Cyber Fortress League

The Cyber Fortress League is a competition between the best cyber security teams throughout the competition season. The teams are tasked with building a security system for the ICT environment and responding to randomly selected or predetermined attacks.

Scenarios
Throughout the League, participants play out a series of scenarios, defending organizations from various sectors. The scenarios are selected and created based on real and actual security incidents.
Prizes
The Foundation has prepared prizes for the contestants. There is a lot to fight for – total budget for the awards is PLN 30 000.

Season III

The first match

Second match

Third match

Fourth match

Fifth match

Sixth match

Details

You are a team responsible for ensuring the cybersecurity of critical infrastructure and key services in your country. The goal of the game is to build an effective cybersecurity system that will be able to protect the entities represented by the team against various threats from cyberspace.

At the beginning of the game, the organization has a budget in the amount specified before the game. Simulated cyberattacks and incidents based on real events will take place throughout the game. Some scenarios may involve increasing the budget during the game.

Protections are divided into 8 categories (Organization, Physical Infrastructure, Entire Network, Network Edge, Internal Network, Endpoints, Apps and Data).

  • There is a ninth category of Protections – Data Sources – it must be unlocked by selecting the appropriate tab from the other categories.

The game scenarios include the occurrence of the so-called injections – events of various nature, e.g. attack, part of an advanced attack, incident, information. Before the game, players will be given hints about the planned scenario, but the advantage will be gained by those teams that are better prepared by gaining the most missing information.

REMARKS:

  • Your cybersecurity system is developed throughout the game, and the protections you choose are effective for all injections in the scenario. Safeguards are scored differently based on effectiveness in terms of prevention (identification and protection) and response (response, detection and recovery).
Online
Before the start of the league, there will be a short training session on game navigation. The game begins with the game administrator on the date set and announced before the tournament. The list of cards symbolizing security will be made available on the screen by the team captain or designee, who will mark the choices made by the team on behalf of the team members. The screen will show the time remaining until the end of the phase, the current state of the budget and the results after the completed phases. Each team participating in the CFL provides its own equipment and internet connection for each tournament, which is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. connection breakage, computer failure) and as a result may prevent participation in the tournament or its round and the score not being taken into account during the game.
CPE points are awarded for participation in the Cyber Fortress League.

The flow of the game

The goal of the game:

The task of the players is to build a cybersecurity system that will be effective against the appearing Injects of the Attack type.

The PIN code – code to participate in the game.

Lobby – the space where players wait for the game to start.

Briefing – a tab describing the context of a given game. The information may include the organization defended by the players (e.g. sector, infrastructure) and a description of the game scenario.

HP (Hit Points, Health Points) – a metric used to present the impact of Injects on the infrastructure of the defended organization and the effectiveness of decisions made by players. The impact of each Event can be minimized by the selection of appropriate safeguards. The value of HP after the occurrence of Injects decreases the slower the more effective protections are implemented.

Budget – Players receive a virtual budget within which they implement security in accordance with their strategy.

Scenario – the course and schedule of the game consisting of predefined Injects.

Inject – any event in the game that can be of different nature.
Events will occur in the game according to the prepared game scenario. The moment of occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks) is considered a compromise of the system and at the same time the end of the Prevention phase.

• Attack – Negative event affecting players’ infrastructure. It can be a generic event (e.g. malware delivered in e-mail correspondence) or a particular technique used by the attacker as part of the attack chain (sequence of techniques), e.g. the use of Powershell scripts and commands, modification of domain policies). One scenario can include several Attack Injects or multiple Attack Chains consisting of multiple Injects.
• Control – An event that can have a positive or negative impact on players’ HP or budget.
• Information – A neutral or positive event providing information affecting the course of the game, e.g. information about the activity of cybercriminal groups, information about granting an additional budget.
• Bonus – A positive event resulting from a successfully completed task by the players.

Prevention – the phase of the game that takes place before the occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks). In this phase, the most effective are the safeguards that allow Identification of threats and Protection against them.

Note: For a scenario involving multiple Attack Injects (generic or chain attack), the Event will display the end of the Attack and the next Prevention phase will start until another Attack Inject occurs.

