THE UK CYBER 9/12 STRATEGY CHALLENGE

Team and Coaches - Eligibility and Requirements

The UK Cyber 9/12 Strategy Challenge is designed to offer university students across a wide range of academic disciplines a better understanding of the strategy challenges associated with cyber security and conflict. Part interactive learning experience and part competitive scenario exercise, the Strategy Challenge gives students interested in cyber security strategy an opportunity to interact with expert coaches, judges and cyber professionals, all while developing valuable skills in analysis and presentation.

Individual teams must consist of 4 students in full time UK university education either pre or post grad at the time of registration.  Part time students, or those that have already entered the workplace in cyber security roles are not eligible to enter the competition.  It's also worth emphasising that the competition aims to highlight the value of diversely skilled teams in understanding cyber security challenges.  Participants are therefore encouraged to reach out to peers across different disciplines when forming teams.

Each team must also have a coach that can help prepare them for the competition.  The coach will ideally be from their own university and is likley to be experienced in organisational, national and international cyber security challenges.  In the rare case when teams struggle to find a coach, the organising committee may be able to assist in finding one.

The competition will take place in BT Tower over Mon 11th & Tues 12th Feb 2019, starting around 0800 and finishing around 1700 on both days.  Teams are expected to secure funding for their own travel and accomodation, but food and drink will be provided whilst on site at BT Tower.

In order to be considered for a place in the UK Cyber 9/12 Strategy Challenge, by the registration deadline of Noon GMT on Nov 30th 2018, each registered team must also submit via email their answers to the three questions outlined below . Each answer should be no more than 75 words.

Please send your answers via email to Safa Shahwan of the Atlantic Council’s Cyber Statecraft Initiative at sshahwan@atlanticcouncil.org

1. What would you consider to be the most significant cyber incident to date, and why?

2. What potential, future cyber incident keeps you up at night, why, and done by whom?

3. Why did you compose your team the way you did, and what do you expect will differentiate your team from others?

Judges

We welcome hearing from experienced cyber security professionals from across the national and international community who would like to attend the competition as a judge and take part.  Please register your interest thorugh the link on the home page.

Who are the Atlantic Council Cyber Statecraft Initiative?

The Atlantic Council - Working Together to Secure the Future. Renewing the Atlantic Community for Global Challenges

The Atlantic Council promotes constructive leadership and engagement in international affairs based on the Atlantic Community's central role in meeting global challenges. The Council provides an essential forum for navigating the dramatic economic and political changes defining the twenty-first century by informing and galvanizing its uniquely influential network of global leaders. Through the papers we write, the ideas we generate, and the communities we build, the Council shapes policy choices and strategies to create a more secure and prosperous world.

Who are the Atlantic Council Cyber Statecraft Initiative?

The mission of the Atlantic Council’s Cyber Statecraft Initiative is to: 1) Examine the nexus of geopolitics and national security with cyberspace; 2) Continue to build out the new field of cyber safety in the Internet of Things; and 3) To help build the next generation of cybersecurity and cyberspace policy professionals. Throughout all of its work, the Initiative focuses relentlessly on providing practical, innovative, and relevant solutions to the challenges in cyberspace. The Initiative brings together a diverse network of respected experts, bridging the gap between the technical and policy communities.

What is the Cyber 9/12 Strategy Challenge?

Now entering its seventh year globally, the Cyber 9/12 Strategy Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. This will be the secnd UK competition. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyber-attack and analyse the threat it poses to national, international, and private sector interests.

Students have a unique opportunity to interact with expert mentors and high-level cyber professionals while developing valuable skills in policy analysis and presentation. The competition has already engaged over 1000 students from universities in the United States, United Kingdom, France, Australia, China, United Arab Emirates, Poland, Switzerland, Hungary, Sweden, Finland, and Estonia.

Why is it called 'Cyber 9/12'?

The genesis of the event back in 2011 was comparing the challenge of protecting against '9/11' style attacks versus protecting against major cyber attacks. To link up the concepts, the name 'Cyber 9/12' was chosen.

Why now for a UK Cyber Strategy Challenge?

Like many nations, the UK faces a critical shortage of cyber security professionals. Great progress has been made in highlighting the value of technical skills and there are some fantastic national technical competitions that are finding amazing talent. But to be nationally resilient in facing our cyber security challenges we need a talented diverse workforce consisting of technical, policy and strategy skills. The UK Cyber 9/12 Strategy competition is the only competition that pulls together mixed discipline teams consisting of technical expertise and policy expertise and gives them a realistic joint challenge. It is hoped that we can use this to promote the dialogue around the value and need for cyber strategy and policy expertise, how we generate these skill sets and how to strengthen the teamwork between both technical and non-technical disciplines.

What teams competed in 2018?

Aberystwyth University

University of Birmingham

Newcastle University

Lancaster University

Warwick University

Oxford Brookes University

Queen’s University Belfast

University of Edinburgh

Newcastle & Durham Universities

King’s College London

University College, London

Royal Holloway, University of London

UK Ministry of Defence

Law Enforcement (combined NCCU & Europol)

University of Oxford

Bournemouth University

Why were MOD and Law Enforcement teams involved in 2018?

