Cyber 9/12 UK 2020 is now LIVE


It's official! The first scenario pack for this year's Cyber 9/12 UK strategy challenge has been sent out to participants and the 2020 competition is now live!

Our teams have just a few weeks to submit their written assessments. After that, they'll come to London's BT Tower on 17th February to present their policy recommendations in person, with our panels of expert judges acting as the senior decision-makers in this scenario.

By the end of the day, we'll know which teams are going through to the semi-finals and therefore who will be getting Scenario Pack 2 to work on overnight...

It's all being kept under wraps, so we can't say too much. But we did manage to catch up with our cyber scenario guru, Andreas Haggman, earlier this week, and here's what he had to say:

"The scenario is based on some of the biggest geopolitical and technical cyber security trends visible today. The scenario themes have been curated to present a challenge specific to the UK context, testing participants ability to consider how the UK might respond to problem with both tactical and strategic dimensions.

The events in the scenario may be fictitious, but to anyone paying attention to cyber security news they will not seem far-fetched. These are issues governments must take seriously, even if they are wicked problems with no clear-cut solutions…

Good luck!"

All very cryptic, I'm sure. But we're with him on at least one thing -- good luck to all our teams!

Let battle commence...


Teams competing in 2020 event announced!


It’s now less than three months to go until the Cyber 9/12 strategic competition returns to London’s BT Tower for the third year. Huge thanks go to BT for continuing to support us as our strategic partner – this competition really could not happen without our partners and sponsors.

Thanks to the 25 teams that registered for the competition – it’s fantastic to see interest and engagement growing year-on-year! Unfortunately, though, we can only take so many teams forward to the main event.

The Cyber 9/12 UK team are therefore very excited to announced that we have invited 17 teams to compete in London on 17-18 February. These teams hail from Bournemouth University, the London School of Economics, King’s College London, Queen’s University Belfast, Royal Holloway University, University College London, University of East Anglia, University of Manchester, University of Oxford, and University of Portsmouth.

Huge congratulations to these teams and their mentors! And if you weren’t successful this time round, please do remain engaged with the competition this year and don’t be discouraged from trying again next year. Cyber security needs a multidisciplinary approach and people from drawn from a range of backgrounds – and this, of course means, you!

We’re really looking forward to another amazing competition this year – and especially the creative ideas that the students will bring to the table in response to the 2020 scenario as it unfolds.

2020 Competing Teams.png

Cyber 9/12: Supporting the next generation of cyber leaders


techUK is proud to support the work of the Atlantic Council’s Cyber 9/12 competition which bridges the cyber skills shortage by encouraging university students from a range of policy and technological backgrounds to get involved in the cyber industry.

It has long been clear that there is a cyber skills shortage, and the UK government recently announced that it plans to carry out a second audit into the state of the Country's cyber security workforce.

With 2018’s shocking revelations that just under half of all businesses felt they were insufficiently skilled to deal with a cybersecurity breach or attack, it is crucial that we promote efforts to increase cyber security skills across industry. Though there is clear demand for cyber security career paths, university courses related to the subject receive less funding than more traditional counterparts such as mathematics or physics.

Consequently, routes into cyber from other disciplines are much needed for those exploring their future career options and Cyber 9/12 provides a valuable opportunity.

The competition generates blended learning, allowing university students to understand the value of professions involved in the cyber sector while also emphasising the needs for a diverse cyber security workforce with a multitude of soft and technical skills. We at techUK believe diverse perspectives, like those promoted in the Cyber 9/12 competition, lead to more innovative solutions.

Gary Dreyer, one of the members of the winning CamPhishing team last year, highlighted how the competition can open up cyber security to those exploring alternative disciplines. While undertaking his MPhil in International Relations at the University of Cambridge, he saw Cyber 9/12 as an opportunity to learn more about the cyber realm and ensure that he would remain cyber aware in his future career.

Gary told techUK that his understanding of current issues in cyber security and his strategic communications skills were vastly improved by the competition and that it also provided him with excellent networking and social opportunities, giving him a strong connection base in the cyber industry, and allowing him to explore the geopolitical ramifications of cyber threats.

It is opportunities like this, where students are given an understanding of how the cyber security industry works and how it can impact other sectors of society, which makes techUK so supportive of the competition.

Commenting on techUK’s support for the competition Talal Rajab, techUK’s Head of Cyber and National Security, said: “techUK is delighted to be supporting the Cyber 9/12 Strategy Challenge. The cyber skills shortage is a well known problem, with a recent parliamentary report urging government to address the growing UK cyber security skills gap. Much of the work done in this space to date, however, has focused on growing technical skills and capabilities.

That is why initiatives like the Cyber 9/12 Strategy Challenge are so important, as they focus on developing “soft skills” like strategy, policy analysis and presentational skills that are also in short supply in the sector.”

Talal is the Head of Programme – Cyber at techUK, the trade association for the UK tech sector representing over 850 companies


Skills, teamwork, late nights and other reasons why

Cyber 9/12 rocks


Andreas Haggman (@Andreas_Haggman)


I first came across Cyber 9/12 (the Geneva edition) as a PhD student at Royal Holloway’s Centre for Doctoral Training in Cyber Security. I was instantly enamoured by the competition because I had long looked with envy at the CTFs and hackathons available to technical students. Finally, I thought, here was something that seemed to be just as exciting as any technical competition or game, but in my seemingly niche non-technical space. Cyber 9/12 lived up to those expectations and so much more.


