The first season of the Cyber Fortress League has recently ended, and the new edition is about to begin. Meanwhile, a few words about what is behind us. We invite you to read the summary of the first season and the announcement of the next one.
The genesis of the Cyber Fortress
The Cybersecurity Foundation has extensive experience in organizing exercises in the area of cybersecurity both at the strategic level, the aim of which was to increase the ability of state organizations and structures to effectively protect against cyberspace attacks (Cyber-EXE exercise), as well as operational and technical, aimed at checking the technical capabilities of cybersecurity teams in the conditions of a simulated attack (CERT Games, CTF competitions).
The main goal of creating the Cyber Fortress game was to develop a simulation game that would allow you to practice the holistic approach. Team work both in terms of process and organization, as well as technical. The assumption of the game was to build the most effective cybersecurity system and to check the effect of strategies selected during the game and decisions made against simulated attack scenarios.
In the beginning the Cyber Fortress was created as a game with physical cards, symbolizing security measures in the organizational, process and technical area. Cards spread on the table, over which the team had to bend over and discuss together, supported integration, brainstorming, teamwork and provided a lot of emotions. The first game was played in 2019 as part of the Summer Cybersecurity School organized by the Polish Naval Academy. The atmosphere, reactions and opinions of the participants confirmed that it is worth developing this project. The premiere and test of the game showed that in practice the product is ready. We started new editions of training games, which were joined by other partners interested in using the game as a training and awareness platform.
Due to the pandemic, the Cyber Fortress turned into a digital version, where all teams could participate in the competition through an application with digital versions of the cards. After conducting many games in the form of training and competitions at conferences, including foreign ones, we gathered interesting experiences and feedback from participants, constantly introducing improvements.
Based on these experiences, we decided to organize the Cyber Fortress League and invite cybersecurity teams from all over the country and from various sectors to participate. The response was considerable, 18 teams registered and the inauguration of the League took place during the Security Case Study conference in 2020.
What is the Cyber Fortress League about
The teams were tasked with building a security system for the ICT environment and reacting to randomly selected or predetermined attacks. Each scenario was divided into two phases: the prevention phase, during which the participants of the game are tasked with building the most resilient security system of the organization, and the reaction phase, where, through appropriate actions, you have to defend your organization against a known attack. It was the participants who decided which strategy to follow and what would be the best choice. The limitations were the budget, time and knowledge of the current attack.
The Cybersecurity Foundation has prepared prizes for the competitors. There was a lot to fight for – the prize budget was PLN 20000, of which the winning team collected PLN 12000.
During the entire League, participants played 24 scenarios, defending organizations from various sectors, such as energy, financial, government administration, military, services, telecommunications and medical. Scenarios were selected and created based on real and current security incidents, so as to diversify and make the gameplay real. Scenarios such as: SolarWinds, DarkSide Ransomware, Colonial Pipeline, or the attack on a power plant in Ukraine in 2015 were played out. When preparing the games, we thoroughly analyzed these attacks, identified the attackers’ strategies and assessed how individual security measures could affect the effectiveness of the defense. At the beginning of the League, the participants didn’t know until the end what attack would come. During the games, we did an experiment and announced the planned attack scenarios before one of the tournaments, so that the participants had the opportunity to better prepare. This formula was accepted by the players with enthusiasm. Before the next games, we gave the teams tips and hints about the planned scenarios, which gave an advantage to the more attentive and inquisitive players and those who “worked through” the scenario while preparing for the actual game. We revealed the full information about the scenarios the day before the tournament. However, we didn’t give up the element of surprise and randomly selected attacks, because in everyday life, cybersecurity teams rarely have the comfort and time to prepare for a specific incident.
When creating scenarios as well as selecting and determining the effectiveness of security, we used the assumptions of well-known frameworks, including MITER ATT & CK and VERIS. This approach allowed for transparency and understanding of the rules of the game and scenarios, as well as it allowed to raise and improve the skills of players in this area. Very practical skills, which, as the participants emphasized – were very useful in their everyday struggles with ensuring the security of systems.
There were eight tournaments in the first season. During the seven tournaments, the participants played two scenarios, and in the final tournament, five games awaited them. Thanks to this, the fight for the top positions lasted until the end game and each team could mess up the ranking. The emotions in the last minutes of the competition were reaching their zenith.
Companies from many sectors participated in the League, which contributed to the diversity of approaches and strategies. Last year’s League was attended by 23 teams, including over 80 participants. The sectors from which the teams came were mainly banking, finance, telecommunications and IT, but also the public administration, consulting, industrial automation and education sectors.
The course of the games – how the leaders changed
From the beginning of the competition formed a group of teams, which fiercely competed with each other for top positions throughout the League, and the situation changed like in a kaleidoscope. After the first tournament Stronghold team took the lead, but lost it to Cyberband team after the second tournament. All the time behind their back lurked Grey Team, Cybertajniacy and TTnedi. Stronghold regained the throne after third tournament, but points were still fluctuating and rivals didn’t let us forget about themselves. Team “ęśąćż” (guess where they’re from 😊 ) joined the game for the highest stakes. From the fourth tournament they were on the fifth place, but then they gradually started to climb up in the ranking, attacking the leader position. Five games were played during the final and none of the teams in the top five could be sure of the final result. The fight lasted until the very end, but in the end Team Stronghold did not give up the leader position. Just behind them was team “ęśąćż” with a loss of only 4 points. On the lowest step of the podium stood team Cybertajniacy.
The final results look like this:
I place – Stronghold (259 points)
II place – Stronghold (255 points)
III place – Cybertajniacy (243 points)
Thanks again to all participants for participating in the competition and providing lots of excitement.
The Cyber Fortress League is an element of the statutory activity of the Foundation. Participation in the game is free of charge and such a rule will also apply in this year’s season. We invite existing and new teams to the next edition of the Cyber Fortress League, in which there will be no lack of novelties and surprises. If you want to join, register at http://cybsecurity.org/cyber-twierdza/