THE UK'S FIRST CYBER POLICY & STRATEGY COMPETITION

Competition Mission

The Cyber 9/12 Student Challenge is designed to offer students across a wide range of academic disciplines a better understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, the Student Challenge gives students interested in cyber conflict policy an opportunity to interact with expert mentors, judges, and cyber professionals, while developing valuable skills in policy analysis and presentation. Student teams will be challenged to respond to an evolving scenario involving a major cyberattack and analyze the threat it poses to state, military, and private sector interests. Teams will be judged based on the quality of their policy responses, their decision-making processes, and their oral presentation to a panel of judges. Along the way, teams will work with coaches at their home institution to develop their policy skills; feedback from expert panels of judges will ensure that all participants have an opportunity to improve their skills; and the collaborative environment will provide networking opportunities during the competition.

Importance of the Rules  

All participants must be familiar with the rules before participating in the event. Because teams will be evaluated based on a combination of written and oral tasks, a thorough understanding of the rules is important to success.

Download the Rules (251.2 KB)

Rule 1. Format

The Cyber 9/12 Student Challenge consists of a cyber-attack scenario that evolves over the course of the exercise, prompting teams to modify their policy priorities and recommendations as part of successive oral presentations. 

Qualifying Round — REPORT 

Before the competition, teams will write a policy brief exploring the challenges faced by state, military, and industry actors related to the cyber incident described in the scenario materials. The brief must also recommend appropriate actions and policy responses for the actors involved. The length of the brief is limited to five single-sided pages in length. Further detailed instructions will be distributed to teams selected for the competition.

The qualifying round, held on day one, consists of 10 minute oral presentations, followed by 10 minutes to answer direct questions from a panel of judges.  At the conclusion of the round, teams will receive feedback from the judges who will score students based on their oral presentations. The judges’ score on the oral presentation will be combined with the team score from the more detailed written policy brief submitted in advance of the competition (see Rule 8 below). 

Semi-Final Round — RESPOND
The semi-final round, held in the morning on day two, will give advancing teams the opportunity to respond to a new intelligence report that alters the original scenario. Teams will receive the new intelligence report, when advancing teams are announced at the conclusion of day one. The semi-final round consists of one 10 minute oral presentation, followed by 10 minutes to answer direct questions from a panel of judges.  Teams will have only little time to prepare and modify their policy priorities and recommendations.  Advancing teams will be decided based on the judges’ score on the oral presentation.

Final Round — REACT
The final round, held in the afternoon on day two, will involve a spontaneous reaction to an intelligence report that further alters the original scenario. Teams will have to respond to questions from the panel of judges with only little preparation, testing their ability to analyze information as a team and synthesize a response on the spot. Judges will deliver a final evaluation, and winners will be selected based on the final round scores.

Rule 2. Registration

To be considered for the competition, interested teams must submit all registration materials, including all team information, by the registration deadline. After all registration materials have been received, teams selected to compete will receive invitations and competition materials. Teams registering late may be considered at the discretion of the Competition Director, space permitting.

Rule 3. Eligibility

All students currently enrolled in an undergraduate, graduate, doctoral, professional, or law program on the date of the registration deadline are eligible to compete. There is no explicit major, coursework, or prior experience in cyber conflict necessary to compete, but successful applicants will have a strong link between cyber conflict policy and their current academic interest.

Students with an interest in cyber conflict policy from around the world are invited to apply to compete. However, the Cyber 9/12 Student Challenge cannot guarantee any funds to support team travel and accommodation expenses. Applicants are encouraged to inquire about funding from their home institutions.

Rule 4. Team Composition

Each team must include four students. Teams that register less than four competitors may be considered at the discretion of the Competition Director, space permitting. There are no requirements for team composition based on the majors or education level of team members. Each team must also recruit a faculty member to act as their team coach and mentor. While coaches are not required to take part in the competition event, their participation is necessary to ensure that all teams have access to assistance in crafting their responses.