I have many vivid memories from my time in Geneva, from rehearsing our team’s well-choreographed presentation to winning the award for Most Creative Policy Response.


What stands out though is both the exhaustion and satisfaction from staying up until 3am working on our policy responses to the second intelligence pack. In those wee Swiss hours, we really pulled together as a team and came up with some surprisingly brilliant analysis and policies. Sure, we might not have made it through to the final round, but I was proud of our efforts and the enjoyment working so closely with a team all in the same boat was worth the bleary eyes the next day. Teamwork really does make the dream work.


Aside from the value of teamwork in general, my single biggest takeaway from competing in Cyber 9/12 was understanding the importance of multidisciplinary approaches to cyber security. On our team we had a mix of technical and non-technical people from different backgrounds (and also gender representation) which led to some very innovative policy formulation.


What really hit the lesson home for me though, was after the event when we reflected back on our experiences, and the technical person on our team said their main takeaway had been that “in international relations it matters more who did it than what happened.” I had not previously appreciated that from a technical standpoint the who is much less relevant than the what because problem-solving does not assign blame. In policy, however, responsibility (the who) is an important matter that is part of solving the problem. Before Cyber 9/12 I had bought into interdisciplinarity on a theoretical level, but the event allowed me to experience the benefits of it first-hand.



Cybersecurity is about more than technology. The UK Cyber 9/12 Strategy Challenge was founded to broaden the debate around the cybersecurity challenges we face, and the workforce we need to tackle them. Since we started in 2018, we have highlighted the need to broaden the way we think of cybersecurity skills, incorporating areas such as political science, policy, and international relations. 

We are proud to have found and coached amazing competitors from across many UK universities. These competitors have come from multiple disciplines and demonstrated fantastic teamwork, knowledge, and the ability to be future cybersecurity leaders.

This year, Rapid7 provided the prize for the winning team, bringing them to Las Vegas to experience the DEF CON security conference. The blog below from one of the members of the winning team, Ainsley Katz, details her experience of competing, attending DEF CON, and entering the cybersecurity community in a professional international relations capacity. Thank you and congratulations to Ainsley and the rest of the Cambridge University team for participating in the competition, and demonstrating amazing insight, passion, and engagement through both the competition and their trip to DEF CON.


Pete Cooper is CEO of strategic security consultancy, Pavisade, Atlantic Council Senior Fellow, and the founder and director of Cyber 9/12 UK

Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge!

If someone asked me about my post-grad plans in January, I wouldn’t in my wildest dreams have envisioned flying an F-35 in Las Vegas or working at the U.S. Cyberspace Solarium Commission. In January, I was studying for my MPhil in International Relations and Politics at Cambridge University, and my understanding of all things cyber was almost as rudimentary as binary code flying around in space. All this was prior to participating in the Atlantic Council’s Cyber 9/12 Strategy Challenge.

Though I had no prior cyber experience and enough on my plate with my Master’s coursework and dissertation, when I learned of the Atlantic Council’s Cyber 9/12 Strategy Challenge, I felt strangely compelled to participate.

Just as mysterious was the gravity by which a hodgepodge collection of three fellow MPhil students and myself coalesced, received sponsorship from Cambridge's Academic Centre of Excellence in Cyber Security Research (ACECSR), and found a team coach in ACE-CSR member Dr. Jat Singh. However it happened, suddenly — and seemingly ex nihilo — team CamPhishing was born.

Competing in the Cyber 9/12 Challenge was one of the most unique, valuable, and enjoyable highlights of my Cambridge experience. The Challenge sees UK university teams take on the role of senior government advisors tasked with assisting Ministers in responding to an evolving cyber attack. Over two days, the scenario evolves through three rounds with a grand finale in front of senior UK cyber security experts.

Winning the Cyber 9/12 Challenge was as incredible as competing. For the First Place Prize, CamPhishing was generously sponsored by Rapid7 to attend the huge cybersecurity conference, DEF CON, in Las Vegas. Over the course of the conference I heard the likes of Representative Jim Langevin, Jane Harman, and Rapid7’s own Jen Ellis discuss Congressional efforts to address evolving cyber issues.

I also learned about the current challenges faced by Tor, heard Bruce Schneier’s clarion call for greater technologist involvement in policymaking, and listened to the White House’s Joshua Steinman discuss the elimination of the Cybersecurity Coordinator role on the U.S. National Security Council. Oh, and did I mention I flew an F-35? Granted, it was an F-35 flight simulator in the DEF CON Aviation Village and my flight skills weren’t at all up to the snuff of an Air Force pilot, but it was nonetheless quite the experience.

All in all, the Atlantic Cyber 9/12 Strategy Challenge certainly succeeded in interesting me to work in cyber.

Since DEF CON, I have begun working as a Cyber Strategy and Policy Analyst with the U.S. Cyberspace Solarium Commission. The Cyber 9/12 Challenge prepared me to think critically about proportional and viable policy options when dealing with cyber attacks while DEF CON not only taught me vital practical and technical topics in cybersecurity, but also introduced me to some of the most impressive and interesting individuals working on cyber issues today.

For these reasons and more, I wholeheartedly recommend the Cyber 9/12 Challenge to students, regardless of their prior experience (or lack thereof) in all things cyber.



Main prize sponsor 2019

Copyright © 2019 Atlantic Council.
All Rights Reserved.