Reaction – The phase of the game that takes place after an Attack type Inject (generic or the first technique in the attack chain). In this phase, the most effective protections are Detection and Response to threats as well as Recovery of business capabilities after an incident. The reaction phase lasts until the information about the end of the attack appears.

Safeguards – Represented in the game by cards containing a number, name, price and icon. The security description is available on the website.

Segregation of safeguards is based on the defense-in-depth model
• Organization
• Physical infrastructure
• Entire network
• Edge of the network
• Internal network
• Terminal devices
• Apps
• Data
• Data sources

Safeguards effectiveness is assessed using criteria based on the functions of the NIST Cybersecurity Framework:
• Identification – Understanding the business context, resources supporting critical functions, and related cybersecurity risks enables the organization to focus and prioritize its activities in line with its risk management strategy and business needs.
Examples of safeguards within this function include: Asset management; Security Organization; Order; Risk assessment;
• Protect – development and implementation of appropriate safeguards to ensure the implementation of the most important infrastructural services and support the possibility of limiting the impact of a potential cybersecurity event.
Examples include: Access Control, Security Awareness, Data Security; Security Processes and Procedures; Maintenance and Security Technologies
• Detection – development and implementation of appropriate activities and tools to detect a cybersecurity incident.
Examples within this Feature include: Anomalies and Events; Continuous Security Monitoring and Detection Processes.
• Response – development and implementation of appropriate actions to take action related to detected cybersecurity incidents.
Examples include: Response Planning; communication; Event Propagation Prevention, Analysis.
• Recovery – development and implementation of appropriate actions to maintain resilience plans and restore capabilities or services affected by a cyber incident. The Restore feature supports restoring normal operations to reduce the impact of a cybersecurity incident.
Examples within this Function include: Business Continuity Planning, Recovery Planning, Backup, System Redundancy, Enhancement and Communication.

Safeguards effectiveness – the effectiveness is estimated for individual Injects. Some protections are effective only in the Prevention phase, and some in the Reaction phase. When the scenario assumes that the chain of attack consists of several Injects, the same protections can be considered multiple times with different levels of effectiveness depending on the Inject.

Safeguards implementation – safeguards implementation is approved by clicking the Buy button. Only then are they included in the cybersecurity system. WARNING! It should be remembered that some of the protections that are effective in the Reaction phase should be implemented in the Prevention phase. The idea of the game assumes that after starting the first Inject of the Attack type, it is no longer possible to implement safeguards measures that require a long time to implement, e.g. technological (such as SIEM, IDS/IPS) and process security (e.g. Incident Response Process). However, some security related to external services or activities that can be performed in a short time can be implemented in the Reaction phase, e.g. changes in configuration, network separation, event logging, connection of data sources.

General information

1. The organizer of the Cyber Fortress League (hereinafter CFL) is the Cybersecurity Foundation with its registered office in Warsaw, at Adam Branicki 13 street.

2. Tournaments will be held online or in the form of a regular, stationary event. Participants of online tournaments provide themselves with the equipment necessary to participate in the league, i.e. a computer with access to the Internet.

3. Information about the season (number of tournaments, duration and prizes) in which the league takes place is provided by the organizer at https://cybertwierdza.cybsecurity.org.

Team registration

4. Teams that register for CFL via the website https://www.cybsecurity.org/cyber-twierdza/ can participate in the game, during registration the team provides an e-mail address of their captain, through whom contact with the team will be maintained and he will be official representative of the team in the competition.

5. You cannot be a member of several teams at the same time.

6. By registering and participating in tournaments, the captain confirms that all registered team members accept these statue.

7. Teams can consist of 2 to 5 people.

7.1 There may be special tournaments where teams with a different number of players may participate. This type of tournament will be clearly indicated by the organizer.

8. You can join the League at any time during the season. At the time of joining, each new team has zero points in its account.

9. In each of the tournaments, the composition of the team does not have to be full, in order to include points in the general classification, the presence of at least one representative of the team is necessary.

10. Employees and members of the Cybersecurity Foundation and their families cannot participate in the CFL.

11. Teams participating in CFL games may not be named in an obscene manner or like legal entities or organizations, or their name may not clearly refer to such an entity or organization.

