About the CyberBastion League!
Scenarios
Prizes
You are the team responsible for ensuring cybersecurity for critical infrastructure and essential services in your country. The goal of the game is to build an effective cybersecurity system that can protect the entities represented by the team from various threats in cyberspace.
At the beginning of the game, the organization has a budget set before the competition. During the game, simulated cyberattacks and incidents based on real events will take place. Some scenarios may allow for an increase in the budget during gameplay.
The security measures are divided into 8 categories (Organization, Physical Infrastructure, Entire Network, Network Edge, Internal Network, End Devices, Applications, and Data).
• There is a ninth category of Security – Data Sources – which must be unlocked by selecting the appropriate card from the remaining categories.
The gameplay scenarios include the occurrence of so-called injects – events of various natures, including attacks, parts of advanced attacks, incidents, and information. Before the game, players will receive hints about the planned scenario, but the teams that prepare better by gathering the most missing information will gain an advantage.
Based on the choices made, points will be counted and summed to indicate how effectively the teams managed to prevent or respond to the injects occurring in the scenario.
NOTES:
Your cybersecurity system will be developed throughout the game, and the selected security measures will be effective for all injects present in the scenario. Security measures are scored differently based on their effectiveness in terms of prevention (identification and protection) and response (reaction, detection, and recovery).
Online Version
Before the league starts, a short training session on game navigation will take place. The game begins when the game administrator initiates it at a predetermined time communicated before the tournament. A list of cards representing the security measures will be displayed on the screen by the team captain or a designated person, who will mark the choices made by the team on behalf of its members. The screen will display the remaining time until the end of the phase, the current budget status, and the results after completed phases. Each team participating in the CyberBastion League is responsible for providing its own equipment and internet connection necessary for the gameplay for each tournament. The organizer is not responsible for technical problems that may occur during the game (e.g., connection loss, computer failure) and may consequently prevent participation in the tournament or its round, as well as the failure to record points during gameplay.
Points CPE are awarded for participation in the CyberBastion League.
Game Progress
Objective of the Game
The players’ task is to build a cybersecurity system that will be effective against emerging Attack-type Injects.
PIN Code – a code that enables participation in the game.
Lobby – a space where players wait for the game to start.
Briefing – a tab that describes the context of a given game session. Information may include the organization being defended by the players (e.g., sector, infrastructure) and a description of the game scenario.
HP (Hit Points, Health Points) – a metric used to present the impact of Injects on the defended organization’s infrastructure and the effectiveness of the decisions made by the players. The impact of each Event can be minimized by selecting appropriate security measures. The HP value decreases more slowly after the occurrence of Injects if more effective security measures are implemented.
Budget – Players receive a virtual budget within which they implement security measures according to their adopted strategy.
Scenario – the course and schedule of gameplay consisting of predefined Injects.
Inject (Event) – any event in the game that can have various characteristics.
The game will include Events according to the prepared game scenario. The moment the first Attack-type Inject (generic or the first technique in the attack chain) occurs is considered a compromise of the system and marks the end of the Prevention phase.
Attack – A negative event impacting the players’ infrastructure. It can be a generic event (e.g., malware delivered via email) or a specific technique used by the attacker as part of the attack chain (a sequence of techniques), such as using scripts and PowerShell commands, modifying domain policies. One scenario can include several Attack-type Injects or several attack chains composed of multiple Injects.
Control – An event that can have a negative or positive impact on the players’ HP or budget.
Information – A neutral or positive event providing information that influences the course of the game, e.g., information about the activities of cybercriminal groups, information about additional budget allocation.
Bonus – A positive event resulting from successfully completing a task by the players.
Prevention – A phase of the game that occurs before the first Attack-type Inject (generic or the first technique in the attack chain) takes place. In this phase, security measures that allow for the Identification of threats and Protection against them are the most effective. Note: In scenarios involving multiple Attack-type Injects (generic or attack chains), after the Event concludes, a notification will be displayed indicating the end of the attack, and another Prevention phase will begin until the next Attack-type Inject occurs.
Response – A phase of the game that takes place after the occurrence of an Attack-type Inject (generic or the first technique in the attack chain). In this phase, security measures that allow for Detection of threats, Response to threats, and Recovery of business capabilities post-incident are the most effective. The response phase continues until the information about the end of the attack is received.
