Cyber Fortress League

The Cyber Fortress League is a competition between the best cyber security teams throughout the competition season. The teams are tasked with building a security system for the ICT environment and responding to randomly selected or predetermined attacks.

Throughout the League, participants play out a series of scenarios, defending organizations from various sectors. The scenarios are selected and created based on real and actual security incidents.
The Foundation has prepared prizes for the contestants. There is a lot to fight for – total budget for the awards is PLN 30 000.

Season III

The first match

Second match

Third match

Fourth match

Fifth match

Sixth match


You are a team responsible for ensuring the cybersecurity of critical infrastructure and key services in your country. The goal of the game is to build an effective cybersecurity system that will be able to protect the entities represented by the team against various threats from cyberspace.

At the beginning of the game, the organization has a budget in the amount specified before the game. Simulated cyberattacks and incidents based on real events will take place throughout the game. Some scenarios may involve increasing the budget during the game.

Protections are divided into 8 categories (Organization, Physical Infrastructure, Entire Network, Network Edge, Internal Network, Endpoints, Apps and Data).

  • There is a ninth category of Protections – Data Sources – it must be unlocked by selecting the appropriate tab from the other categories.

The game scenarios include the occurrence of the so-called injections – events of various nature, e.g. attack, part of an advanced attack, incident, information. Before the game, players will be given hints about the planned scenario, but the advantage will be gained by those teams that are better prepared by gaining the most missing information.


  • Your cybersecurity system is developed throughout the game, and the protections you choose are effective for all injections in the scenario. Safeguards are scored differently based on effectiveness in terms of prevention (identification and protection) and response (response, detection and recovery).
Before the start of the league, there will be a short training session on game navigation. The game begins with the game administrator on the date set and announced before the tournament. The list of cards symbolizing security will be made available on the screen by the team captain or designee, who will mark the choices made by the team on behalf of the team members. The screen will show the time remaining until the end of the phase, the current state of the budget and the results after the completed phases. Each team participating in the CFL provides its own equipment and internet connection for each tournament, which is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. connection breakage, computer failure) and as a result may prevent participation in the tournament or its round and the score not being taken into account during the game.
CPE points are awarded for participation in the Cyber Fortress League.

The flow of the game

The goal of the game:

The task of the players is to build a cybersecurity system that will be effective against the appearing Injects of the Attack type.

The PIN code – code to participate in the game.

Lobby – the space where players wait for the game to start.

Briefing – a tab describing the context of a given game. The information may include the organization defended by the players (e.g. sector, infrastructure) and a description of the game scenario.

HP (Hit Points, Health Points) – a metric used to present the impact of Injects on the infrastructure of the defended organization and the effectiveness of decisions made by players. The impact of each Event can be minimized by the selection of appropriate safeguards. The value of HP after the occurrence of Injects decreases the slower the more effective protections are implemented.

Budget – Players receive a virtual budget within which they implement security in accordance with their strategy.

Scenario – the course and schedule of the game consisting of predefined Injects.

Inject – any event in the game that can be of different nature.
Events will occur in the game according to the prepared game scenario. The moment of occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks) is considered a compromise of the system and at the same time the end of the Prevention phase.

• Attack – Negative event affecting players’ infrastructure. It can be a generic event (e.g. malware delivered in e-mail correspondence) or a particular technique used by the attacker as part of the attack chain (sequence of techniques), e.g. the use of Powershell scripts and commands, modification of domain policies). One scenario can include several Attack Injects or multiple Attack Chains consisting of multiple Injects.
• Control – An event that can have a positive or negative impact on players’ HP or budget.
• Information – A neutral or positive event providing information affecting the course of the game, e.g. information about the activity of cybercriminal groups, information about granting an additional budget.
• Bonus – A positive event resulting from a successfully completed task by the players.

Prevention – the phase of the game that takes place before the occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks). In this phase, the most effective are the safeguards that allow Identification of threats and Protection against them.

Note: For a scenario involving multiple Attack Injects (generic or chain attack), the Event will display the end of the Attack and the next Prevention phase will start until another Attack Inject occurs.

Reaction – The phase of the game that takes place after an Attack type Inject (generic or the first technique in the attack chain). In this phase, the most effective protections are Detection and Response to threats as well as Recovery of business capabilities after an incident. The reaction phase lasts until the information about the end of the attack appears.

Safeguards – Represented in the game by cards containing a number, name, price and icon. The security description is available on the website.