Rule 5. Pre-competition Preparation

Background information on the competition scenario for the Qualifying Round will be distributed before the competition. This information will be distributed to all teams after participants have completed registration and selected teams have been notified. For the Qualifying Round of the scenario exercise (see Rule 7), teams will prepare both written and oral policy briefs based on a response to the initial scenario intelligence report. The written policy brief will be due prior to the competition event. The oral policy brief will be presented at the competition as part of the Qualifying Round and must be accompanied by a “decision document” handed to the judges at the beginning of the competition round (see Rule 8 below).  Teams are also required to find a faculty member to serve as coach who can help review and develop student policy briefs.

Rule 6. Team Selection and Notification

Teams will be selected based on registration materials submitted in accordance with Rule 3. Selected teams will be notified via e-mail of their invitation to the competition. Teams selected to participate will complete a supplementary information packet in advance of the competition.

Rule 7. The Scenario Exercise

The competition will focus on a single cyber-attack scenario described through various intelligence reports. The exercise encompasses tasks, both written and oral, that challenge students to respond to the political, economic, and security problems created by the evolving cyber attack scenario. At all stages of the competition, scenario information and tasks will be distributed in a manner that ensures all teams an equal chance to prepare.

Rule 8. Structure

The competition will focus on a single cyber-attack scenario described through various intelligence reports. The exercise encompasses tasks, both written and oral, that challenge students to respond to the political, economic, and security problems 

Qualifying Round
Teams will be provided with a detailed scenario background packet that sets the scene for the fictional cyber-attack. This scenario will be focused on a state-supported cyber-attack against the United States or one of its Allies. Teams will also receive three tasks to prepare before the competition event.

Written Cyber Policy Brief
Teams will write a policy brief exploring the challenges faced by state, military, and industry actors related to the cyber incident described in the scenario materials. The brief must also recommend appropriate actions and policy responses for the actors involved. The brief is limited to five single-sided pages in length. 

Oral Cyber Policy Brief
Teams will be given 10 minutes to present their policy recommendations, followed by 10 minutes to answer direct questions from a panel of judges. Further detailed instructions will be distributed to teams selected for the competition.

Decision Document
Teams will also be required to submit a “decision document” accompanying their oral presentation at the beginning of the competition round.  The “decision document” will be a prepared form, two single-sided pages (one double-sided page) in length, outlining the team’s four policy response alternatives, decision process, and recommendations. Further detailed instructions will be distributed to teams selected for the competition.

Semi-Final Round
After the advancing teams are announced, participants will receive another intelligence report. This intelligence report will describe some change in, or escalation of, the original scenario and entail new problems for the actors involved. 

Oral Cyber Policy Brief
Teams will be given 10 minutes to present their response regarding further changes to their policy recommendations, followed by 10 minutes to answer direct questions from a panel of judges.

Decision Document
Teams will also be required to submit a “decision document” accompanying their oral presentation at the beginning of the competition’s first round.  The “decision document” will be a prepared form, two single-sided pages (one double-sided page) in length, outlining the team’s decision process and recommendations.

Final Round
After the advancing teams are announced, participants will receive the final intelligence report detailing further changes to the scenario and will be provided with a very short amount of time to use the new information to revise their policy responses. 

Oral Cyber Policy Brief
One at a time, each team will meet with a panel of judges. The teams will present a 10 minute presentation of their reaction regarding further changes to the scenario and their policy recommendations, followed by to 10 minutes of questions from the judges.

Rule 9. Permissible Assistance and Cheating

Before the competition, teams are encouraged to seek outside help to develop their policy briefs. Teams are expected to rely on their coaches in particular to help develop and revise their policy ideas for the competition. 

During competition events, when teams are presenting or answering judge questions, no outside assistance is allowed for teams. However, teams may confer with their coaches during the breaks between rounds and stages.

Teams will not be allowed to use electronic devices such as cellular phones and computers during the competition events, when teams are presenting or answering judge questions. However, teams may use electronic devices such as cellular phones and computers during the breaks between rounds. Paper notes are highly encouraged at all times during the competition.

