Cyber Supply Chain Tower Game

The Supply Chain Game is a fast-paced, fun tower building competition (similar to Jenga) that teaches cyber supply chain principles. The game was designed and developed for the Supply Chain Sandbox at the 2020 RSA Conference.

Original rules

• A team consists of three players. Each player takes turns placing a block, representing an individual component, on the stack.
• A layer consists of three components (unless otherwise noted).
• After each player has placed one component (unless otherwise noted), the team draws one card from the deck and plays it.
• Gameplay continues until the tower falls.
• (There are no win conditions)

Revised rules

• Teams do NOT have to play cards when drawn, and can only have (players+1) cards at any time. Teams must play one before drawing a card that would cause them to exceed that number.
• Teams consist of a CEO, CIO, and CISO, each of which has a different "super power" and a different win condition.
• The CEO goes first, can direct the CIO to start a new layer at any time, and wins at a height of ten layers.
• The CIO goes second, removes all components, and wins after six consecutive rounds without collapse.
• The CISO goes last (and draws cards), may replace components anywhere in the stack during their turn, and wins if the stack never collapses.
• If the stack collapses, remove the out of place components and keep building.
• All three players can win.

Variants

Start with an SBOM

• The die has two sides painted red, indicating this type of component is particularly troublesome, and no green side, indicating this type of component is more robust.
• Components are blindly drawn from a box, and participants can choose to avoid playing a component they drew and add it to a "discard" pile, consuming one turn.
• (Savvy participants may choose to play this piece in a strategically strong place, so they can build faster and maintain resilience)

Mature Cyber Supply Chain Program

• The die has two sides of three colors, indicating the other components are known to be less likely to fail, due to supply chain diligence.
• Components are blindly drawn from a box, and participants can choose to avoid playing a component they drew and add it to a "discard" pile, consuming one turn.
• (Savvy participants may choose to play this piece in a strategically strong place, so they can build faster and maintain resilience)

Ohter Resources

• Cathy Gellis pointed to a project that streamlines card creation from Google Sheets.
• The Google Sheet that started it all.