Segregation of safeguards is based on the defense-in-depth model
• Organization
• Physical infrastructure
• Entire network
• Edge of the network
• Internal network
• Terminal devices
• Apps
• Data
• Data sources

Safeguards effectiveness is assessed using criteria based on the functions of the NIST Cybersecurity Framework:
• Identification – Understanding the business context, resources supporting critical functions, and related cybersecurity risks enables the organization to focus and prioritize its activities in line with its risk management strategy and business needs.
Examples of safeguards within this function include: Asset management; Security Organization; Order; Risk assessment;
• Protect – development and implementation of appropriate safeguards to ensure the implementation of the most important infrastructural services and support the possibility of limiting the impact of a potential cybersecurity event.
Examples include: Access Control, Security Awareness, Data Security; Security Processes and Procedures; Maintenance and Security Technologies
• Detection – development and implementation of appropriate activities and tools to detect a cybersecurity incident.
Examples within this Feature include: Anomalies and Events; Continuous Security Monitoring and Detection Processes.
• Response – development and implementation of appropriate actions to take action related to detected cybersecurity incidents.
Examples include: Response Planning; communication; Event Propagation Prevention, Analysis.
• Recovery – development and implementation of appropriate actions to maintain resilience plans and restore capabilities or services affected by a cyber incident. The Restore feature supports restoring normal operations to reduce the impact of a cybersecurity incident.
Examples within this Function include: Business Continuity Planning, Recovery Planning, Backup, System Redundancy, Enhancement and Communication.

Safeguards effectiveness – the effectiveness is estimated for individual Injects. Some protections are effective only in the Prevention phase, and some in the Reaction phase. When the scenario assumes that the chain of attack consists of several Injects, the same protections can be considered multiple times with different levels of effectiveness depending on the Inject.

Safeguards implementation – safeguards implementation is approved by clicking the Buy button. Only then are they included in the cybersecurity system. WARNING! It should be remembered that some of the protections that are effective in the Reaction phase should be implemented in the Prevention phase. The idea of the game assumes that after starting the first Inject of the Attack type, it is no longer possible to implement safeguards measures that require a long time to implement, e.g. technological (such as SIEM, IDS/IPS) and process security (e.g. Incident Response Process). However, some security related to external services or activities that can be performed in a short time can be implemented in the Reaction phase, e.g. changes in configuration, network separation, event logging, connection of data sources.

General information

1. The organizer of the Cyber Fortress League (hereinafter CFL) is the Cybersecurity Foundation with its registered office in Warsaw, at Adam Branicki 13 street.

2. Tournaments will be held online or in the form of a regular, stationary event. Participants of online tournaments provide themselves with the equipment necessary to participate in the league, i.e. a computer with access to the Internet.

3. Information about the season (number of tournaments, duration and prizes) in which the league takes place is provided by the organizer at

Team registration

4. Teams that register for CFL via the website can participate in the game, during registration the team provides an e-mail address of their captain, through whom contact with the team will be maintained and he will be official representative of the team in the competition.

5. You cannot be a member of several teams at the same time.

6. By registering and participating in tournaments, the captain confirms that all registered team members accept these statue.

7. Teams can consist of 2 to 5 people.

7.1 There may be special tournaments where teams with a different number of players may participate. This type of tournament will be clearly indicated by the organizer.

8. You can join the League at any time during the season. At the time of joining, each new team has zero points in its account.

9. In each of the tournaments, the composition of the team does not have to be full, in order to include points in the general classification, the presence of at least one representative of the team is necessary.

10. Employees and members of the Cybersecurity Foundation and their families cannot participate in the CFL.

11. Teams participating in CFL games may not be named in an obscene manner or like legal entities or organizations, or their name may not clearly refer to such an entity or organization.

Tournament organization rules

12. During the tournament, the teams will play the number of Cyber Fortress game rounds specified before the tournament, according to the rules of the game, which are available at:

13. CFL tournaments will be organized on dates specified by the organizer. Tournaments can take place in two formulas: table version – the game takes place “in real life”, at tables or online version – using a prepared application. Information about the dates and possible formulas of the tournaments and any other information regarding the CFL will be published on the CFL website:

14. During the CFL season, additional tournaments may be organized (e.g. on the occasion of other events). These tournaments will also count towards the overall CFL standings.

