MARCIM-WG: A cyber wargame proposal based on math modeling applied in a naval scenario
Pith reviewed 2026-06-27 09:05 UTC · model grok-4.3
The pith
MARCIM-WG wargame delivers 34 percentage-point gains in maritime cyber situational awareness competencies.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
MARCIM-WG is specified through high-level and low-level designs and instantiated in a fictional maritime cyber crisis scenario. It enables structured decision cycles, friction, and measurable consequences using NATO wargaming methodology. The operational assessment verifies decision sensitivity and outcome coherence across pessimistic, neutral, and optimistic configurations. The CSA competency evaluation using comparative design shows a +34.0 percentage-point improvement in the intervention group, largest in comprehension-related competencies.
What carries the argument
The MARCIM-WG hybrid wargame that combines physical tokens and cards with a computational simulation model for adjudication.
If this is right
- Structured training exposes decision-makers to evolving attack dynamics and constrained resources.
- Alignment of actions with incident-response procedures can be practiced and measured.
- Outcome coherence can be tested under varying scenario configurations.
- Competency gains are particularly strong in comprehension areas.
Where Pith is reading between the lines
- The approach could inform development of similar wargames for other critical infrastructure sectors.
- Mathematical modeling in the adjudication could support predictive analytics in live operations if extended.
- Randomization in future studies would strengthen causal claims about the wargame's effectiveness.
Load-bearing premise
The comparative design assumes the control group is equivalent to the intervention group in all relevant respects so that the observed difference can be attributed to the wargame rather than selection, motivation, or prior knowledge differences.
What would settle it
Re-running the competency evaluation with randomized assignment to groups and pre-assessments to confirm baseline equivalence, checking if the 34-point difference holds.
Figures
read the original abstract
As maritime operations increasingly depend on interconnected digital ecosystems, cyber incidents can propagate across maritime networks and degrade critical services. Strengthening strategic Cyber Situational Awareness (CSA) therefore requires training mechanisms that expose decision-makers to evolving attack dynamics, constrained resources, and the need to align actions with incident-response procedures. This paper introduces MARCIM-WG, a learning-oriented maritime cyberdefense wargame designed following the NATO wargaming methodology and implemented as a hybrid tabletop experience combining a physical board (tokens, indicators, and special cards) with analytically-assisted adjudication supported by a computational simulation model. The proposal is specified through High-Level Design (HLD) and Low-Level Design (LLD) specifications and instantiated in a fictional maritime cyber crisis scenario to enable structured decision cycles, friction, and measurable consequences. Validation combines (i) an operational scenario-based assessment under three configurations (pessimistic, neutral/most likely, optimistic) to verify decision sensitivity and outcome coherence, and (ii) a CSA competency and learning-outcome evaluation using a comparative design against an equivalent control group. Results show a +34.0 percentage-point improvement in the intervention group, with the largest gains in comprehension-related competencies.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper proposes MARCIM-WG, a hybrid tabletop cyber wargame for maritime cyberdefense training following NATO methodology. It combines a physical board with tokens and cards and a computational simulation for adjudication, specified via High-Level Design (HLD) and Low-Level Design (LLD) documents, and instantiated in a fictional naval cyber crisis scenario. Validation includes an operational scenario assessment under pessimistic/neutral/optimistic configurations and a comparative CSA competency evaluation reporting a +34.0 percentage-point improvement in the intervention group over control, with largest gains in comprehension competencies.
Significance. If the empirical result holds after proper controls, the work would supply initial evidence that structured, analytically-assisted wargaming can measurably improve cyber situational awareness competencies in maritime settings. The hybrid physical-analytical format and explicit HLD/LLD specifications could serve as a reusable template for domain-specific cyber training exercises.
major comments (1)
- [CSA competency and learning-outcome evaluation] CSA competency and learning-outcome evaluation (abstract and validation section): The reported +34.0 percentage-point improvement rests on a comparative design, yet the manuscript supplies no information on participant assignment method, sample sizes, pre-test CSA scores, demographics, exclusion criteria, or any statistical test for baseline equivalence between intervention and control groups. Without these details the observed difference cannot be attributed to MARCIM-WG rather than selection or prior-knowledge confounds.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback on the CSA competency evaluation. We address the major comment below and commit to expanding the relevant section in revision.
read point-by-point responses
-
Referee: CSA competency and learning-outcome evaluation (abstract and validation section): The reported +34.0 percentage-point improvement rests on a comparative design, yet the manuscript supplies no information on participant assignment method, sample sizes, pre-test CSA scores, demographics, exclusion criteria, or any statistical test for baseline equivalence between intervention and control groups. Without these details the observed difference cannot be attributed to MARCIM-WG rather than selection or prior-knowledge confounds.
