario incorporates friction and uncertainty inherent to real-world maritime cyberdefense, ensuring operational relevance and contributing to participant engagement.

Validation: Scenario-Based and CSA Competency Outcomes

Two validation layers were conducted:

1. Conceptual Validation (Operational Sensitivity): Three scenario configurations (pessimistic, neutral, optimistic) were executed to verify whether adjudication responses matched strategic decisions.

  • Pessimistic decisions (poor planning, delayed responses) led to rapid degradation: <35% service level, 224 destroyed nodes.
  • Neutral decisions (tactical, uncoordinated) preserved about 50% services, 175 destroyed nodes.
  • Optimistic decisions (structured, timely resource allocation) maintained >80% service level, only 65 destroyed nodes. Figure 4

    Figure 4: Operational validation of MARCIM-WG in three scenario configurations, confirming decision-sensitivity and coherent crisis dynamics.

2. CSA Competency Validation (Learning Outcomes): A post-test-only design compared military officer cohorts (control vs. MARCIM-WG intervention) via a structured CSA assessment instrument.

  • Intervention group: 91.2% correct vs. control: 57.2% (+34.0 points).
  • Largest gains in comprehension (evaluating cyber capabilities: +56.0), threat recognition (+45.7), application of ISO/IEC 27035 (+40.0).
  • Gains were smaller in projection/foresight, underscoring potential need for repeated gameplay and extended reflection phases. Figure 5

    Figure 5: Comparative CSA competency and learning-outcome validation for MARCIM-WG (intervention vs. control).

Implications and Future Directions

MARCIM-WG directly addresses gaps in prior cyber wargaming: explicit CSA operationalization, analytical adjudication underpinning, and competency-based validation. The approach demonstrates strong increases in CSA learning outcomes, predominantly in comprehension and perception of cyber crises. Encapsulating model complexity within adjudication software supports reproducible training and is adaptable for broader cyberdefense applications.

Limitations include modest cohort size and post-test-only validation. Future research should incorporate repeated measures for retention, larger samples, and refined mechanisms for anticipatory, projection-based reasoning. Further expansions may generalize MARCIM-WG for other critical infrastructure domains by reconfiguring scenario assets and model hierarchies.

Conclusion

MARCIM-WG establishes a reproducible, analytically-driven wargaming environment for maritime cyberdefense, operationalizing CSA as a central competency and verifying transferable learning gains through structured assessment. The methodology—hybrid tabletop interaction, traceable computational adjudication, and scenario-driven adaptation—presents a scalable template for strategic cyberdefense education and assessment. Continued development should focus on augmenting projection learning, empirical validation with larger groups, and cross-domain adaptation of adjudication logic.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 24 likes about this paper.