Question: Where is a mouse as strong as an elephant? Answer: on the Internet.

The Internet is the great leveler. One person or small group of people can wreak havoc by disrupting Web processes, even against well funded IT departments run by well meaning CIOs.

Cyber-threats from around the globe are a pressing concern today for government and private industry alike. The threat from state and nonstate actors is here, it's real and it's only getting worse. Increasingly the public and private sectors are coming to terms with the fact that they can't confront these complex cyber-challenges alone. In industries as varied as finance and defense, there's a growing realization that cyber-security is simply too large for any one authority to solve alone.

Indeed, a particularly damaging security breach at major financial institutions could ignite a bank run and damage private industry as well as the world economies and governments. A hacked government network controlling critical infrastructure obviously would severely impact private business and the government.

If government, business and civil society face a joint and interrelated cyber-security problem, then they must work together to tackle the solution. But cyber-security is complex enough to stymie just one business or group -- let alone a tripartite group of varied interests.

With this in mind, how do you begin to address the shared risks and opportunities inherent in cyber-security? The answer can be found by exploring two important concepts: megacommunities and wargames.

Forming a Cyber-Megacommunity

Megacommunities are communities of organizations whose leaders and members deliberately come together across national, organizational and sector boundaries to reach goals they can't achieve alone. The megacommunity concept far exceeds the scope of typical public-private partnerships, which usually involve limited alliances and focus on more narrow purposes. Megacommunities take on much larger goals that evolve over time.

At heart, the megacommunity is a system where all parties benefit, as opposed to one sector maximizing profits or power. The ongoing balancing of tensions between corporations, governments and civil society is a critical component in any megacommunity's success. Members can realize its positive effects by collectively seeking a degree of operating order within any situation before differences become conflicting interests.

A cyber-megacommunity is composed of five critical elements: the existence of tri-sector engagement, an overlap in vital interest, convergence, structure and adaptability.

This structure allows adaptability in response to changes as all parties drive toward the same agreed-upon converged outcome. Best of all, operating in a megacommunity isn't a zero-sum game; all parties can benefit at once.

Once assembled, a cyber-security megacommunity is the perfect platform to answer the questions -- and at times come up with the questions themselves -- that will form the strategy for jointly combating cyber-challenges.

Cyber-Megacommunity War-Gaming

Although war gaming has its roots in the military, today's war games are useful to achieve a variety of goals. These may include learning and refining cyber-defense tactics, techniques and procedures; formulating public policy; and crafting an overall strategic framework in which to view and confront cyber-security challenges.

The first step to conducting a successful exercise is correctly understanding the type of war game that's required and its desired outcome. For a cyber-megacommunity, formulating public policy and gaining an overall cyber-security strategic framework are likely the most important aims.

At a cyber-megacommunity war game, decision-makers are assigned to teams representing a range of interests across government, business sectors -- such as financial services, telecom/IT, energy and transportation -- and civil society. These teams then confront an unknown scenario for which they have not prepared.

Even as the scenario unfolds, participants must rely on incomplete information about events that are taking place -- which is a reflection of the real world where decisions are