Authors: We agree that the manuscript does not currently report the requested details on the comparative evaluation design. In the revised manuscript we will expand the validation section to include participant assignment method, sample sizes, pre-test CSA scores where collected, demographic summaries, exclusion criteria, and any statistical tests performed to assess baseline equivalence. These additions will allow readers to better evaluate the internal validity of the reported improvement. revision: yes
Circularity Check
No circularity: empirical outcome reported without derivation from fitted parameters or self-referential definitions.
full rationale
The paper presents MARCIM-WG as a design proposal validated by an empirical comparative evaluation that reports a measured +34pp improvement. No equations, fitted parameters, or derivation chain appear in the abstract or design description. The result is framed as an observed outcome from participant assessment rather than a quantity obtained by construction from the authors' own prior definitions, models, or self-citations. The central claim therefore does not reduce to its inputs and remains externally falsifiable via the reported competency scores.
Axiom & Free-Parameter Ledger
Reference graph
Works this paper leans on
-
[1]
Review of maritime transport 2024,
United Nations Conference on Trade and Development - UNCTAD, “Review of maritime transport 2024,” https://unctad.org/system/files /official-document/rmt2024 en.pdf, United Nations Conference on Trade and Development. UNCTAD, Tech. Rep., 2024
2024
-
[2]
Critical infrastructures cybersecurity and the maritime sector,
J. I. Alcaide and R. G. Llave, “Critical infrastructures cybersecurity and the maritime sector,”Transportation Research Procedia, vol. 45, pp. 547–554, 2020
2020
-
[3]
Cyber- attacks on the maritime sector: a literature review,
S. Symes, E. Blanco-Davis, T. Graham, J. Wang, and E. Shaw, “Cyber- attacks on the maritime sector: a literature review,”Journal of Marine Science and Application, pp. 1–18, 2024
2024
-
[4]
Maritime cyber security analysis – how to reduce threats?
I. Mrakovi ´c and R. V ojinovi´c, “Maritime cyber security analysis – how to reduce threats?”Transactions on Maritime Science, vol. 8, no. 1, pp. 132–139, 2019
2019
-
[5]
Maritime cybersecurity and the imo legal instruments: Sluggish response to an escalating threat?
M. S. Karim, “Maritime cybersecurity and the imo legal instruments: Sluggish response to an escalating threat?”Marine Policy, vol. 143, p. 105138, 2022
2022
-
[6]
Toward a theory of situation awareness in dynamic systems,
M. R. Endsley, “Toward a theory of situation awareness in dynamic systems,”Human Factors, vol. 37, no. 1, pp. 32–64, 1995
1995
-
[7]
Cyber situational awareness–a systematic review of the literature,
U. Franke and J. Brynielsson, “Cyber situational awareness–a systematic review of the literature,”Computers & Security, vol. 46, pp. 18–31, 2014
2014
-
[8]
A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness,
C. L. Paul and K. Whitley, “A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness,” inLNCS. Springer, Berlin, Heidelberg, 2013, vol. 8030, pp. 145–154
2013
-
[9]
Cyber attacks real time detection: towards a cyber situational awareness for naval systems,
O. Jacq, D. Brosset, Y . Kermarrec, and J. Simonin, “Cyber attacks real time detection: towards a cyber situational awareness for naval systems,” in2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 2019, june 1
2019
-
[10]
Cyber wargaming: framework for enhancing cyber wargaming with realistic business con- text,
D. J. Bodeau, C. D. Mccollum, and D. B. Fox, “Cyber wargaming: framework for enhancing cyber wargaming with realistic business con- text,” MITRE, Tech. Rep., 2018, http://www.mitre.org/HSSEDI
2018
-
[11]
Developments in state level cyber wargaming,