Cheating during the competition will not be tolerated and will result in the immediate disqualification of a team. All teams are expected to comply by the rigorous standards of academic honesty in place at their home institutions. Any team suspected of cheating may be subject to immediate disqualification. The home institutions of disqualified teams will also be notified of the disqualification.

Rule 10. Judges

Each round of the competition will be judged by a panel of three cyber policy experts. To standardize scoring and encourage consensus, all judges will score the teams based on a common grading scorecard in accordance with Rule 13. Judges may vary between sessions and rounds subject to their availability. 

Rule 11. Observers, Media, and Broadcasting

A limited number of observers may be present at the event. Every effort will be taken to ensure that they do not disturb or assist any of the participating teams in the competition. 

The Cyber 9/12 Student Challenge reserves the right to partner with the media to provide live coverage of the event via broadcast or internet livestream. Additionally, members of the press may be present to cover the event in person. All participants in the event and observers in the event are expected to conduct themselves in a responsible and professional manner.

Rule 12. Timekeeping

Competition staff will manage a clock to keep track of time limits for the presentations. Teams will be kept advised of the time using a “green-yellow-red” system of cards. At the five-minute mark a staff member will display a green card to the team; at the one-minute mark a staff member will display a yellow card; and at the expiration of time, a staff member will display a red card. A penalty will be assessed for teams exceeding the time limit. 

Rule 13. Team Evaluation and Scoring

All teams will be evaluated based on three main dimensions of their responses: evaluation of the scenario problem; analysis of policy response alternatives presented; and quality of writing or oral presentation. These dimensions will be scored based on a common grading scorecard and instructions shared by all the judges. The resulting numerical scores will be used to determine the winners of each round. 

At the conclusion of each round, teams will be provided specific, detailed feedback on strengths and areas of improvement for their policy and presentation skills.

Grading scorecards and guidelines will be distributed to all teams in advance of the competition. 

Rule 14. Elimination

In the event a team is eliminated, they are invited to participate in the rest of the competition as observers. Eliminated or not, all teams are welcome and encouraged to take part in the networking functions, speeches, and other events accompanying the event. Please note that eliminated teams are still eligible for some of the prizes and awards to be offered (see Rule 15).

Rule 15. Prizes and Awards

In addition to the main prize of the competition, the Cyber 9/12 Student Challenge will, at its discretion, award additional prizes for outstanding achievement during the course of the competition. The categories of prizes to be offered will be announced before the date of the competition. Teams will also be eligible for awards based on their final standing in the competition, and all teams will receive certificates in commemoration of their participation.

Rule 16. Notification of Rule Changes

The above rules are provided for planning purposes only. The Cyber 9/12 Student Challenge reserves the right to alter the rules based on logistical and technical considerations. In the event of changes to the competition rules, a new version of this document will be posted and distributed to teams before the start of the competition.

Who are the Atlantic Council?

The Atlantic Council - Working Together to Secure the Future. Renewing the Atlantic Community for Global Challenges

The Atlantic Council promotes constructive leadership and engagement in international affairs based on the Atlantic Community's central role in meeting global challenges. The Council provides an essential forum for navigating the dramatic economic and political changes defining the twenty-first century by informing and galvanizing its uniquely influential network of global leaders. Through the papers we write, the ideas we generate, and the communities we build, the Council shapes policy choices and strategies to create a more secure and prosperous world.

Who are the Atlantic Council Cyber Statecraft Initiative?

To preserve global prosperity and stability, the Atlantic Council’s Cyber Statecraft Initiative promulgates strategies and policies where the consequences of cyber security failure have direct public safety and national security implications.

What is the Cyber 9/12 Competition?

Now entering its sixth year globally, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. The competition takes place the first time in the UK this year. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyber-attack and analyse the threat it poses to national, international, and private sector interests.

