The Cyber Fortress League is a competition between the best cyber security teams throughout the competition season. The teams are tasked with building a security system for the ICT environment and responding to randomly selected or predetermined attacks.
Scenarios
Prizes
The first match
Second match
Third match
Fourth match
Fifth match
Sixth match
You are a team responsible for ensuring the cybersecurity of critical infrastructure and key services in your country. The goal of the game is to build an effective cybersecurity system that will be able to protect the entities represented by the team against various threats from cyberspace.
At the beginning of the game, the organization has a budget in the amount specified before the game. Simulated cyberattacks and incidents based on real events will take place throughout the game. Some scenarios may involve increasing the budget during the game.
Protections are divided into 8 categories (Organization, Physical Infrastructure, Entire Network, Network Edge, Internal Network, Endpoints, Apps and Data).
- There is a ninth category of Protections – Data Sources – it must be unlocked by selecting the appropriate tab from the other categories.
The game scenarios include the occurrence of the so-called injections – events of various nature, e.g. attack, part of an advanced attack, incident, information. Before the game, players will be given hints about the planned scenario, but the advantage will be gained by those teams that are better prepared by gaining the most missing information.
REMARKS:
- Your cybersecurity system is developed throughout the game, and the protections you choose are effective for all injections in the scenario. Safeguards are scored differently based on effectiveness in terms of prevention (identification and protection) and response (response, detection and recovery).
The flow of the game
The goal of the game:
The task of the players is to build a cybersecurity system that will be effective against the appearing Injects of the Attack type.
The PIN code – code to participate in the game.
Lobby – the space where players wait for the game to start.
Briefing – a tab describing the context of a given game. The information may include the organization defended by the players (e.g. sector, infrastructure) and a description of the game scenario.
HP (Hit Points, Health Points) – a metric used to present the impact of Injects on the infrastructure of the defended organization and the effectiveness of decisions made by players. The impact of each Event can be minimized by the selection of appropriate safeguards. The value of HP after the occurrence of Injects decreases the slower the more effective protections are implemented.
Budget – Players receive a virtual budget within which they implement security in accordance with their strategy.
Scenario – the course and schedule of the game consisting of predefined Injects.
Inject – any event in the game that can be of different nature.
Events will occur in the game according to the prepared game scenario. The moment of occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks) is considered a compromise of the system and at the same time the end of the Prevention phase.
• Attack – Negative event affecting players’ infrastructure. It can be a generic event (e.g. malware delivered in e-mail correspondence) or a particular technique used by the attacker as part of the attack chain (sequence of techniques), e.g. the use of Powershell scripts and commands, modification of domain policies). One scenario can include several Attack Injects or multiple Attack Chains consisting of multiple Injects.
• Control – An event that can have a positive or negative impact on players’ HP or budget.
• Information – A neutral or positive event providing information affecting the course of the game, e.g. information about the activity of cybercriminal groups, information about granting an additional budget.
• Bonus – A positive event resulting from a successfully completed task by the players.
Prevention – the phase of the game that takes place before the occurrence of the first Inject of the Attack type (generic or the first technique in the chain of attacks). In this phase, the most effective are the safeguards that allow Identification of threats and Protection against them.
Note: For a scenario involving multiple Attack Injects (generic or chain attack), the Event will display the end of the Attack and the next Prevention phase will start until another Attack Inject occurs.
Reaction – The phase of the game that takes place after an Attack type Inject (generic or the first technique in the attack chain). In this phase, the most effective protections are Detection and Response to threats as well as Recovery of business capabilities after an incident. The reaction phase lasts until the information about the end of the attack appears.
Safeguards – Represented in the game by cards containing a number, name, price and icon. The security description is available on the website.
Segregation of safeguards is based on the defense-in-depth model
• Organization
• Physical infrastructure
• Entire network
• Edge of the network
• Internal network
• Terminal devices
• Apps
• Data
• Data sources
Safeguards effectiveness is assessed using criteria based on the functions of the NIST Cybersecurity Framework:
• Identification – Understanding the business context, resources supporting critical functions, and related cybersecurity risks enables the organization to focus and prioritize its activities in line with its risk management strategy and business needs.