Tournament organization rules

12. During the tournament, the teams will play the number of Cyber Fortress game rounds specified before the tournament, according to the rules of the game, which are available at: https://cybertwierdza.cybsecurity.org/en

13. CFL tournaments will be organized on dates specified by the organizer. Tournaments can take place in two formulas: table version – the game takes place “in real life”, at tables or online version – using a prepared application. Information about the dates and possible formulas of the tournaments and any other information regarding the CFL will be published on the CFL website: https://cybertwierdza.cybsecurity.org/en

14. During the CFL season, additional tournaments may be organized (e.g. on the occasion of other events). These tournaments will also count towards the overall CFL standings.

15. Each side tournament may have special rules which will be communicated to participants prior to such tournament

16. Team captains will be informed about all tournaments by e-mail.

17. In the case of an online version of the tournament, each of the teams taking part in the CFL provides its own equipment and internet connection, which is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. connection failure, computer failure) and as a result may prevent participation in the tournament or its round.

CFL Scoring Rules

18. Teams participating in a single tournament earn a certain number of points in accordance with the rules of the Cyber Fortress game. These points determine the places taken in a single tournament. The team with the most points wins the tournament.

19. After the settlement of a single tournament, each team receives ranking points for taking a specific place in the tournament, these points count towards the overall score in the following dimension.

place  points place  points  place  points 
1  100  11  24  21  10 
2  80  12  22  22  9 
3  60  13  20  23  8 
4  50  14  18  24  7 
5  45  15  16  25  6 
6  40  16  15  26  5 
7  36  17  14  27  4 
8  32  18  13  28  3 
9  29  19  12  29  2 
10  26  20  11  30  1 

20. The highest number of points obtained by the team in the general classification of the League at the end of its games decides about the victory in the League. In the case of an equal number of points, the order is decided by the result of the overtime tournament between the teams concerned. The tiebreak tournament ends after the first round to determine the winner.

Awards

21. The organizer provides prizes for teams that will take top places throughout the CFL season.

22. Individual CFL tournaments may also carry additional prizes from both the organizer and possible sponsor of the tournament. The organizer will inform about such situations each time when organizing tournaments.

Final Provisions

23. There is no appeal against the announced results of both the tournament and the entire League. It is final.

24. The organizer reserves the right to settle all disputes that may arise during the game, as well as those related to these regulations.

25. Participants of the League, by taking part in it, agree to the processing of their personal data (including the use of photos and videos from the game).

Information clause

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – participants of the League, taking participate in it, consent to the processing of their personal data (including the use of photos and videos from the game). The data administrator is the Cybersecurity Foundation, with its registered office in Warsaw, at Adama Branickiego 13 street. The data (name, surname, e-mail address) are used to send information about the game and to make the game available. It is possible to withdraw consent by sending information electronically to the following address: [email protected]. Personal data may be transferred to other entities in connection with the provision of IT services (servers, e-mail). These data are not automatically profiled and are not transferred outside the European Economic Area. In the event of objections to the processing of personal data, a complaint may be lodged with the President of the Office for Personal Data Protection.

MiejsceDrużynaPunkty 1 turniejPunkty 2 turniejPunkty 3 turniejPunkty 4 turniejPunkty 5 turniejPunkty 6 turniejPunkty 7 turniejPunkty finał
1Stronghold2736637196116151259
2ęśąćż17214955881105144255
3Cybertajniacy2132536578103145243
4GreyTeam223051607393124237
5CyberBand2438627181101133226
6TTnedi212853627396122217
7Yellow Team202746526583108205
8TEpe rnAM202746467272107194
9Oscar12194256698787189
10fWin001727436394189
11Ogury0000224987188
12Farmaceuci142041505977104187
13C640123540526696180
14E Corp20284553535387176
15PRYNCYPAŁKI172038445979104171
16AM1311293644585898
17RychuSQUAD000000092
18Cyberpchor000000082
19CyberZakon1924435164646464
20CyberLAB06283748636363
21mBank A1723333653535353
22CyberWarriors000000037
23SSSSPy00212836363636
24Szara Eminencja1919193030303030
25Klonowe Listki1313252525252525
26SecAlle1722222222222222
27JanuszPOL1212121212121212
28eSqdi099999

