Auracelle Orion v4 · Cyber Governance Wargaming Simulation

Scenario

AI Cybersecurity

AI ·MIRAGE CHAIN

AI ·IRONCLAD SIEGE

AI ·FRACTURE POINT

AI ·PHANTOM CIRCUIT

Nuclear Cybersecurity

NUCLEAR ·SAFEGUARD ZERO

NUCLEAR ·FISSION GATE

NUCLEAR ·YELLOWCAKE RUN

E-AGPO-HT v2.0 · Master g-GCC

0.25×IFD + 0.40×SWD + 0.25×SC + 0.15×IFD×SWD

0.42

g-GCC — MASTER GOVERNANCE SCORE

General Governance Wargaming Capacity. Aggregates IFD, SWD, and SC domain scores with a nonlinear λ coupling term. When g-GCC exceeds 0.70 a cascade is imminent — domain failures begin amplifying each other through the λ cross-domain term.

⚠ CASCADE ≥0.70 · ELEVATED 0.50–0.70 · NOMINAL <0.50

MASTER g-GCC

BELOW CASCADE (0.70)

Domain Health

IFD

0.28

NOMINAL

IFD — INFRASTRUCTURE DEPENDENCY

Stress on physical and network infrastructure — data centres, OT systems, communication pathways. Rises when ICS/SCADA systems are under active threat or when infrastructure options are deferred.

⚠ CASCADE ≥0.70 · weight: 0.25 in g-GCC

SWD

0.31

NOMINAL

SWD — SOFTWARE DEPENDENCY

Stress propagating through software supply chain pathways — OSS libraries, vendor packages, CI/CD pipelines. Highest-weighted domain (0.40) because software compromise has the broadest blast radius.

⚠ CASCADE ≥0.70 · weight: 0.40 in g-GCC

SCTL

0.44

ELEVATED

SCTL — SUPPLY CHAIN TRUST LAYER

Overall trust integrity across the vendor ecosystem — τ_bridge, τ_edge, SBOM coverage, and HHI concentration combined. ELEVATED here means you are approaching the SCTL cascade threshold where vendor trust failures propagate across domains.

⚠ CASCADE ≥0.70 · weight: 0.25 in g-GCC

GOV

0.22

NOMINAL

GOV — GOVERNANCE DOMAIN

Institutional and normative governance stress — decision authority clarity, regulatory compliance posture, allied coordination quality. Rises when decisions defer accountability or bypass established governance frameworks.

⚠ CASCADE ≥0.70 · Drives Q_norm and Q_coord in Ψ_v2

Intel Tokens — spend before deciding

🔍

TECHNICAL OBSERVABLE

Reveals a Stratum I sensor reading — τ_bridge degradation rate, SBOM coverage gap, or component provenance score. Use when you need to assess blast radius before deciding.

Maps to: SAD · STI capabilities · Stratum II

📡

ADVERSARIAL SIGNAL

Reveals adversary π_A confidence or Q-value reading — how certain the threat actor is about your posture. Use when you need to gauge attack timing and intent before committing resources.

Maps to: ASI · IIC capabilities · Stratum II

⬡

GOVERNANCE QUALITY

Reveals a Ψ_v2 component trajectory — which Q-dimension (coord, norm, sctl) is most at risk from inaction. Use to understand which governance lever has the highest marginal value before deciding.

Maps to: NDM · ESI capabilities · Stratum II

3 tokens · reveals hidden intel before you decide

Hover each token for details · Tokens reset each turn

Threat Metrics

SBOM-VIS

85%

SBOM-VIS — SOFTWARE BOM VISIBILITY

Percentage of vendor dependency tree covered by machine-readable Software Bills of Materials. Gaps here are the primary entry vector for SC-SBOM supply chain compromise — the adversary exploits what you cannot see.

⚠ CRITICAL <40% · HIGH <70% · NOMINAL ≥85%
Drives: SC-SBOM stressor · Q_sctl · EO 14028

SC-CONC (HHI)

0.18

SC-CONC — VENDOR CONCENTRATION (HHI)

Herfindahl-Hirschman Index measuring vendor concentration across your critical supply chain. A single vendor controlling a large share creates a single point of failure. This metric directly maps to EO 14028 and EU CRA vendor diversification obligations.

⚠ CRITICAL >0.50 · HIGH >0.30 · NOMINAL <0.25
Drives: SC-CONC stressor · FRACTURE POINT scenario

SC-GREY

SC-GREY — GREY-MARKET COMPONENT EXPOSURE

Percentage of OT/ICS components with unverified or non-authorized provenance. Even low exposure is dangerous — in IRONCLAD SIEGE, 5% grey-market presence is the implant entry vector. Hardware BOM completeness is the primary control.

⚠ CRITICAL >30% · HIGH >15% · NOMINAL <10%
Drives: SC-GREY stressor · IRONCLAD SIEGE scenario

PATCH-VEL

90%

PATCH-VEL — PATCH VELOCITY

Proportion of systems meeting their patch SLA window. OT/ICS systems with no available patch pathway are separately tracked as SC-PATCH-EOL. Decline here accelerates T_Orion — the time-to-exploitation clock — across all active scenarios.