J. Curry and N. Drage, “Developments in state level cyber wargaming,” inACM International Conference Proceeding Series, 2018
2018
-
[12]
M. G. Weiner, “War gaming methodology,” https://doi.org/10.1163/97 89087903107 006, 1959
work page doi:10.1163/97 1959
-
[13]
Gamification of cyber security awareness – a systematic review of games,
B. Onduto, “Gamification of cyber security awareness – a systematic review of games,” Master’s thesis, University of Turku, 2021, master of Science in Technology Thesis. Computing, Faculty of Technology
2021
-
[14]
Marco de ref- erencia para el modelamiento y simulaci ´on de la ciberdefensa mar ´ıtima - marcim: estado del arte y metodolog ´ıa,
D. E. Cabuya-Padilla and C. A. Castaneda-Marroquin, “Marco de ref- erencia para el modelamiento y simulaci ´on de la ciberdefensa mar ´ıtima - marcim: estado del arte y metodolog ´ıa,”DYNA, vol. 91, no. 231, pp. 169–179, 2024
2024
-
[15]
Ciberseguridad y ciberdefensa mar ´ıtima: an´alisis bibliom ´etrico a ˜nos 1990 – 2021,
D. E. Cabuya-Padilla, C. F. Alvarado Carvajal, R. A. Carrascal Ortiz, J. M. Riola Rodr ´ıguez, C. H. Fajardo-Toro, and S. P. Escandon Bernal, “Ciberseguridad y ciberdefensa mar ´ıtima: an´alisis bibliom ´etrico a ˜nos 1990 – 2021,”RISTI - Revista Iberica de Sistemas e Tecnologias de Informacao, vol. 49, pp. 197–210, 2022
1990
-
[16]
Hybrid tabletop exercise (ttx) based on a mathematical simulation- based model for the maritime sector,
D. E. Cabuya-Padilla, D. D ´ıaz-L´opez, and C. Castaneda-Marroquin, “Hybrid tabletop exercise (ttx) based on a mathematical simulation- based model for the maritime sector,” inActas de las X Jornadas Nacionales de Investigaci ´on en Ciberseguridad: Zaragoza, 4 a 6 de junio de 2025, 2025, pp. 37–44, https://2025.jnic.es/
2025
-
[17]
Nato wargaming handbook,
Allied Command Transformation, “Nato wargaming handbook,” https: //paxsims.wordpress.com/wp-content/uploads/2023/09/nato-wargaming -handbook-202309.pdf, 2023
2023
-
[18]
Serdux-marcim: Maritime cyberattack simulation using dynamic modeling, compartmental models in epidemi- ology and agent-based modeling,
D. E. Cabuya-Padilla, D. D ´ıaz-L´opez, J. Mart ´ınez-P´aez, L. Hern ´andez, and C. Castaneda-Marroquin, “Serdux-marcim: Maritime cyberattack simulation using dynamic modeling, compartmental models in epidemi- ology and agent-based modeling,”International Journal of Information Security, vol. 24, no. 3, p. 122, 2025
2025
-
[19]
The utility of games for society, business, and politics,
I. Mayer, H. Warmelink, and Q. Zhou, “The utility of games for society, business, and politics,” inThe Wiley Handbook of Learning Technology. Wyley, 2016, pp. 406–435
2016
-
[20]
MARCIM-WG: Juego de guerra de ciberde- fensa mar´ıtima para la apropiaci ´on estrat ´egica de respuestas ante crisis cibern´eticas,
D. E. Cabuya-Padilla, “MARCIM-WG: Juego de guerra de ciberde- fensa mar´ıtima para la apropiaci ´on estrat ´egica de respuestas ante crisis cibern´eticas,” Monograf ´ıa de maestr ´ıa, Escuela Superior de Guerra “General Rafael Reyes Prieto”, Bogot ´a D.C., Colombia, 2025, maestr ´ıa en Ciberseguridad y Ciberdefensa
2025
-
[21]
Marco de referencia para el modelamiento y simulaci ´on de la ciberdefensa mar´ıtima a nivel estrat´egico – marcim,
——, “Marco de referencia para el modelamiento y simulaci ´on de la ciberdefensa mar´ıtima a nivel estrat´egico – marcim,” Ph.D. dissertation, Escuela Naval de Cadetes “Almirante Padilla”, 2024, [Tesis Doctoral]
2024
-
[22]
Netlogo,
U. Wilensky, “Netlogo,” https://ccl.northwestern.edu/netlogo/, 2016
2016
-
[23]
Wilensky and W
U. Wilensky and W. Rand,An Introduction to Agent-Based Modeling: Modeling Natural, Social, and Engineered Complex Systems with Net- Logo. MIT Press, 2015
2015
-
[24]
Python Software Foundation, “Python,” https://www.python.org/, 2023
2023
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.