MiejsceDrużynaRanking 1 turniejRanking 2 turniejRanking 3 turniejRanking 4 turniejRanking 5 turniejTurniej finałowy
1ęśąćż18385482105129
2Ogóry13385884100128
3Komando Wilków Alfa1535567994121
4Cybertajniacy1542617692115
5Allsafe1637526991112
6Grupa Specjalna1131466987112
7Blu Tim1534507589110
8CyberEkspress2020376083110
9elkarze1437547388107
10OneHackMan1233497287106
11RycerzeŚwiatłowodów1228446177104
12BoomerSkaut153549647897
13TEpe rnAM143446637597
14Niebiańskie Sygnatury132641587295
15Spifftacular Mob113043627395
16szwop102844607693
17Wystaw Ticketa133349667793
18IRC143346607392
19AlphaSeal133343596789
20Mad Maw123244647489
21Szara Strefa153446637187
22Oscar112637536485
23ęśąćž132943597084
24Pingwiny1528405580
25Old-Timers112234486074
26Sztrom133244445671
27Twierdza Inosa102235525270
28AM1132943434359
29Popolupo112942555555
30CyberPatrioci102436525252
31The Shield1221313851
32Copernicus_Cyber123045454545
33Corporror102334454545
34CyberBand122743434343
35UMseK143243434343
36Cyber Warriors143241414141
37ReadMan102331383838
38CyberFuses1625363636
39GrzeMar92636363636
40Cybermiluś920343434
41RychuSquad102929292929
42Szwadron Komandosów Alfa5192929
43cybercider132828282828
44to my1017282828
45PRYNCYPAŁKI132727272727
46Cheaterzy122727272727
47Large Picnic Attackers122626262626
48Gh0$t Bu$ter$132525252525
49Net-Zet122525252525
50cybear111124242424
51GAC1423232323
52CyberMarines102323232323
53Sixth Sense92222222222
54C641818181818
55E Corp1717171717
56CyberŻołnierze1616161616
57A5tr1d1414141414
58AC_Pajace888888
59JcQTim888888
60Farmaceuci888
61RealEstateInvestors777777

MiejsceDrużynaRanking po turnieju 1Ranking po turnieju 2Ranking po turnieju 3Ranking po turnieju 4Ranking po turnieju 5Ranking po turnieju 6Ranking po finale
1SOC z Gumijagód4090170182193293653
2Grupa specjalna50110124169269293633
3WRC100200260360384416576
4Ogóry3676105141181241552
5WestStation TEAM014507993173432
6SP-WB80125134174192228426
7Allsafe183860120170174417
8Essa6070110160196212381
9SOK 100%293580106186236364
10Netrunners0326496141181363
11DzikiZSecurity1640140156216224352
12Komando Wilków Alfa888103121143156301
13Rycerze Światłowodów2244647298112226
14Star Worms00153580168
15BoomerSkaut03232153
16Pingwiny323535115130148148
17Cybertajniacy20467090119145145
18Spifftacular Mob01238384355127
19IRC143282106106126126
20E Corp101010101010112
21PITeam246078100100107107
22Old-Timers222221789
23Os313131414161683
24CyberTeachers15233646626577
25CyberBurgers132942506060
26OneHackMan5162633425151
27oSIEM11184747
28Cyberekspress45454545454545
29TeamXXX26333939393939
30;DROP TABLE "Users"11263030303030
30A-Team091218303030
30CyberFuses0721253030
30Epic Failers283030
34Blu Tim0292929292929
35IN@12142626262626
36BlueBirds9192525
37Wafle6222222222222
38HueCitadel581919
39Dyletanci_IT4171717
40Cyber Waffle771515151515
41Drużyna Z4499999
41zazolc gesla jazn9999999
43Wataha0555555
44Wiper444444
45szwop003333
45PBAWS3333333
45Team 270033
48Szara Strefa0002222
49Cyber@ndruty0001111
49AlphaPwners0111111
49PBL1111111
52B4B1L00N0000
53KamRATy000000
54SpecjaliściOdJutuba0000000
55Szwadron Komandosów Alfa0000000
56Titanic0000000
57Twierdza Inosa0000000
58ZX_Spectrum0000

Partners
ComCERT
Patronage
Honorary patronage
ISSA Polska