Examples of safeguards within this function include: Asset management; Security Organization; Order; Risk assessment;
• Protect – development and implementation of appropriate safeguards to ensure the implementation of the most important infrastructural services and support the possibility of limiting the impact of a potential cybersecurity event.
Examples include: Access Control, Security Awareness, Data Security; Security Processes and Procedures; Maintenance and Security Technologies
• Detection – development and implementation of appropriate activities and tools to detect a cybersecurity incident.
Examples within this Feature include: Anomalies and Events; Continuous Security Monitoring and Detection Processes.
• Response – development and implementation of appropriate actions to take action related to detected cybersecurity incidents.
Examples include: Response Planning; communication; Event Propagation Prevention, Analysis.
• Recovery – development and implementation of appropriate actions to maintain resilience plans and restore capabilities or services affected by a cyber incident. The Restore feature supports restoring normal operations to reduce the impact of a cybersecurity incident.
Examples within this Function include: Business Continuity Planning, Recovery Planning, Backup, System Redundancy, Enhancement and Communication.
Safeguards effectiveness – the effectiveness is estimated for individual Injects. Some protections are effective only in the Prevention phase, and some in the Reaction phase. When the scenario assumes that the chain of attack consists of several Injects, the same protections can be considered multiple times with different levels of effectiveness depending on the Inject.
Safeguards implementation – safeguards implementation is approved by clicking the Buy button. Only then are they included in the cybersecurity system. WARNING! It should be remembered that some of the protections that are effective in the Reaction phase should be implemented in the Prevention phase. The idea of the game assumes that after starting the first Inject of the Attack type, it is no longer possible to implement safeguards measures that require a long time to implement, e.g. technological (such as SIEM, IDS/IPS) and process security (e.g. Incident Response Process). However, some security related to external services or activities that can be performed in a short time can be implemented in the Reaction phase, e.g. changes in configuration, network separation, event logging, connection of data sources.
General information
1. The organizer of the Cyber Fortress League (hereinafter CFL) is the Cybersecurity Foundation with its registered office in Warsaw, at Adam Branicki 13 street.
2. Tournaments will be held online or in the form of a regular, stationary event. Participants of online tournaments provide themselves with the equipment necessary to participate in the league, i.e. a computer with access to the Internet.
3. Information about the season (number of tournaments, duration and prizes) in which the league takes place is provided by the organizer at https://cybertwierdza.cybsecurity.org.
Team registration
4. Teams that register for CFL via the website https://www.cybsecurity.org/cyber-twierdza/ can participate in the game, during registration the team provides an e-mail address of their captain, through whom contact with the team will be maintained and he will be official representative of the team in the competition.
5. You cannot be a member of several teams at the same time.
6. By registering and participating in tournaments, the captain confirms that all registered team members accept these statue.
7. Teams can consist of 2 to 5 people.
7.1 There may be special tournaments where teams with a different number of players may participate. This type of tournament will be clearly indicated by the organizer.
8. You can join the League at any time during the season. At the time of joining, each new team has zero points in its account.
9. In each of the tournaments, the composition of the team does not have to be full, in order to include points in the general classification, the presence of at least one representative of the team is necessary.
10. Employees and members of the Cybersecurity Foundation and their families cannot participate in the CFL.
11. Teams participating in CFL games may not be named in an obscene manner or like legal entities or organizations, or their name may not clearly refer to such an entity or organization.
12. During the tournament, the teams will play the number of Cyber Fortress game rounds specified before the tournament, according to the rules of the game, which are available at: https://cybertwierdza.cybsecurity.org/en
13. CFL tournaments will be organized on dates specified by the organizer. Tournaments can take place in two formulas: table version – the game takes place “in real life”, at tables or online version – using a prepared application. Information about the dates and possible formulas of the tournaments and any other information regarding the CFL will be published on the CFL website: https://cybertwierdza.cybsecurity.org/en
14. During the CFL season, additional tournaments may be organized (e.g. on the occasion of other events). These tournaments will also count towards the overall CFL standings.