Students have a unique opportunity to interact with expert mentors and high-level cyber professionals while developing valuable skills in policy analysis and presentation. The competition has already engaged over 1000 students from universities in the United States, United Kingdom, France, Australia, China, United Arab Emirates, Poland, Switzerland, Hungary, Sweden, Finland, and Estonia.

Why now for a UK Cyber Policy competition?

Like many nations, the UK faces a critical shortage of cyber security professionals. Great progress has been made in highlighting the value of technical skills and there are now some fantastic national technical competitions that are finding some amazing talent. But to be nationally resilient in facing our cyber security challenges we need a talented diverse workforce consisting of technical, policy and strategy skills. The Cyber 9/12 UK competition is the first competition that pulls together mixed discipline teams consisting of technical expertise and policy expertise and gives them a realistic joint challenge. It is hoped that we can use this to promote the dialogue around the value and need for cyber policy expertise, how we generate these skill sets and how to strengthen the teamwork between the technical and non-technical.

What teams are competing in 2018?

Aberystwyth University

University of Birmingham

Newcastle University

Lancaster University

Warwick University

Oxford Brookes University

Queen’s University Belfast

University of Edinburgh

Newcastle & Durham Universities

King’s College London

University College, London

Royal Holloway, University of London

UK Ministry of Defence

Law Enforcement (combined NCCU & Europol)

University of Oxford

Bournemouth University

Why are MoD and Law Enforcement teams involved?

Finding the cyber security leadership of the future isn’t just an industry challenge, it is a Govt. and Law Enforcement challenge as well. The MoD and LE teams are made up of junior, talented members with diverse backgrounds who will be competing against each other in a head-to-head competition.

Who can compete?

Students currently enrolled in an undergraduate, graduate, doctoral, professional, or law program, including students in military academies, on the date of the registration deadline are eligible to compete. We also welcome competitors who have participated in the Student Challenge in previous years. There is no explicit major, coursework, or prior experience in cyber conflict necessary to compete, but successful applicants will be able to demonstrate a strong link between cyber conflict policy and their current academic interest.

Students with an interest in cyber conflict policy from around the world are invited to apply. However, the Cyber 9/12 Student Challenge cannot guarantee any funds to support team travel and accommodation expenses. Applicants are encouraged to inquire about funding from their home institutions.

How do I register?

Although this year is fully subscribed for the UK competition, we will announce the opening of registration for future competitions at the Atlantic Council website, as well this one. To be considered for the competition, interested teams must submit all registration materials, including all team information, by the registration deadline. After all registration materials have been received, teams selected to compete will receive invitations and competition materials. Teams registering late may be considered at the discretion of the Competition Director, space permitting.

Are there any requirements on team composition?

Each team must include four students. Teams that register less than four competitors may be considered at the discretion of the Competition Director, space permitting. There are no requirements for team composition based on the majors or education level of team members.

Each team must also recruit a faculty member to act as their team coach and mentor. While coaches are not required to attend the competition event, their participation is necessary to ensure that all teams have access to assistance in crafting their responses.

Can all registered teams take part in the competition?

The Atlantic Council reserves the right to limit the number of teams competing in the Cyber 9/12 Student Challenge. If the number of teams registering for the competition exceeds logistical capacity, written policy briefs will be analysed by a review board and utilized to determine which teams qualify for the event. Should the review process become necessary, all registered teams will be notified as soon as possible.

How is the competition structured?

One month before the competition, all registered teams receive Intelligence Report I, setting the stage for the simulated cyberattack. The teams are given approximately two weeks to prepare their written policy briefs.

The two days of the competition are divided into qualifying, semifinal, and final rounds. All teams submitting a written policy brief are entitled to participate in the qualifying round on the first competition day. Teams advancing to the semifinal round will be announced at an evening reception, where they receive Intelligence Report II, further adjusting the simulated scenario.

In the UK competition, teams not advancing to the semifinal round will be competing in a separate cyber crisis scenario for an additional prize

In the morning of the second day of the competition, semifinalist teams present their modified policy recommendations based on the evolved scenario. Teams advancing to the final round receive Intelligence Report III and very limited time to adjust their recommendations. In the afternoon of the second day, finalist teams present on a stage to a panel of senior judges. The competition concludes with an awards reception.