Security Measures – Represented in the game using cards that contain a number, name, price, and icon. Descriptions of the security measures are available on the website https://platform.cyberbastion.org/safeguards?lng=en
The categorization of security measures is based on the defense in depth model:
- Organization
- Physical Infrastructure
- Entire Network
- Network Edge
- Internal Network
- End Devices
- Applications
- Data
- Data Sources
The effectiveness of the security measures is estimated based on criteria from the NIST Cybersecurity Framework functions:
Identification – Understanding the business context, resources supporting critical functions, and associated cybersecurity risks enables the organization to focus and prioritize its actions according to its risk management strategy and business needs.
Examples of security measures within this function include: Asset Management; Security Organization; Governance; Risk Assessment;
Protection – Developing and implementing appropriate safeguards to ensure the delivery of essential infrastructural services and supporting capabilities to limit the impact of potential cybersecurity incidents.
Examples include: Access Control, Security Awareness Training, Data Security; Security Processes and Procedures; Maintenance and Security Technologies.
Detection – Developing and implementing appropriate activities and tools to detect cybersecurity-related incidents.
Examples within this function include: Anomalies and Events; Continuous Security Monitoring and Detection Processes.
Response – Developing and implementing appropriate actions to respond to detected cybersecurity incidents.
Examples include: Response Planning; Communication; Preventing Event Propagation, Analysis.
Recovery – Developing and implementing appropriate actions to maintain resilience plans and restore capabilities or services affected by a cybersecurity incident. The Recovery function supports the restoration of normal operations to minimize the impact of the cybersecurity incident.
Examples within this function include: Business Continuity Planning, Recovery Planning, Backups, System Redundancy, Improvements, and Communication.
Effectiveness of Security Measures – Effectiveness is assessed against individual Injects. Some security measures are effective only in the Prevention phase, while others are effective in the Response phase. In scenarios where the attack chain consists of multiple Injects, the same security measures can be considered multiple times with varying levels of effectiveness depending on the Inject.
Implementation of Security Measures – The implementation of security measures is confirmed by using the Purchase button. Only then are they included in the cybersecurity system. NOTE! It should be noted that some security measures that are effective in the Response phase must be implemented in the Prevention phase. The game’s premise assumes that once the first Attack-type Inject begins, there are no longer options for implementing security measures that require a long time for implementation, such as technological (e.g., SIEM, IDS/IPS) and procedural security measures (e.g., Incident Response Process). However, some security measures related to external services or quick-action tasks can still be implemented in the Response phase, e.g., configuration changes, network segmentation, event logging, and connecting data sources.
General information
- The CyberBastion League (hereinafter referred to as LCB) is organized by the Cybersecurity Foundation (hereinafter referred to as the Organizer) with its registered office in Warsaw, at ul. Czyżewska 10.
- The tournaments will be held online or as stationary events. Tournament participants are responsible for providing their own equipment necessary to participate in the league, i.e., a computer with Internet access.
- Information about the season (number of tournaments, duration, and prizes) in which the league is held is provided by the Organizer on the website https://cyberbastion.org.
Team Registration
4. Teams that register for the LCB via the website https://www.cyberbastion.org may participate in the game. During registration, the team captain provides contact details and information about the team, including, among others, their email address and the email addresses of team members through whom contact with the team will be maintained. The team captain is the official representative of the team in the competition.
5. You cannot be a member of more than one team at the same time.
6. By completing the registration form available at https://cyberbastion.org and by participating in the tournaments, the captain confirms that all registered team members accept these Rules and Regulations.
7. Teams must have a minimum of 2 people. The Organizer does not specify the maximum number of people in a team, subject to point 7.1.
7.1. There may be special tournaments in which the maximum number of people in a team will be specified. The limit of active players in a team will be determined by the Organizer. Such tournaments will be clearly indicated by the Organizer.
8. You can join the League at any time during the season. Upon joining, each new team will have zero points.
9. In each tournament, the team does not have to be complete to score points for the overall classification; at least one team representative must be present.
10. Employees and members of the Cybersecurity Foundation and their families are not eligible to participate in the LCB.
Tournament organization rules
11. During the tournament, teams will play a number of CyberBastion game scenarios specified prior to the tournament, in accordance with the rules of the game, which are available at: http://www.cyberbastion.org
12. LCB tournaments will be organized on dates specified by the Organizer. Tournaments can take place in two formats: tabletop version – the game takes place “in real life,” at tables in hybrid mode using the application, or online version – using the application. Information about the dates and possible tournament formats, as well as all other information regarding the LCB, will be published on the LCB website: http://cyberbastion.org
13. During the LCB season, additional tournaments may be organized (e.g., in conjunction with other events). These tournaments may be included in the overall LCB classification, in which case the Organizer will inform the team captains before such a tournament.