15. Each side tournament may have special rules which will be communicated to participants prior to such tournament

16. Team captains will be informed about all tournaments by e-mail.

17. In the case of an online version of the tournament, each of the teams taking part in the CFL provides its own equipment and internet connection, which is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. connection failure, computer failure) and as a result may prevent participation in the tournament or its round.

CFL Scoring Rules

18. Teams participating in a single tournament earn a certain number of points in accordance with the rules of the Cyber Fortress game. These points determine the places taken in a single tournament. The team with the most points wins the tournament.

19. After the settlement of a single tournament, each team receives ranking points for taking a specific place in the tournament, these points count towards the overall score in the following dimension.

place  points place  points  place  points 
1  100  11  24  21  10 
2  80  12  22  22  9 
3  60  13  20  23  8 
4  50  14  18  24  7 
5  45  15  16  25  6 
6  40  16  15  26  5 
7  36  17  14  27  4 
8  32  18  13  28  3 
9  29  19  12  29  2 
10  26  20  11  30  1 

20. The highest number of points obtained by the team in the general classification of the League at the end of its games decides about the victory in the League. In the case of an equal number of points, the order is decided by the result of the overtime tournament between the teams concerned. The tiebreak tournament ends after the first round to determine the winner.


21. The organizer provides prizes for teams that will take top places throughout the CFL season.

22. Individual CFL tournaments may also carry additional prizes from both the organizer and possible sponsor of the tournament. The organizer will inform about such situations each time when organizing tournaments.

Final Provisions

23. There is no appeal against the announced results of both the tournament and the entire League. It is final.

24. The organizer reserves the right to settle all disputes that may arise during the game, as well as those related to these regulations.

25. Participants of the League, by taking part in it, agree to the processing of their personal data (including the use of photos and videos from the game).

Information clause

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – participants of the League, taking participate in it, consent to the processing of their personal data (including the use of photos and videos from the game). The data administrator is the Cybersecurity Foundation, with its registered office in Warsaw, at Adama Branickiego 13 street. The data (name, surname, e-mail address) are used to send information about the game and to make the game available. It is possible to withdraw consent by sending information electronically to the following address: [email protected]. Personal data may be transferred to other entities in connection with the provision of IT services (servers, e-mail). These data are not automatically profiled and are not transferred outside the European Economic Area. In the event of objections to the processing of personal data, a complaint may be lodged with the President of the Office for Personal Data Protection.

MiejsceDrużynaPunkty 1 turniejPunkty 2 turniejPunkty 3 turniejPunkty 4 turniejPunkty 5 turniejPunkty 6 turniejPunkty 7 turniejPunkty finał
7Yellow Team202746526583108205
8TEpe rnAM202746467272107194
14E Corp20284553535387176
21mBank A1723333653535353
24Szara Eminencja1919193030303030
25Klonowe Listki1313252525252525

MiejsceDrużynaRanking 1 turniejRanking 2 turniejRanking 3 turniejRanking 4 turniejRanking 5 turniejTurniej finałowy
3Komando Wilków Alfa1535567994121
6Grupa Specjalna1131466987112
7Blu Tim1534507589110
13TEpe rnAM143446637597
14Niebiańskie Sygnatury132641587295
15Spifftacular Mob113043627395
17Wystaw Ticketa133349667793
20Mad Maw123244647489
21Szara Strefa153446637187
27Twierdza Inosa102235525270
31The Shield1221313851
36Cyber Warriors143241414141
42Szwadron Komandosów Alfa5192929
44to my1017282828
47Large Picnic Attackers122626262626
48Gh0$t Bu$ter$132525252525
53Sixth Sense92222222222
55E Corp1717171717

MiejsceDrużynaRanking po turnieju 1Ranking po turnieju 2Ranking po turnieju 3Ranking po turnieju 4Ranking po turnieju 5Ranking po turnieju 6
2Grupa specjalna50110124169269293
2SOC z Gumijagód4090170182193293
5SOK 100%293580106186236
11WestStation TEAM014507993173
12Komando Wilków Alfa888103121143156
16Rycerze Światłowodów2244647298112
18Star Worms00153580
21Spifftacular Mob01238384355
27;DROP TABLE "Users"112630303030
27Epic Failers2830
31Blu Tim02929292929
39Cyber Waffle7715151515
40E Corp101010101010
41Drużyna Z449999
41zazolc gesla jazn999999
45Team 27003
48Szara Strefa000222
55Szwadron Komandosów Alfa000000
57Twierdza Inosa000000

Honorary patronage
ISSA Polska