Cyber Fortress League

The Cyber Fortress League is a competition between the best cyber security teams throughout the competition season. Teams are ordered to build a security system for the ICT environment and respond to randomly selected or predetermined attacks.

Throughout the League, participants play out a series of scenarios, defending organizations from various sectors. The scenarios are selected and created based on real and actual security incidents.
The Foundation has prepared prizes for the contestants. There is a lot to fight for – total budget for the awards is PLN 20 000, of which the winning team wins PLN 12 000.

Season II

Season II start

The first match

Second match

Third match

Fourth match

Season finale


You are the team responsible for ensuring cybersecurity in your organization. The goal of the game is to build an effective cybersecurity system that will be able to protect the organization represented by the team from various cyberspace threats. The game will involve simulated cyber attacks related to the following threat categories: malware, hacking, social engineering, denial of service (DDOS), abuse, bug, environmental factors. A detailed description in Appendix 1 – Threat categories

During the game you make decisions on purchasing and implementing security features from 3 categories: organizational (represented in the game by the blue color of the card), process (represented in the game by the orange color of the card) and technological (represented in the game by the green color of the card). The safeguards are presented through cards containing a number, name, price and description. Each of the protections has coded information about the score, which indicates the level of effectiveness of this protection in preventing and responding to a given threat. A detailed description of the security features can be found in Appendix 2 – Security Features

The game is played in one or more rounds, each of which has two phases: prevention and reaction. With each round there is a new budget cycle, during which teams receive specific funds (budget) for each phase of the game. The number of rounds, their duration and the budget for each phase of the game will be announced before each tournament.

At the start of the first round of the game, the organization has a budget in the amount determined before the game. This budget is for the prevention phase, later while reaction phase starts an additional budget is allocated. In the following rounds, new budget is assigned for both phases. Money not spent in the prevention phase, enters the reaction phase budget.

Phase 1 – Prevention

In this phase, you build a cybersecurity system, not knowing what threat may occur. After choosing and purchasing security features, a random cyberattack will be carried out on the system you have built. Based on the choices made and their effectivity towards the threat, points are summed up. After this phase, final result indicate how effectively the team managed to prevent the attack.

Phase 2 – Reaction

In the next phase, the selected scenario will occur. You get an additional budget for the purchase and application of activities. After their purchase, the score is counted and summarized, which indicates the effectiveness of the response to the attack’s consequences.

After playing the 1st round, you get an additional budget in the amount set before the tournament for the purchase of additional security. Similarly to phase 1, you are expanding your cybersecurity system without knowing what new cyberattack will occur. The scenario is drawn and the score for prevention is calculated. Then you get an additional budget to implement the response measures. Reactionary actions should be most suited to the nature of the cyberattack that you know when making decisions on the implementation of subsequent security measures.

After all rounds have been played, the score is summed up. The team with the highest score wins.


  • In each round, any unused budget after the prevention phase is included in the reaction phase budget.
  • The budget not used at the end of the previous round is not included in the budget for the next round.
  • Your cybersecurity system grows throughout the game, and the security you choose is effective in all rounds and phases.
  • Security measures are scored differently due to the cyberattack that occurred and the phase of the incident (prevention and response).
  • There are groups of safeguards in each of the categories (organizational, procedural and technological) that, when selected together, give synergy effect and are additionally scored.
  • The description of the security features is included in Appendix 2.
  • Tournaments can take place in two formulas: table version – the game takes place “in real life” or online version – using the prepared application.

Online version

There will be short training sessions in game navigation before the tournament starts. After that, the team captains will receive a link to the game session. The game is started by the game administrator on the date agreed and announced before the tournament. The list of security cards will be posted on the screen by the team captain or named person who will mark your choices on behalf of the team members. The screen will show the time left to the end of the phase, the current budget status and the results after completed phases. Each team taking part in the CFL, on its own, for each tournament, provides itself the equipment and internet connection necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. broken link, computer failure) and as a result may prevent participation in the tournament or its round and failure to take into account the scores during the game.

Table version

In the table version of the tournament (e.g. accompanying an event), tables will be prepared for each of the teams entered. Security cards will be delivered to the teams before the game starts. Each card has a name and a security price. The team, on its own, for each tournament, provides itself the equipment and internet connection that is necessary to conduct the game, because the team captains will receive a link to the game session, where after logging in, the entire course of the game is the same as in the online version.

Threat categories


Malware is a broad term that includes pieces of code and programs that harm systems. Its purpose is to secretly gain access to the device without the user’s knowledge. The types of malwares include spyware, adware, phishing, viruses, Trojans, rootkits, ransomware threats. Their operation may result in taking over control of the system, causing denial of service or lead to a breach of data security (theft, leakage, deletion)


Any activities aimed at gaining access or damaging IT assets without authorization by using various vectors and techniques to bypass or break security, i.e. third party workstations, backdoors, malicious code injection, password cracking.

Social engineering

An attack with the use of social engineering techniques, i.e. deception, manipulation, intimidation, impersonation.

Advanced Persistent Threat

APT attacks are complex, long-lasting and multi-stage actions directed against specific individuals, organizations or companies. They are also called targeted attacks. They pose a threat that uses very sophisticated methods and advanced technologies to carry out network attacks on specific targets in order to steal confidential information.

Distributed Denial of Service (DDoS)

One of the most severe threats, in particular, the use of the DDos (Distributed Denial of Services) method consisting in an attack on a computer system or network service in order to prevent operation by encrypting or seizing all free resources (e.g. memory, disk space, link bandwidth). Conducted simultaneously from many places, most often using a network of hijacked computers, the so-called Botnet.


The use of entrusted resources and powers to conduct unethical, often illegal behavior for personal gain. These actions can be intentional or accidental.