15. Each side tournament may have special rules which will be communicated to participants prior to such tournament
16. Team captains will be informed about all tournaments by e-mail.
17. In the case of an online version of the tournament, each of the teams taking part in the CFL provides its own equipment and internet connection, which is necessary to conduct the game. The organizer is not responsible for technical problems that may occur during the game (e.g. connection failure, computer failure) and as a result may prevent participation in the tournament or its round.
CFL Scoring Rules
18. Teams participating in a single tournament earn a certain number of points in accordance with the rules of the Cyber Fortress game. These points determine the places taken in a single tournament. The team with the most points wins the tournament.
19. After the settlement of a single tournament, each team receives ranking points for taking a specific place in the tournament, these points count towards the overall score in the following dimension.
| place | points | place | points | place | points |
| 1 | 100 | 11 | 24 | 21 | 10 |
| 2 | 80 | 12 | 22 | 22 | 9 |
| 3 | 60 | 13 | 20 | 23 | 8 |
| 4 | 50 | 14 | 18 | 24 | 7 |
| 5 | 45 | 15 | 16 | 25 | 6 |
| 6 | 40 | 16 | 15 | 26 | 5 |
| 7 | 36 | 17 | 14 | 27 | 4 |
| 8 | 32 | 18 | 13 | 28 | 3 |
| 9 | 29 | 19 | 12 | 29 | 2 |
| 10 | 26 | 20 | 11 | 30 | 1 |
20. The highest number of points obtained by the team in the general classification of the League at the end of its games decides about the victory in the League. In the case of an equal number of points, the order is decided by the result of the overtime tournament between the teams concerned. The tiebreak tournament ends after the first round to determine the winner.
Awards
21. The organizer provides prizes for teams that will take top places throughout the CFL season.
22. Individual CFL tournaments may also carry additional prizes from both the organizer and possible sponsor of the tournament. The organizer will inform about such situations each time when organizing tournaments.
Final Provisions
23. There is no appeal against the announced results of both the tournament and the entire League. It is final.
24. The organizer reserves the right to settle all disputes that may arise during the game, as well as those related to these regulations.
25. Participants of the League, by taking part in it, agree to the processing of their personal data (including the use of photos and videos from the game).
Information clause
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – participants of the League, taking participate in it, consent to the processing of their personal data (including the use of photos and videos from the game). The data administrator is the Cybersecurity Foundation, with its registered office in Warsaw, at Adama Branickiego 13 street. The data (name, surname, e-mail address) are used to send information about the game and to make the game available. It is possible to withdraw consent by sending information electronically to the following address: [email protected]. Personal data may be transferred to other entities in connection with the provision of IT services (servers, e-mail). These data are not automatically profiled and are not transferred outside the European Economic Area. In the event of objections to the processing of personal data, a complaint may be lodged with the President of the Office for Personal Data Protection.
| Miejsce | Drużyna | Punkty 1 turniej | Punkty 2 turniej | Punkty 3 turniej | Punkty 4 turniej | Punkty 5 turniej | Punkty 6 turniej | Punkty 7 turniej | Punkty finał |
|---|---|---|---|---|---|---|---|---|---|
| 1 | Stronghold | 27 | 36 | 63 | 71 | 96 | 116 | 151 | 259 |
| 2 | ęśąćż | 17 | 21 | 49 | 558 | 81 | 105 | 144 | 255 |
| 3 | Cybertajniacy | 21 | 32 | 53 | 65 | 78 | 103 | 145 | 243 |
| 4 | GreyTeam | 22 | 30 | 51 | 60 | 73 | 93 | 124 | 237 |
| 5 | CyberBand | 24 | 38 | 62 | 71 | 81 | 101 | 133 | 226 |
| 6 | TTnedi | 21 | 28 | 53 | 62 | 73 | 96 | 122 | 217 |
| 7 | Yellow Team | 20 | 27 | 46 | 52 | 65 | 83 | 108 | 205 |
| 8 | TEpe rnAM | 20 | 27 | 46 | 46 | 72 | 72 | 107 | 194 |
| 9 | Oscar | 12 | 19 | 42 | 56 | 69 | 87 | 87 | 189 |
| 10 | fWin | 0 | 0 | 17 | 27 | 43 | 63 | 94 | 189 |
| 11 | Ogury | 0 | 0 | 0 | 0 | 22 | 49 | 87 | 188 |
| 12 | Farmaceuci | 14 | 20 | 41 | 50 | 59 | 77 | 104 | 187 |
| 13 | C64 | 0 | 12 | 35 | 40 | 52 | 66 | 96 | 180 |
| 14 | E Corp | 20 | 28 | 45 | 53 | 53 | 53 | 87 | 176 |
| 15 | PRYNCYPAŁKI | 17 | 20 | 38 | 44 | 59 | 79 | 104 | 171 |
| 16 | AM1 | 3 | 11 | 29 | 36 | 44 | 58 | 58 | 98 |
| 17 | RychuSQUAD | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 92 |
| 18 | Cyberpchor | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 82 |
| 19 | CyberZakon | 19 | 24 | 43 | 51 | 64 | 64 | 64 | 64 |
| 20 | CyberLAB | 0 | 6 | 28 | 37 | 48 | 63 | 63 | 63 |
| 21 | mBank A | 17 | 23 | 33 | 36 | 53 | 53 | 53 | 53 |
| 22 | CyberWarriors | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 37 |
| 23 | SSSSPy | 0 | 0 | 21 | 28 | 36 | 36 | 36 | 36 |
| 24 | Szara Eminencja | 19 | 19 | 19 | 30 | 30 | 30 | 30 | 30 |
| 25 | Klonowe Listki | 13 | 13 | 25 | 25 | 25 | 25 | 25 | 25 |
| 26 | SecAlle | 17 | 22 | 22 | 22 | 22 | 22 | 22 | 22 |
| 27 | JanuszPOL | 12 | 12 | 12 | 12 | 12 | 12 | 12 | 12 |
| 28 | eSqdi | 0 | 9 | 9 | 9 | 9 | 9 |
| Miejsce | Drużyna | Ranking 1 turniej | Ranking 2 turniej | Ranking 3 turniej | Ranking 4 turniej | Ranking 5 turniej | Turniej finałowy |
|---|---|---|---|---|---|---|---|
| 1 | ęśąćż | 18 | 38 | 54 | 82 | 105 | 129 |
| 2 | Ogóry | 13 | 38 | 58 | 84 | 100 | 128 |
| 3 | Komando Wilków Alfa | 15 | 35 | 56 | 79 | 94 | 121 |
| 4 | Cybertajniacy | 15 | 42 | 61 | 76 | 92 | 115 |
| 5 | Allsafe | 16 | 37 | 52 | 69 | 91 | 112 |
| 6 | Grupa Specjalna | 11 | 31 | 46 | 69 | 87 | 112 |
| 7 | Blu Tim | 15 | 34 | 50 | 75 | 89 | 110 |
| 8 | CyberEkspress | 20 | 20 | 37 | 60 | 83 | 110 |
| 9 | elkarze | 14 | 37 | 54 | 73 | 88 | 107 |
| 10 | OneHackMan | 12 | 33 | 49 | 72 | 87 | 106 |
| 11 | RycerzeŚwiatłowodów | 12 | 28 | 44 | 61 | 77 | 104 |
| 12 | BoomerSkaut | 15 | 35 | 49 | 64 | 78 | 97 |
| 13 | TEpe rnAM | 14 | 34 | 46 | 63 | 75 | 97 |
| 14 | Niebiańskie Sygnatury | 13 | 26 | 41 | 58 | 72 | 95 |
| 15 | Spifftacular Mob | 11 | 30 | 43 | 62 | 73 | 95 |
| 16 | szwop | 10 | 28 | 44 | 60 | 76 | 93 |
| 17 | Wystaw Ticketa | 13 | 33 | 49 | 66 | 77 | 93 |
| 18 | IRC | 14 | 33 | 46 | 60 | 73 | 92 |
| 19 | AlphaSeal | 13 | 33 | 43 | 59 | 67 | 89 |
| 20 | Mad Maw | 12 | 32 | 44 | 64 | 74 | 89 |
| 21 | Szara Strefa | 15 | 34 | 46 | 63 | 71 | 87 |
| 22 | Oscar | 11 | 26 | 37 | 53 | 64 | 85 |
| 23 | ęśąćž | 13 | 29 | 43 | 59 | 70 | 84 |
| 24 | Pingwiny | 15 | 28 | 40 | 55 | 80 | |
| 25 | Old-Timers | 11 | 22 | 34 | 48 | 60 | 74 |
| 26 | Sztrom | 13 | 32 | 44 | 44 | 56 | 71 |
| 27 | Twierdza Inosa | 10 | 22 | 35 | 52 | 52 | 70 |
| 28 | AM1 | 13 | 29 | 43 | 43 | 43 | 59 |
| 29 | Popolupo | 11 | 29 | 42 | 55 | 55 | 55 |
| 30 | CyberPatrioci | 10 | 24 | 36 | 52 | 52 | 52 |
| 31 | The Shield | 12 | 21 | 31 | 38 | 51 | |
| 32 | Copernicus_Cyber | 12 | 30 | 45 | 45 | 45 | 45 |
| 33 | Corporror | 10 | 23 | 34 | 45 | 45 | 45 |
| 34 | CyberBand | 12 | 27 | 43 | 43 | 43 | 43 |
| 35 | UMseK | 14 | 32 | 43 | 43 | 43 | 43 |
| 36 | Cyber Warriors | 14 | 32 | 41 | 41 | 41 | 41 |
| 37 | ReadMan | 10 | 23 | 31 | 38 | 38 | 38 |
| 38 | CyberFuses | 16 | 25 | 36 | 36 | 36 | |
| 39 | GrzeMar | 9 | 26 | 36 | 36 | 36 | 36 |
| 40 | Cybermiluś | 9 | 20 | 34 | 34 | 34 | |
| 41 | RychuSquad | 10 | 29 | 29 | 29 | 29 | 29 |
| 42 | Szwadron Komandosów Alfa | 5 | 19 | 29 | 29 | ||
| 43 | cybercider | 13 | 28 | 28 | 28 | 28 | 28 |
| 44 | to my | 10 | 17 | 28 | 28 | 28 | |
| 45 | PRYNCYPAŁKI | 13 | 27 | 27 | 27 | 27 | 27 |
| 46 | Cheaterzy | 12 | 27 | 27 | 27 | 27 | 27 |
| 47 | Large Picnic Attackers | 12 | 26 | 26 | 26 | 26 | 26 |
| 48 | Gh0$t Bu$ter$ | 13 | 25 | 25 | 25 | 25 | 25 |
| 49 | Net-Zet | 12 | 25 | 25 | 25 | 25 | 25 |
| 50 | cybear | 11 | 11 | 24 | 24 | 24 | 24 |
| 51 | GAC | 14 | 23 | 23 | 23 | 23 | |
| 52 | CyberMarines | 10 | 23 | 23 | 23 | 23 | 23 |
| 53 | Sixth Sense | 9 | 22 | 22 | 22 | 22 | 22 |
| 54 | C64 | 18 | 18 | 18 | 18 | 18 | |
| 55 | E Corp | 17 | 17 | 17 | 17 | 17 | |
| 56 | CyberŻołnierze | 16 | 16 | 16 | 16 | 16 | |
| 57 | A5tr1d | 14 | 14 | 14 | 14 | 14 | |
| 58 | AC_Pajace | 8 | 8 | 8 | 8 | 8 | 8 |
| 59 | JcQTim | 8 | 8 | 8 | 8 | 8 | 8 |
| 60 | Farmaceuci | 8 | 8 | 8 | |||
| 61 | RealEstateInvestors | 7 | 7 | 7 | 7 | 7 | 7 |
| Miejsce | Drużyna | Ranking turniej 1 | Ranking turniej 2 | Ranking turniej 3 | Ranking turniej 4 | Ranking turniej 5 |
|---|---|---|---|---|---|---|
| 1 | WRC | 100 | 200 | 260 | 360 | 384 |
| 2 | Grupa specjalna | 50 | 110 | 124 | 169 | 269 |
| 3 | DzikiZSecurity | 16 | 40 | 140 | 156 | 216 |
| 4 | Essa | 60 | 70 | 110 | 160 | 196 |
| 5 | SOC z Gumijagód | 40 | 90 | 170 | 182 | 193 |
| 6 | SP-WB | 80 | 125 | 134 | 174 | 192 |
| 7 | SOK 100% | 29 | 35 | 80 | 106 | 186 |
| 8 | Ogóry | 36 | 76 | 105 | 141 | 181 |
| 9 | Allsafe | 18 | 38 | 60 | 120 | 170 |
| 10 | Komando Wilków Alfa | 8 | 88 | 103 | 121 | 143 |
| 11 | Netrunners | 0 | 32 | 64 | 96 | 141 |
| 12 | Pingwiny | 32 | 35 | 35 | 115 | 130 |
| 13 | Cybertajniacy | 20 | 46 | 70 | 90 | 119 |
| 14 | IRC | 14 | 32 | 82 | 106 | 106 |
| 15 | PITeam | 24 | 60 | 78 | 100 | 100 |
| 16 | Rycerze Światłowodów | 22 | 44 | 64 | 72 | 98 |
| 17 | WestStation TEAM | 0 | 14 | 50 | 79 | 93 |
| 18 | CyberTeachers | 15 | 23 | 36 | 46 | 62 |
| 19 | CyberBurgers | 13 | 29 | 42 | 50 | |
| 20 | Cyberekspress | 45 | 45 | 45 | 45 | 45 |
| 21 | Spifftacular Mob | 0 | 12 | 38 | 38 | 43 |
| 22 | OneHackMan | 5 | 16 | 26 | 33 | 42 |
| 23 | TeamXXX | 26 | 33 | 39 | 39 | 39 |
| 24 | Star Worms | 0 | 0 | 15 | 35 | |
| 25 | BoomerSkaut | 0 | 32 | |||
| 26 | ;DROP TABLE "Users" | 11 | 26 | 30 | 30 | 30 |
| 27 | A-Team | 0 | 9 | 12 | 18 | 30 |
| 28 | Blu Tim | 0 | 29 | 29 | 29 | 29 |
| 29 | IN@ | 12 | 14 | 26 | 26 | 26 |
| 30 | CyberFuses | 0 | 7 | 21 | 25 | |
| 31 | Wafle | 6 | 22 | 22 | 22 | 22 |
| 32 | BlueBirds | 9 | 19 | |||
| 33 | oSIEM | 11 | 18 | |||
| 34 | Dyletanci_IT | 4 | 17 | |||
| 35 | Os3 | 13 | 13 | 14 | 14 | 16 |
| 36 | Cyber Waffle | 7 | 7 | 15 | 15 | 15 |
| 37 | E Corp | 10 | 10 | 10 | 10 | 10 |
| 38 | Drużyna Z | 4 | 4 | 9 | 9 | 9 |
| 39 | zazolc gesla jazn | 9 | 9 | 9 | 9 | 9 |
| 40 | HueCitadel | 5 | 8 | |||
| 41 | Wataha | 0 | 5 | 5 | 5 | 8 |
| 42 | Wiper | 4 | 4 | 4 | 5 | |
| 43 | szwop | 0 | 0 | 3 | 4 | |
| 44 | PBAWS | 3 | 3 | 3 | 3 | 3 |
| 45 | Epic Failers | 2 | 3 | |||
| 46 | Old-Timers | 2 | 2 | 2 | 2 | 2 |
| 47 | Szara Strefa | 0 | 0 | 0 | 2 | 2 |
| 48 | [email protected] | 0 | 0 | 0 | 1 | 1 |
| 49 | AlphaPwners | 0 | 1 | 1 | 1 | 1 |
| 50 | PBL | 1 | 1 | 1 | 1 | 1 |
| 51 | B4B1L00N | 0 | 0 | |||
| 52 | KamRATy | 0 | 0 | 0 | 0 | |
| 53 | SpecjaliściOdJutuba | 0 | 0 | 0 | 0 | 0 |
| 54 | Szwadron Komandosów Alfa | 0 | 0 | 0 | 0 | 0 |
| 55 | Team 27 | 0 | 0 | |||
| 56 | Titanic | 0 | 0 | 0 | 0 | 0 |
| 57 | Twierdza Inosa | 0 | 0 | 0 | 0 | 0 |
| 58 | ZX_Spectrum | 0 | 0 |
