Play-acting as Cyber Experts for a Day: The Cyber 9/12 Strategy Challenge

By Natalia Maj, Jay Neuner, Jiehui Song and Malla Tedroff

Sleepless nights, ever-changing information and high-stress briefings to senior officials, business leaders and policy makers – sounds like a dream job, no? The Cyber 9/12 Strategy Challenge gave our Unbreakable Cyber League team a 48-hour taste of just this life as cyber security experts, with all it entails.

The Cyber 9/12 Strategy Challenge, held 17-18 February in the iconic BT Tower, brought together university teams from across the UK to respond to a simulated national cyber security incident. Starting from an initial brief of what has occurred, the teams decide what they’d recommend to ministers and policymakers in charge – and then recalibrate response recommendations again and again as the incident evolves (i.e. worsens) over the competition period.

The Unbreakable Cyber League – our team of four from STEaPP – came in with a mix of backgrounds. From venture capital, to government, to law, to communications – these experiences might on the face of it seem ill-fit to tackle cyber security issues. But with the backing of our MPA learning, those experiences and our cumulative skills, we went pretty far (if we do say so ourselves!). We prepared over weeks to understand the scenario, research the UK context, identify who would be responsible for our recommended actions, and decide which actions to prioritise for immediate action. As non-experts, this seemed unsurmountable at first. But we quickly adapted to the language of the UK’s cyber security institutions – Defend, Deter, Develop was our first slogan – and crafted multi-pronged responses, from counter attacks to coordinated external communications campaigns. It dawned upon us that in responding to cyber incidents, policy responses could be more critical than technical solutions.

On the day of the Cyber 9/12 Strategy Challenge, we came up against 13 teams of engineering majors, security PhD students, and other talent from around the UK, some of whom engaged in friendly ribbing over social media in the weeks prior. The ultimate winners blew us away with their poise and seemingly prescient knowledge of the crisis.

It was not only fellow students we mingled with, but also practitioners and experts working on cyber security in the private and public sectors. They shared with us their experiences across decades as cyber security has become one of the most pressing challenges for organisations and institutions as well as provided in-depth feedback to our policy responses. From BT, to the Department for Digital Culture, Media & Sports, to the National Cyber Security Centre, each of these representatives highlighted how the saturation of digital technologies – and the cyber security issues that comes with these technologies – has changed the landscape for their sector.

We walked away from the competition with a newfound understanding of the day-to-day work of groups like the National Cyber Security Centre. We’re still deciding if we want their all-nighter lifestyles – cyber security is a 24-hour job! But the Cyber 9/12 Strategy Challenge illuminated the numerous ways in which cyber security can affect any company or organisation, and some potential pathways for our future careers.

Our advice for next year’s team: Caffeinate well, get a good night’s sleep, and have fun! (And maybe start studying up on your lock-picking now…)

Natalia, Jay, Malla and Jiehui are candidates on the Digital Technologies and Policy MPA at UCL STEaPP. For more details on the MPA and how to apply, visit the STEaPP website.