14. Each additional tournament may have special rules, which will be communicated to participants before the tournament.
15. Team captains will be informed about all tournaments by email or via a message on the Discord server used to conduct online games.
16. In the case of an online tournament, each team participating in the LCB shall provide its own equipment and Internet connection necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g., connection failure, computer malfunction) and may prevent participation in the tournament.
17. The organizer reserves the right to make changes to the format of the tournaments, but will inform the team captains of this fact each time.
Rules LCB scoring
18. Teams participating in a single tournament earn a certain number of points according to the rules of CyberBastion. These points determine the places taken in a single tournament. The team that scores the most points wins the tournament.
19. After a single tournament has been decided, each team earns ranking points for their place in the tournament. These points count towards the overall score as follows:
| Place | Points | Place | Points | Place | Points | Place | Points |
| 1 | 100 | 16 | 41 | 31 | 26 | 46 | 11 |
| 2 | 85 | 17 | 40 | 32 | 25 | 47 | 10 |
| 3 | 75 | 18 | 39 | 33 | 24 | 48 | 9 |
| 4 | 60 | 19 | 38 | 34 | 23 | 49 | 8 |
| 5 | 58 | 20 | 37 | 35 | 22 | 50 | 7 |
| 6 | 56 | 21 | 36 | 36 | 21 | 51-55 | 6 |
| 7 | 54 | 22 | 35 | 37 | 20 | 56-60 | 5 |
| 8 | 52 | 23 | 34 | 38 | 19 | 61-67 | 4 |
| 9 | 50 | 24 | 33 | 39 | 18 | 68-75 | 3 |
| 10 | 48 | 25 | 32 | 40 | 17 | 76-85 | 2 |
| 11 | 46 | 26 | 31 | 41 | 16 | 86-100 | 1 |
| 12 | 45 | 27 | 30 | 42 | 15 | ||
| 13 | 44 | 28 | 29 | 43 | 14 | ||
| 14 | 43 | 29 | 28 | 44 | 13 | ||
| 15 | 42 | 30 | 27 | 45 | 12 |
20. The overall classification, on the basis of which teams qualifying for the cup competitions are selected, takes into account the results of the 8 best matches out of all matches played during the season (5 matches of the regular season and 5 matches played during the final tournament). If a team has participated in fewer than or equal to 8 matches, the results of all matches played so far are included in the overall classification.
21. The winner of the League will be determined by the results of the cup competition during the CyberBastion League final. The top four teams in the overall classification will compete in the semi-finals (the team in 1st place against the team in 4th place, and the team in 2nd place against the team in 3rd place). The winners of the semifinals will play in the final for 1st place, while the losers will compete for 3rd place. Teams that do not qualify for the semifinals will end the season in places corresponding to their results in the overall classification.
Awards
22. The Organizer will award prizes to teams that finish in the top positions throughout the LCB season.
23. Individual LCB tournaments may also offer additional prizes from both the Organizer and any tournament sponsors. The Organizer will announce such prizes each time a tournament is organized.
Final provisions
24. The announced results of both the tournament and the entire League are final and cannot be appealed.
25. The organizer reserves the right to settle all disputes that may arise during the competition, as well as those related to these rules and regulations.
26. The organizer reserves the right to make changes to the rules and regulations, in which case they will inform the team captains.
27. By participating in the League, participants consent to the processing of their personal data (including the use of photos and videos from the game).
Information clause
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC , by participating in the League, participants consent to the processing of their personal data (including the use of photos and videos from the game). The data controller is the Cybersecurity Foundation, based in Warsaw, at ul. Czyżewska 10. The data (first name, last name, email address) is used to send information about the game and to make the game available. It is possible to withdraw consent by sending an email to: [email protected]. Personal data may be transferred to other entities in connection with the provision of IT services (servers, email). This data is not automatically profiled and is not transferred outside the European Economic Area. In the event of objections to the processing of personal data, a complaint may be lodged with the President of the Personal Data Protection Office.