How do you respond to a cyberattack on a European airport, manipulation of UK aviation financial markets, and two emerging botnets? Team CDT had the winning response.
Our approach included confirming attribution for the attacks, collating intelligence research, employing law enforcement in digital control towers, and utilizing an apolitical spokesperson from the National Cyber Security Center (NCSC) to disseminate information about the evolving scenario.
Team CDT employed real-world tactics, including a retaliatory cyberattack by an intelligence agency targeting the country to which the attack was attributed. The team is comprised of four doctoral students from Royal Holloway University of London—Georgia Crossland, Amy Ertan, Lydia Garms, and Angela Heeler.
The scenario was part of the Atlantic Council’s first UK Cyber 9/12 Student Challenge held in London on February 26 and 27. The Cyber 9/12 Student Challenge is a one-of-a-kind cyber policy and strategy competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests. Entering is sixth year, the Cyber 9/12 Student Challenge has connected with over 1,000 students and has been held across the United States and in Europe and the Indo-Pacific.
The Student Challenge was held at “Location 23,” more commonly known as London’s BT Tower. BT Tower was the United Kingdom’s tallest building until 1980 and was designated an official secret for years, fitting for the inaugural UK cyber policy and strategy competition.
The Atlantic Council developed a cyber scenario and student teams were tasked with presenting three policy options for government consideration in response to the scenario’s events, the details of which were delivered to teams via three intelligence reports during the competition.
The first day of the competition saw snow and the eager arrival of the fifteen teams—thirteen from universities representing each region in the United Kingdom and two professional teams comprised of Europol, the UK Ministry of Defence, and the UK National Cyber Crime Unit. With snow accumulating on the streets of London, teams practiced their presentations from the 34th floor of BT Tower, which provides a 360-degree view of London. As the day progressed, teams presented their policy recommendations and answered questions from a panel of judges holding senior positions in government, private industry, and academia.
Based on the judges’ scores from this qualifying round, eight teams advanced to the semi-final round. With Intelligence Report II in hand, teams retired for the evening to develop new policy recommendations based upon the unfolding scenario events, including a UK airport cyberattack, suspicious trading on the London Stock Exchange, a social media botnet, and Distributed Denial of Service (DDoS) attacks.
Four teams advanced to the final round and were given twenty minutes to review Intelligence Report III before delivering policy briefings to all competition attendees and participating in the final session with the judges. After deliberation, the judges announced Team CDT as the winners.
Applicability of the Cyber 9/12 scenario to the real world
Similarities between the competition and real world cyber events gave the competition great depth. The Atlantic Council scenario may have been fictional, but it was created with realistic events that were plausible in today’s world. For example, the United Kingdom’s Swanwick digital control tower began operating in 2017 and will replace the existing tower at London City Airport in 2019. Citing the importance of air traffic control systems, the National Air Traffic Control Services (NATS) posted in their blog that the industry should strive to have “a back-up and sometimes a back-up to the back-up.” Using compromised high-wealth accounts to trade aviation stocks in the scenario is also quite plausible with respect to the mechanisms within the London Stock Exchange. The appearance of social media botnets within the scenario is reminiscent of the media botnets that reportedly amplified certain political viewpoints during the 2016 US presidential elections.
As a result of the Cyber 9/12 competition, Team CDT was nominated and subsequently won the SC Awards Europe 2018 Cybersecurity Students of the Year in June.
Georgia Crossland, Amy Ertan, Lydia Garms, and Angela Heeler are all doctoral students at Royal Holloway University of London. Lydia runs the popular Women in Security/Mathematics Network at Royal Holloway. Georgia and Angela contribute to secondary school outreach programs highlighting the versatility of cyber security as a field. Amy organizes well-being and social activities for the Information Security Department and is involved in multiple projects that encourage greater academia-industry collaboration.