What is the format of the competition?

The Cyber 9/12 Student Challenge consists of a fictional simulated cyberattack scenario that evolves over the course of the competition, prompting teams to modify their policy priorities and recommendations as part of successive oral presentations. All teams will submit written policy briefs in advance of the competition and then compete in the qualifying competition round on day one. The judges' score of the qualifying round oral presentations will be combined with the team score from the more detailed written policy brief submitted in advance of the competition.

During the qualifying round on day one, teams will deliver a ten-minute oral presentation based on the written policy briefs prepared before the competition, followed by ten minutes to answer direct questions from a panel of judges. Judges will then provide feedback and score the students based on their performances. At the qualifying awards reception, advancing teams will be given an intelligence report that further develops the original scenario.

During the semi-final round, advancing teams will deliver a ten-minute oral presentation based on the new intelligence report received at the conclusion of day one, followed by ten minutes to answer direct questions from a panel of judges. Teams are given limited time to respond to the altered scenario, testing their ability to analyze information as a team and synthesize a response with limited preparation.

After the teams advancing to the final round are announced, the finalist teams will receive the third and final intelligence report, detailing further changes to the scenario. The teams are provided with a very short amount of time to use the new information to revise their policy responses. The finalists will deliver a ten-minute oral presentation, followed by ten minutes to answer direct questions from a panel of judges.

What tasks are part of the competition?

The competition will focus on a single fictional simulated cyberattack scenario described through several intelligence reports. The competition encompasses tasks, both written and oral, that challenge students to respond to the political, economic, and security problems created by the evolving cyberattack scenario. Teams will be provided with an intelligence report that sets the scene for the fictional cyberattack prior to the first competition day.

Written Cyber Policy Brief

Before the competition, the teams will write a policy brief exploring the challenges faced by national, military, and industry actors related to the cyber incident described in the scenario materials. The brief must also recommend appropriate actions and policy responses for the actors involved. The brief is limited to 500 words.

Oral Cyber Policy Brief

Teams will be given ten minutes to present their policy recommendations, followed by ten minutes to answer direct questions from a panel of judges. More detailed instructions will be distributed to the teams selected for the competition.

Decision Document

Teams will be required to submit a "decision document" accompanying their oral presentation at the beginning of the semi-final competition round. The "decision document" will be two single-sided pages (one double-sided page) in length, outlining the team's decision-making process and recommendations.

Is there a required format for the oral briefing?

There is no requirement for the structure or format of presentations. Presentations are limited to ten minutes. Each team must decide how to best conduct their briefing.

Can presentation aids be used for the oral presentations?

NO presentation aids (e.g., PowerPoint, props, and posters) are permitted. Teams will not be allowed to use electronic devices such as cellular phones and computers during the competition events, when teams are presenting or answering judge questions. However, teams may use electronic devices such as cellular phones and computers during the breaks between rounds. Paper notes are highly encouraged at all times during the competition.

What sources can I use to prepare my responses? How should these sources be cited?

Sources and citations are not required for the written policy response. If used, they will count toward the total page count.

What prizes will be awarded?

There will be awards for the top performing teams based on score, as well as team awards for best written brief, best oral presentation, best teamwork, and most creative policy response alternative.

What should I bring to the competition?

There are no restrictions on what teams may bring with them to the venue. However, during the competition rounds, no electronic assistance will be permitted. Teams are encouraged to use written or printed notes to help them during their presentations.

Is there a recommended hotel to stay in for the competition? Is there a conference rate available?

Unfortunately, we do not have conference rates available. However, we will send you information on the location of the competition prior to the competition, including information on hotels and transportation near the venue.

Where do I find more information on the competition?

For more information, please visit the Atlantic Council website, the Cyber 9/12 UK Student Challenge Facebook page, or contact us using the links on this website.