⚠ CRITICAL <40% · HIGH <65% · NOMINAL ≥85%
Drives: SC-PATCH stressor · CISA KEV compliance

Governance Artifacts

Upload SOPs, tabletop reports, IR docs, or SOC reports to stress-test against E-AGPO-HT framework

📄 Load artifact (.txt, .md, .docx, .pdf)

Game Log

T-0

SYS

Wargame ready — select a scenario and begin

🎯

MIRAGE CHAIN

Software supply-chain compromise cascading to ICS/OT — SolarWinds-class · w_IFD=0.25 · w_SWD=0.40 · λ=0.15

SC-SBOM

SC-CONC

🏛️

Governance Threshold Met

0.72

Ψ_v2 FINAL DECISION-PATH QUALITY

Your governance decisions maintained resilience above the stability floor.

Ψ_v2 — Decision Quality

0.74

DECISION-PATH QUALITY · WIN THRESHOLD: 0.50

Governance Confidence

Technical Resilience82%

TECHNICAL RESILIENCE

Composite of detection capability, infrastructure hardening, and patch velocity. Declines when you accept operational risk options or defer technical remediation.

Stratum I → SAD + SRA → Stratum II

Regulatory Compliance74%

REGULATORY COMPLIANCE

Reflects adherence to NIS2, EO 14028, CISA KEV, and EU CRA obligations. Rises when you choose options that mandate SBOM delivery or formal vendor notification. Falls when you accept risk without documentation.

Drives: Q_norm component of Ψ_v2

Diplomatic Coordination65%

DIPLOMATIC COORDINATION

Inter-institutional coordination quality with allied CSIRTs, NATO partners, and international bodies. Rises when you choose options involving STIX/TAXII sharing or allied briefings. Key for Geneva context.

Drives: Q_coord component of Ψ_v2

Public / Sector Trust70%

PUBLIC / SECTOR TRUST

Stakeholder and public confidence in institutional governance. Declines when incidents are poorly communicated or when operational disruption is high. Feeds cultural acceptance index.

Drives: Q_norm + cultural acceptance · Stratum I

Supply Chain Trust (τ̄)88%

SUPPLY CHAIN TRUST (τ̄)

Mean τ (tau) trust score across the vendor dependency tree. Aggregates τ_bridge (IFD path) and τ_edge (SWD path). When this falls below 0.40 the SCTL cascade threshold approaches — catastrophic multi-domain failure becomes probable.

⚠ CRITICAL <0.40 · Drives: g-GCC master score

Regulatory Obligations

EO 14028 · SBOM Delivery

Compliant — coverage 85%

EO 14028 · SBOM DELIVERY

Executive Order 14028 mandates machine-readable SBOMs for software sold to the US federal government. Your decisions in-game affect SBOM coverage — deferring vendor audits reduces this score toward non-compliance.

Compliant ≥80% · At-risk 60–80% · Non-compliant <60%

NIS2 · 72hr Notification

Window open — not triggered

NIS2 · 72-HOUR NOTIFICATION

EU NIS2 Directive requires notification to national authorities within 72 hours of becoming aware of a significant incident. Each turn represents roughly 6–12 hours. Choosing containment-only options without notification triggers non-compliance.

Window opens on T-1 detection · Expires T-6 (~72hr)

CISA KEV · Patch SLA

3 entries approaching 14d SLA

CISA KEV · PATCH SLA

CISA Known Exploited Vulnerabilities catalog mandates patching within 14 days for federal agencies. Three entries approaching SLA means your PATCH-VEL will decline if you deprioritise remediation options in upcoming turns.

SLA breach directly degrades PATCH-VEL and Q_sctl

EU CRA · Vendor Contracts

SBOM obligations: 6/9 vendors

EU CYBER RESILIENCE ACT · VENDOR CONTRACTS

The EU CRA requires vendors of digital products to maintain and deliver SBOMs and disclose vulnerabilities. 6 of 9 vendors are contractually obligated — 3 remain outside scope, creating SC-CONC exposure that decisions can close or widen.

Full compliance = 9/9 · Drives SC-CONC HHI trajectory

Policy Stress

Cultural Acceptance71%

CULTURAL ACCEPTANCE

Societal and organisational willingness to accept governance interventions — monitoring expansion, vendor restrictions, mandatory disclosure. Low acceptance raises the political cost of technically correct decisions.

Stratum I NOF · feeds Q_norm · E-AGPO-HT Stratum II

Misinformation Pressure28%

MISINFORMATION PRESSURE

Active adversarial narrative operations degrading public attribution confidence and allied consensus. Rising pressure reduces the decision window before political constraints override technical response options.

⚠ HIGH >50% erodes Q_coord and public trust simultaneously

Allied Coord. Quality68%

ALLIED COORDINATION QUALITY

Real-time quality of CSIRT-to-CSIRT and NATO/UN partner coordination. Reflects shared threat intelligence fidelity, notification timeliness, and joint response alignment. Central to Budapest Convention supply chain provisions.

Drives: Q_coord · IIC Stratum II capability · Ψ_v2

Turn Decision Log

Decisions appear here