Cyber 9/12 is an annual cyber policy and strategy competition for students. It takes place in multiple locations, namely Dundee, London, Geneva, and Washington DC, following the format set out by the Atlantic Council. The students, in groups of four, are expected to participate in a scenario-based exercise, to develop policy solutions and to brief a panel of judges in a total of three rounds.

The Cyber 9/12 Strategy Challenge’s key aim is to develop and train the cyber security leaders of the future. It aims to find those individuals that are capable of thinking beyond just the technical by addressing the strategy and policy aspects of any cyber security challenge.

The IMSISS Programme aims to have at least one team per year take part in one of the Cyber competitions, whether that be in person in London or Dundee, or online in Geneva. 

Below is a short piece from the 21-23 IMSISS team on the experience:

The opportunity to participate in this challenge was circulated within our programme in early November. The making of our team and decision to apply was more happenstance than intentional. Whilst we had been a part of the same cohort, our paths had not crossed much. However, we decided to apply together, and our individual curiosity and similar motivations made for a good collective effort in both getting selected for the competition (20 teams in total) and further collaboration.

We received the first intelligence pack from the organisers a month before the competition – containing varied material from different sources. The scenario dealt with a potential zero-day vulnerability, eco-hacktivism and arising supply chain vulnerabilities. We had to evaluate the reliability of said sources, try to piece together a well-rounded situational assessment, provide various policy solutions, and identify relevant stakeholders. The back- and-forth with our coach in attaining the clearest version of our proposal was rather painstaking and challenging. However, even within those days, we could see a visible improvement in our understanding of the task expectations, and the subject matter. We enjoyed debating the most important pieces of intelligence as well as predicting worst-case scenarios.

Despite having rehearsed prior, the qualifying round presentation was stressful. However, having done well gave us the necessary confidence for the semi-finals. The preparation for the second stage was a lot more hectic, as we worked through the night to devise a new policy proposal, in response to the new intelligence we received. Yet, to our surprise, we had prepared well enough to be admitted to the finals. The last round of presentations had to be prepared in less than 20 minutes. The panel of judges consisted of Sarah Armstrong- Smith, Pete Cooper, Adam Harrison and Jason Shepard, all respected experts in the field. Hence, despite being apprehensive, we were undeniably happy and humbled to receive their attention and subsequent feedback.

This year’s iteration of the competition was conducted online, due to the pandemic constrictions. Nonetheless, everything went smoothly, and it was a highly engaging experience, as the competition rounds were supplemented by workshop sessions and lectures. The competition has certainly taught us a lot about UK cyber policy and associated organisations. In addition, it has given us an opportunity to network, and challenge ourselves in coming up with credible analysis, innovative solutions, and effective presentations. Finally, this shared experience has brought us closer and demonstrated that, as long as the commitment to teamwork is there, the result will never be subpar. Hence, we certainly recommend taking advantage of this great opportunity!