Finding the cyber security leadership of the future isn’t just an industry challenge, it is a government. and Law Enforcement challenge as well. The MOD and LE teams were made up of junior, talented members with diverse backgrounds who competed against each other in a head-to-head competition.

Who can compete?

Full time students currently enrolled at a UK university in an under-grad or post-grad course on the date of the registration deadline who have not yet entered full-time emplyment are eligible to compete. We also welcome competitors who have participated in the Student Challenge in previous years. There is no explicit academic discipline, coursework, or prior experience in cyber security or conflict necessary to compete, but teams should expect to be able to demonstrate a strong link between cyber strategy and their current academic interest.

Is there funding for travel and accomodation?

There is no central travel or accomodation funding available for competitors to attend the competition.  Applicants are highly encouraged to inquire about funding from their home institutions.

How do I register?

Registration for the competion is available through the link on both this website and the Atlantic Council Cyber Statecraft Initiative website.

Are there any requirements on team composition?

Each team must include four students. Teams that register less than four competitors may be considered at the discretion of the Competition Director, space permitting. There are no requirements for team composition based on academic disciplines but diversity is encouraged.

Each team must also recruit a University staff member to act as their team coach and mentor. While coaches are not required to attend the competition event, their participation is necessary to ensure that all teams have access to assistance in crafting their responses.

Can all registered teams take part in the competition?

The Atlantic Council reserves the right to limit the number of teams competing in the Cyber 9/12 Strategy Challenge. If the number of teams registering for the competition exceeds logistical capacity, written policy briefs will be analysed by a review board and utilized to determine which teams qualify for the event. Should the review process become necessary, all registered teams will be notified as soon as possible.

How is the competition structured?

Around one month before the competition, all competing teams receive Intelligence Report I, setting the stage for the simulated cyberattack. The teams are then given approximately three weeks to prepare a short written policy brief on the scenario.

The two days of the competition are divided into qualifying, semifinal, and final rounds. On the first day, each team will give a 10 minute verbal presentation to a panel of judges, who will then have 10 mins to ask questions, score and give feedback. The highest scoring teams advancing to the semifinal round will be announced at an evening reception on the Monday, where they will also receive Intelligence Report II which  further evolves the simulated scenario.

On the second day, in the UK competition, teams not advancing to the semifinal round will be given a morning of expert coaching by senior industry leaders as well as the opportunity for a question and answer session to explore how to improve their skills.

Semifinalist teams will (in the same process as the first day) present their updated strategy recommendations based on the evolved scenario. Teams advancing to the final round receive Intelligence Report III and very limited time to evolve their recommendations. During the afternoon of the second day, the three finalist teams will present in the auditorium to a panel of senior judges and all other competitors not taking part in the final. The competition concludes with an awards reception.

Is there a set of competition rules?

A comprehensive set of compettition rules will be distributed to all teams and coaches before the competition starts.

What tasks are part of the competition?

The competition scenario will focus on a fictional evolving and escalating cyberattack scenario described through several intelligence reports consisting of multiple inserts. The competition encompasses tasks, both written and oral, that challenge students to respond to the political, economic, and security problems created by the evolving cyberattack scenario.

Written Cyber Strategy Brief

Before the arriving at the competition, the teams will submit a short strategy brief giving their analysis on what has been presented to them in the scenario materials. This brief is limited to 500 words and two pages of A4.

Oral Cyber Brief

Teams will be given ten minutes to present their policy recommendations, followed by ten minutes to answer direct questions from a panel of judges. More detailed instructions will be distributed to the teams before the competition.

Decision Document

Teams will be required to submit a "decision document" accompanying their oral presentation at the beginning of the first round and semi-final competition round. The "decision document" will be no more than two pages of A4 in length, outlining the team's decision-making process and recommendations. It must be stressed that this document is used to support the oral presentation, and judges will only be given 2 mins to read it before the presentation starts, clarity and brevity are highly recomended.

Is there a required format for the oral briefing?

There is no requirement for the structure or format of presentations. Presentations are limited to ten minutes. Each team must decide how to best conduct their briefing.

Can presentation aids be used for the oral presentations?

NO presentation aids (e.g., PowerPoint, props, or posters) are permitted. Teams will not be allowed to use electronic devices such as mobile phones and computers during the competition events, when teams are presenting or answering judge questions. However, teams may use electronic devices such as mobile phones and computers during the breaks between rounds. Paper notes are highly encouraged at all times during the competition.

What sources can I use to prepare my responses? How should these sources be cited?

Sources and citations are not required for the written policy response. If used, they will count toward the total page count.

What prizes will be awarded?

There will be awards for the top performing teams based on score, as well as team awards for best written brief, best oral presentation, best teamwork, and most creative policy response alternative.

What should I bring to the competition?

There are no restrictions on what teams may bring with them to the venue. However, during the competition rounds, no electronic assistance will be permitted. Teams are encouraged to use written or printed notes to help them during their presentations.

Is there a recommended hotel to stay in for the competition? Is there a conference rate available?

Unfortunately, we do not have conference rates available.

Where do I find more information on the competition?

For more information, please visit the Atlantic Council website or contact us using the links on this website or through social media.