Cyber 9/12: Why We Fight* Learning from competition. By Robert Carolina, Senior Visiting Fellow

Once again, 2020 was a great year for CDT student participation in the Atlantic Council “Cyber 9/12 Strategy Challenge.” The third annual competition in London was the toughest to date, starting with a competitive entry process. Of more than 30 UK-based teams who applied, only 17 (including two teams from RHUL CDT) were selected to compete. One of our teams went on to the Final Round of this year’s competition, placing Third.

Convened in different locales around the world, teams comprised of four students simulate the high-pressure task of analysing available information about cyber security threats, synthesising these, and briefing senior government officials with findings and recommendations. The competition relies upon information sources assembled into a briefing pack such as (real) research reports, (real and simulated) online media, (real and simulated) private sector threat analysis, (simulated) classified government intelligence reports, and even a (simulated) television news report.

Our first CDT student team competed in Geneva in 2017, advancing to the Semi-Finals. Our next team placed First in the 2018 inaugural London competition. Three teams competed in 2019: two in London and one in Geneva. And now two more in London, including our second appearance in the Final Round. That’s a lot of competition.

Students who wish to compete organise themselves into teams and recruit a coach. Participating is entirely voluntary and brings no formal academic credit.

So WHY do they do it?

It’s been my privilege to coach CDT teams three times: twice in London and once in Geneva. From this vantage point, I have seen a number of benefits students can take from the competition.

Each competition forces students to make use of a wide variety of disciplines they might not otherwise encounter on their academic journey. Teams must prepare to justify their recommendations within the emerging framework of international law which now pervades state cyber operation decision-making. They are required to appreciate the risks and potential impact of hostile cyber operations and countermeasures.

Teams are encouraged to think holistically about the needs of an entire society; to prioritise both domestic and international responses; and to consider non-cyber impacts and responses. Their chances of success go up tremendously if they exhibit an appreciation of the practicalities needed to implement their recommendations, such as the length of time necessary to adopt new laws or

procedures, to commission new offensive cyber programmes, to task or redeploy limited civil service resources, to leverage support from non-state actors such as the community of CISOs and security vendors, or to persuade international partners to participate in multilateral action.

Teams are forced to confront the reality of decision-making in an atmosphere of less-than-complete, potentially inaccurate, and sometimes conflicting, information. They must sift through messy and diverse sources of intelligence and synthesise a picture of threats that can be explained to non-expert decision-makers within minutes – all while being careful to assign appropriate degrees of confidence to different elements of their report. They must learn the difference between acting as an honest broker of available evidence (which is the job of an analyst) and acting as an advocate for a specific outcome (which is not).

The best teams learn and demonstrate good teamwork skills. They face difficult choices in how to allocate tasks among themselves. The time pressure of the competition begins at a relaxed pace with weeks available to produce and deliver Round 1 submissions. Those selected to advance to Round 2 are thrown into a situation in which they have a single overnight window to absorb significant new intelligence and revise their view of the situation. The very few teams who advance to the Final Round face the highest-pressure component – only 20 minutes in which to absorb a few bits of critical additional intelligence before briefing the judging panel who simulate government leaders – often comprised of persons who have served in the senior civil service roles the students are now simulating.

The competition is a labour of love for a large group of volunteers from industry, government and academia (including CDT graduate and former competitor Dr Andreas Haggman, RHUL ’19, who remains heavily involved in the London competition). The effort required to develop each competition’s intelligence pack is considerable, as is the effort to recruit and coordinate large numbers of judges.

Each competition strongly reflects local values, methods, and standards. Judges in London simulate UK government officials; in Washington, DC they simulate US federal government officials; and in Geneva they simulate a multinational “task force of European leaders” including heads of government and defence. Competitors must be prepared to make recommendations fit for the relevant environment.

Of course, no competition is perfect, no simulation is perfect, and the process being simulated is itself far from perfect. Judges and competition officials are ultimately required to rank teams. Reasonable people can disagree about aspects of the competition process, as well as the results.

But I find that the students who take the most from the competition are those who embrace it and invest in it for the learning opportunity it represents. I’ve watched students climb and conquer steep learning curves. I’ve seen cryptography students gain a better understanding of politics. I’ve watched students of law and international relations learn to appreciate the practicalities of cyber operations. I’ve seen computer science students learn how international law continues to influence this sphere of operation. And I’ve watched as all of them learn more about how the decision-making “sausage” is made.

These are all good reasons to compete. And in the context of the competition, this is, I believe, why we fight.

 


Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more