A category that includes everything that is incorrect or neglected, e.g. incorrect configuration, software errors, incorrectly implemented process.

Environmental factors

A category that includes not only natural events such as flood or earthquake, but also disruptions and interruptions in energy supply, flooding, dust, moisture, pests and rodents

Budget – a virtual amount of money awarded to the team before the beginning of each phase of the game, as part of the budget, security purchases are made. Unused budget in the preventive phase goes to use in the reaction phase. The unused budget is lost in the reaction phase.

Cyberattack – a materialized threat that has hit the organization represented by the team. It is randomized before the reaction phase.

Cyber Fortress – a strategy game whose goal is to build a cybersecurity system in an organization. The game consists of at least one round. Each round has two phases – the prevention phase and the reaction phase.

Team – a group (from 2 to 5) of individuals, known to the organizers by name and surname, who have decided to join the Cyber Fortress League as a single team. The team is represented in contact with the organizers by its captain (in special cases it may be another team member).

Phase – The part of the game that makes up the game rounds. There are two phases. Prevention phase, during which the team builds its cybersecurity system within the budget, purchasing security measures and preparing for possible threats. The reaction phase during which the team develops its cybersecurity system in response to an already known cyber attack.

Cards – symbols and names of security features present in the game, each of which has its own meaning, monetary value and a certain number of defense points depending on the type of cyberattack that the organization represented by the team has suffered. There are organizational, process and technological cards.

Cyber Fortress Tournament – a game consisting of at least one round of the Cyber Fortress game, in which the winner is the team with the highest score for the cybersecurity system they have built.

Points – are assigned to each security card, their number is different for each security depending on the type of cyber attack that has occurred.

Ranking Points – Points earned by teams in each tournament.

Round – Part of the game consisting of two phases (prevention phase and reaction phase).

Cybersecurity system – a set of security measures purchased by the team during the game.

Cyber Fortress Tournament – a game consisting of at least one round of the Cyber Stronghold game, in which the winner is the team with the most points for the cybersecurity system they have built.

Threat – possible attack, e.g. DDoS, Malware.

General information

The organizer of the Cyber Fortress League (hereinafter CFL) is the Cybersecurity Foundation with its seat in Warsaw, at Adam Branicki 13 Street.

Tournaments will be held online or as a regular, stationary event.

Online tournament participants provide themselves with the equipment necessary to participate in the league, ie a computer with Internet access. Information about the season (number of tournaments, duration and prizes) in which the league is played is provided by the organizer on the website

Team registration

Teams that register for the CFL via the website can participate in the game, during registration the team gives the email of its captain, through whom contact with the team will be maintained and he will be the official representative of the team in the competition.
Teams can count from 2 to 5 people.
You can join the League at any time during the season. Upon joining, each new team has zero points on their account.
In each of the tournaments, the composition of the team does not have to be full, in order to count points to the overall classification, the presence of at least one representative of the team is required.
Employees and members of the Cybersecurity Foundation and their families cannot participate in CFL.
Rules for the organization of tournaments

During the tournament, the teams will play the number of rounds of the Cyber ​​Fortress specified before the tournament, according to the rules of the game, which are available at:
CFL tournaments will be organized on dates specified by the organizer.

Tournaments can take place in two formulas: table version – the game takes place “in real life” or online version – using the prepared application. Information on the dates and possible tournament formulas as well as any other information regarding CFL will be published on the CFL website:
During the CFL season, it is possible to organize additional tournaments (e.g. on the occasion of other events). These tournaments will also count towards the overall CFL standings.
Each side event may have special rules that will be notified to participants prior to the event.
Team captains will be informed about all tournaments by e-mail, at least one week in advance.
If the tournament is played online, each of the teams participating in the CFL provides itself with the equipment and internet connection that is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. broken link, computer failure) and as a result may prevent participation in the tournament or its round.
Principles of CFL Scoring

Teams participating in a single tournament earn a certain number of points according to the rules of the Cyber Fortress game. These points determine the places taken in a single tournament. The tournament is won by the team with the most points.
After a single tournament is resolved, each team earns ranking points that count towards the overall score. For every 100 points scored in a single tournament, a team receives 1 ranking point for the CFL overall score.
Additionally, the teams that finished on the podium receive a bonus to the overall score in the following number of points:
1st place in the tournament – 3 ranking points.
2nd place in the tournament – 2 ranking points.
3rd place in the tournament – 1 ranking point.
The victory in the League is determined by the highest number of points obtained by a team in the overall league classification at the end of the competition. In the event of a tied number of points, the number of bonus points earned (awarded for the first three places in all tournaments) decides the order. In the event of an equal number of ranking points and bonus points, the final order is determined by the result of the extra-time tournament between the teams concerned. The extra-time tournament ends after the first winning round.

The organizer provides prizes for the teams that take the leading places throughout the CFL season.
Individual CFL tournaments may also bring additional prizes from both the organizer and the possible sponsor of the tournament. The organizer will inform about such situations each time when organizing tournaments.
Final Provisions

There is no appeal against the announced results, both the tournament and the entire League. They are final.
The organizer reserves the right to settle all disputes that may arise during the game, as well as related to these regulations.
Information clause

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC – League participants, taking participation in it, consent to the processing of their personal data (including the use of photos and videos from the game). The data administrator is the Safe Cyber ​​space Foundation, with its registered office in Warsaw, at ul. Adama Branickiego 13. The data (name, surname, e-mail address) are used to send information about the game and to share the game. It is possible to withdraw consent by sending information by e-mail to the following address: [email protected] Personal data may be transferred to other entities in connection with the provision of an IT service (servers, e-mail). These data are not automatically profiled and are not transferred outside the European Economic Area. In the event of any objections to the processing of personal data, a complaint may be made to the President of the Personal Data Protection Office.

We are starting soon!