Cyber crises need strong collaboration: Reflections from Cyber 9/12

The Oxford University “CyberSeals”, winners of the Cyber 9/12 Strategy Challenge in London, UK: Alexis Montouris Ciambotti, Manuel Hepfer, and Matthew Rogers. Not pictured: Yashovardhan Sharma.

The Cyber 9/12 Strategy Challenge, hosted by the Atlantic Council’s Cyber Statecraft Initiative, is a global cyber policy and strategy competition where students compete in developing policy recommendations tackling a fictional cyber catastrophe. The competition is divided into three sequential rounds, wherein teams are presented with intelligence reports of escalating severity and complexity and must brief their recommendations to panels of expert judges. The 2020 Cyber 9/12 Strategy Challenge in London, United Kingdom was won by CyberSeals, representing Oxford University. CyberSeals, coached by Dr. Lucas Kello, was comprised of Alexis Montouris Ciambotti, Manuel Hepfer, Matthew Rogers, and Yashovardhan Sharma. They shared their competition experience with the Atlantic Council:

The 2020 UK Cyber 9/12 Strategy Challenge integrated a hands-on, realistic experience in crisis management and teamwork with a lesson in the complexity of cybersecurity. Every stage of Cyber 9/12 reaffirmed our team’s belief that successfully managing a cybersecurity crisis requires strong collaboration, from analyzing the three intelligence briefs and designing decision documents to presenting findings to expert judges. The team found that Cyber 9/12’s complex scenario offered many possibilities for policy recommendations, meaning no individual could comprehend the entire situation alone and no single perspective could solve the problem. 

We came together to gain hands-on experience in cybersecurity crisis management and policy. Our team blended backgrounds across sectors and disciplines, as one member contributed policy and legal research, two had technical training, and another researched industry responses to cyberattacks. All of us had researched cybersecurity issues in our own fields, and while some of us had crisis simulation experience, none had participated in a two-day competition. 

We received the first intelligence brief two weeks before the competition. The forty-page brief presented myriad information, ranging from the complex to the cryptic. We ascertained that a telecommunications cyber incident had largely affected the Baltic region and that a satellite image depicting an oil leak was circulating on social media but was likely fake. As a group, we made sense of the details of the situation and designed alternative policies for the prime minister to effectively address the crisis. In the lead-up to Cyber 9/12, we met with our coach to discuss our strategy for the competition and prepared to present our recommendations to the judges.

When we arrived at the BT Tower in London, the Cyber 9/12 organizers provided teams interesting keynote speeches, activities, and networking opportunities with other students and representatives from industry, academia, and government throughout both days of the competition. In the first round, we presented our assessment and policy recommendations to the panel of expert judges for ten minutes and then addressed questions from representatives of major government agencies and industry. At the end of the oral briefing and question period, we received feedback from the judges about our responses, teamwork, and presentation. We were scheduled to present earlier in the day, and while waiting to hear our results, we completed a highly involved lock-picking challenge that relied on defeating a complex technical apparatus and collaborating to decipher the Enigma code.

At the end of the day, advancing teams gathered in the auditorium of BT Tower to receive an oral briefing before the release of the second intelligence report. A fictional breaking-news broadcast depicted a UK government official making depreciatory comments about a potential telecommunications policy that could jeopardize national security, but the comments could also undercut the United Kingdom’s international reputation. We determined that the video was a deepfake based on evidence in the feed and began reading the second intelligence brief over dinner. We then migrated to one of our team members’ hotel business center where we spread out our materials and worked together overnight to address the new situation. 

The second brief was as detailed and nearly as long as the previous report and engaged a variety of sources to inform us of the situation. Early in our discussion, we determined that three major issues had transpired: an individual seemed to have infiltrated a British firm and may have caused the satellite imagery to be fake; Britain had experienced a significantly more extensive telecommunications attack following the initial event; and the video did not seem to have affected national security or international relations. Integrating the feedback our team received from the judges earlier that day, we designed our approach for the next round. Bouncing ideas off of each other and building on each teammate’s input, we submitted our decision document by the early morning and prepared to present our findings to the judges later that day. 

With two to three hours of sleep, we arrived at BT Tower to present our assessment and recommendations in ten minutes. Again, we addressed the judges’ questions and received feedback on our recommendations before joining the other teams for lunch and to await the results. After a keynote address on diverse careers in cybersecurity, our team learned that we had advanced to the final round. 

A coordinator led us to a room with the two other finalist teams to wait for our turn to analyze the new brief. We would have twenty minutes to assess a new, shorter brief and prepare decisions, before presenting to a panel of VIP judges in front of all the Cyber 9/12 attendees. As we waited, we had the opportunity to meet the other teams and share our different experiences. 

When it was our turn, we had developed a muscle memory of our approach: in the first and second rounds, we had coordinated our efforts to tackle the whole of the problem, and now, in the final round under more extreme time constraints, we intuitively worked together. By the third round, we had honed our communication skills and spent enough time learning from each other as a team that we deeply trusted each other’s disciplinary expertise. We determined that the insider threat was conceivably neutralized, and a new state likely hosted a proxy server in the telecommunications breach, and we strategized together to design our recommendations for the third time. Towards the end of our oral brief, each member presented unique insight into the decisions we proposed. Our mutual trust became our greatest strength in the face of the judges’ intense questioning, as we relied on each other’s background and expertise to address their concerns.

Cyber 9/12 provided us a unique opportunity to apply the often-theoretical education we received in the classroom to a complex scenario and gain practical skills in interdisciplinary communication and crisis management. We walked away from the experience with a highly enriched understanding of cybersecurity crises and a deep appreciation for joining different backgrounds and skill sets into one team. We feel that Cyber 9/12 sharpened our ability to analyze an evolving situation and identify its key issues, adapt to unexpected changes, and recommend effective responses to manage the crisis, and we feel very fortunate to have had the opportunity to participate.

Further reading: