Origins of Cyber Fortress

The Safe Cyber Space Foundation has extensive experience in organizing cybersecurity exercises at both the strategic level, aimed at enhancing the capabilities of organizations and state structures to effectively protect against cyberattacks (the Cyber-EXE exercise cycle), and at the operational and technical levels, aimed at testing the technical capabilities of cybersecurity teams under simulated attack conditions (CERT Games, CTF competitions).

The primary goal of establishing Cyber Fortress was to create a simulation game that would allow for a comprehensive approach to practice. This included teamwork both from a process-organizational perspective and a technical one. The premise of the game was to build the most effective cybersecurity system and to evaluate the impact of the strategies chosen during the game and the decisions made in response to simulated attack scenarios.

Initially, Cyber Fortress was created as a game with physical cards representing security measures from organizational, procedural, and technical domains. The laid-out cards on the table encouraged the team to lean over them and discuss, which fostered integration, brainstorming, teamwork, and provided a lot of excitement. The first game was held in 2019 as part of the Summer School of Cybersecurity organized by the Naval Academy. The atmosphere, reactions, and feedback from the participants confirmed to us that it was worth developing this project. The premiere and testing of the game showed that the product was ready in practice. We started new editions of training games, which included more partners interested in using the game as a training and awareness platform.

Due to the pandemic, Cyber Fortress transformed into a digital version, where all teams could participate in the competition via an application with digital card versions. After conducting many Cyber Fortress games in the form of training sessions and competitions at conferences, including international ones, we gathered interesting experiences and feedback from participants while continuously making improvements.

Based on these experiences, we decided to organize the Cyber Fortress League and invite cybersecurity teams from across the country and various sectors to participate. The response was substantial, with 18 teams registering, and the League’s inauguration took place during the Security Case Study conference in 2020.

What the Cyber Fortress League Involves

Teams were tasked with building a security system for an information technology environment and responding to randomly selected or predetermined attacks. Each scenario was divided into two phases: a prevention phase, during which game participants aimed to build the most resilient security system for their organization, and a reaction phase, where they had to effectively defend their organization against a known attack through appropriate actions. It was up to the participants to decide what strategy to adopt and what would be the best choice. The limitations included budget, time, and knowledge about the current attack.

For the competing teams, the Foundation prepared prizes. There was much to fight for—a prize pool of 20,000 PLN, with the winning team taking home 12,000 PLN.

Scenarios

During the entire League, participants played 24 scenarios, defending organizations from various sectors, such as energy, finance, government administration, military, services, telecommunications, and healthcare. The scenarios were selected and created based on real and current security incidents to diversify and make the gameplay as realistic as possible. Among the scenarios played were SolarWinds, DarkSide Ransomware, Colonial Pipeline, and the attack on a power plant in Ukraine in 2015. In preparing the games, we carefully analyzed these attacks, recognized the attackers’ strategies, and assessed how individual security measures could impact the effectiveness of defense. At the beginning of the League, participants did not know what attack would occur until the end. During one of the rounds, we conducted an experiment and informed teams about the planned attack scenarios beforehand so they could better prepare. This formula was received enthusiastically by the participants. Before subsequent rounds, we provided teams with hints and clues regarding the planned scenarios, giving an advantage to the more observant and curious players, as well as those who “worked through” the scenario in preparation for the actual game. Full details about the scenarios were revealed the day before the tournament. However, we did not eliminate the element of surprise and randomly selected attacks, as cybersecurity teams rarely have the comfort and time to prepare for a specific incident in real life.

In creating the scenarios and selecting and determining the effectiveness of the security measures, we utilized the principles of well-known frameworks, including MITRE ATT&CK and VERIS. This approach allowed for transparency and understanding of the game rules and scenarios, as well as enabling players to enhance and refine their skills in this area. These are very practical skills that, as participants emphasized, were very useful in their daily struggles to ensure the security of systems.

Gameplay

During the first season, 8 tournaments were held. In seven of these, participants played two scenarios, while in the final tournament, they faced five matches. This ensured that the battle for the top positions continued until the final round, and each team had the chance to shake up the rankings. The tension in the last minutes of the competition reached its peak.

Teams

The League included companies from many sectors, contributing to the diversity of approaches and strategies. In the first edition of the Cyber Fortress League, 23 teams participated, comprising over 80 participants. The sectors represented included primarily banking, finance, telecommunications, and IT, but also public administration, consulting, industrial automation, and education.

Course of the Competitions – How Leaders Changed

From the very beginning of the competitions, a group of teams fiercely competed for the top positions throughout the League, with the situation changing like in a kaleidoscope. After the first tournament, the Stronghold team took the lead but lost the top spot to the Cyberband team after the second tournament. Constantly behind them were the Grey Team, Cybertajniacy, and TTnedi teams. Stronghold regained the throne after the third tournament, but the scoring continued to fluctuate, and rivals did not let themselves be forgotten. The team “ęśąćż” (guess where they are from) joined the race for the top stakes, occupying the fifth position after the fourth tournament and gradually starting to climb the rankings, challenging the leader’s position. In the final, five matches were played, and none of the teams in the top five could be certain of the final result. The battle lasted until the very end, but ultimately, the Stronghold team retained the lead position. Just behind them was the “ęśąćż” team, trailing by only 4 points. The team Cybertajniacy secured the lowest step of the podium.

The final top three places are as follows:

• 1st place – Stronghold (259 points)
• 2nd place – ęśąćż (255 points)
• 3rd place – Cybertajniacy (243 points)