Kentish Cyber takes part in UK Cyber 9/12 Strategy Challenge

Kentish Cyber Team
The Kentish Cyber Team: Dr Gareth Mott, Hala Zein, Ben Treacy, Nandita Pattnaik, and Keenan Jones

Kentish Cyber, a team of Kent students, recently took part in the 4th Annual UK Cyber 9/12 Strategy Challenge.

The Cyber 9/12 Strategy Challenge is an annual cyber policy and strategy competition open to university students from across the globe. The competition focuses on the interdisciplinary nature of the cyber challenges and strategies, policy decisions and the importance of an analytical bend of mind, together with effective teamwork to solve any cyber problem.

The team is coached by Dr Gareth Mott (School of Politics and International Relations, and Institute of Cyber Security for Society (iCSS)) and is comprised of students from across the University: Keenan Jones and Nandita Pattnaik (School of Computing), Ben Treacy (School of Politics & International Relations) and Hala Zein (Kent Law School).

We caught up with the Kentish Cyber Team to learn more about their experiences at the competition:

How long have ‘Kentish Cyber’ been ‘together’? Is this the first time you have worked together? 

Keenan: Not long, is the short answer! We all came together as a team for the first time in preparation for this year’s Cyber 9/12 competition, around the end of November, 2020. This is one of the great aspects of the Cyber 9/12 experience. We all have quite different academic backgrounds, with two PhDs in computer science, alongside a BA in Politics and a BA in Law. Typically, there would be few opportunities for students from this array of disciplines to work together. Cyber 9/12 afforded us this unique opportunity, allowing us to share and develop ideas in a multidisciplinary way whilst giving us the chance to network with other students from a wide variety of academic backgrounds.

Do you need a background in cyber security to get involved?

Gareth: No, one does not need to have an educational or professional background in cyber security to be involved in the Cyber 9/12 Challenge. In fact, it is my understanding that a team comprised of Computing Scientists alone would probably not be selected to compete. The contemporary cyber security environment is increasingly interdisciplinary, and the Cyber 9/12 Competition reflects this. So, the technical grounding is certainly an element, but we cannot map out a solution to a given cyber security dilemma without also considering the sociopolitical and legal elements. I think this interdisciplinarity serves to make the Challenge particularly exciting and directly encourages – even demands – an environment in which each team member brings their own strengths to the table.

How did you first find out about the event and how did you become involved? 

Gareth: I have followed the Atlantic Council’s Cyber 9/12 Challenge since the competition held its first UK-oriented running in 2018. We had the pleasure of (virtually) hosting Robert Black, the Director of the UK Cyber 9/12 Challenge, in June 2020. Inspired by this session, in the 2020-21 academic year, myself and colleagues in the Institute of Cyber Security here at the University of Kent were keen to put forward a team. When the applications for the 2021 competition were opened, we canvassed interest and were delighted to assemble the team who would become Kentish Cyber.

Could you tell us about the competition?

Gareth: Thank you so much, to all four of you, for your hard work and dedication in representing the University of Kent at the Cyber 9/12 Challenge in its 2021 running. It was so great to be able to represent the university at this competition for the first time, with our Kentish Cyber team. Nandita, could you tell us a little bit about the competition, how you prepared for it, and what happened during the event?

Nandita: Students in the competition are given a fictional cyber crisis scenario, impacting national security and with far-reaching implications nationally and internationally. This includes political, economic and legal fields. Students need to analyse the scenario within a specific time frame and develop different policy recommendations for the Prime minister’s office. To our delight, we crossed the first hurdle by submitting a successful application and got ourselves selected for the main final event which was held over two days on 16th and 17th of February 2021 online. We awaited the release of the coveted ‘information pack’ with anticipation.

We were then assigned a realistic scenario, very apt to the current situation relating to a possible zero-day ransomware attack on hospitals, identified within a broader context of COVID vaccine misinformation activity affecting the general public. The scenario reflected real issues a government faces and highlighted the difficult choices Ministers and their staff make in their day-to-day operations. We familiarised ourselves with not only the brief, but also an array of wider interdisciplinary open-source research to relate it to the current scenario. We then undertook a situational assessment, considering the potential impact, risk, implications and came out with three potential recommendation for the cabinet office. Many afternoons and evenings were spent deciding on the decision document, briefing document and the main presentation. Our team then presented the recommendations on the competition day, to a panel of 6 judges consisting of senior cyber experts.

What lessons did you take away from the competition?

Nandita: Although we didn’t get selected for the finals, the whole process was an invaluable learning experience. It was hard work, but what I enjoyed most was that it gave us a flavour of working in a real-life challenge. The event was great to network with many industry professionals. Apart from hosting the main competition, Cyber 9/12 also invited many prominent professionals in the cybersecurity field both from the private and the public sector to share their life experiences, which were very inspiring and useful. Ourselves and the other teams were also able to take part in many relevant technical and career-oriented workshops. Overall the experience of Cyber 9/12 was a fun and rewarding one. After taking part in the competition, I now very much want to explore more policy and strategy-oriented issues in cybersecurity and it got me thinking about a different set of career path that I could take.

What was the most exciting part of the experience, for you?

Keenan: For me, the most exciting part of Cyber 9/12 was the opportunity to engage with an aspect of cybersecurity that very rarely features in my own research: that of policy. As a PhD student, the research that I do is typically focused on a very small area of the cybersecurity field, which although great in its own ways, does not necessarily allow for much exploration beyond this. Through Cyber 9/12, I was able to develop an appreciation for a different, yet equally critical aspect of cybersecurity, whilst also fostering the softer skills that are essential in this field and that often get overlooked as a computer science student. Additionally, the competition allowed us to then test these skills in a challenging environment, by presenting them to experts in this domain. This was as much a learning experience as it was a part of the competition, and allowed us to interact and receive feedback from some of the most prominent figures in the community; an opportunity that granted further insights into the exciting world of cybersecurity policy. Cyber 9/12 provided an environment in which cyber policy can be engaged with in a challenging and fun way – all in all it was a fantastic experience!

Drawing on your experience of the competition, how important do you think engagement with ‘cyber security’ is to the field of law/politics? In terms of practice, academia, or both.

Ben: Through the competition I have developed my understanding of how much politics functionally relies on cyberspace and its associated technologies. Consequently, this has given me insight in to how much we collectively rely on these platforms and technologies being secure and safe in both a personal and political capacity. The case studies we were provided with as part of the competition were realistic, and more importantly they were probable. Being faced with a scenario which could be happening in real time was a unique and exciting challenge which I think all Politics students should experience to really get a feel for what it means to be engaged in cybersecurity.

As part of the competition, I was tasked with considering the political aspect of cybersecurity, which encompassed much more than I had anticipated, despite only being one facet of the brief. Considerations of personal freedom and privacy, the organisation of government personnel and funds, the international implications of the decisions made, as well as the discussion of the policy itself, were issues that we explored and created solutions for, all the while considering the practical application, legal challenges, and political implications for these decisions. In relation to the study of Politics, cybersecurity challenges the traditional schools of thought by expanding the political realm to a virtual borderless space, that is simultaneously reliant on the physical infrastructure and its associated politics to function. This new paradigm of politics provides new ways of thinking, even those that are contradictory to what we may assume as true universally. Cyber 9/12 has shown me especially that reliance on technology is fragile and detrimental if governments do not take action to improve and develop its cyber arsenal, both offensively and defensively, and how important it is for cybersecurity to be a core part of political study.

The competition has also shown me that politics more than ever is linked to private industry. Challenges arise from this mutual dependency, including questions of international sovereignty in multi-national corporations, government and industry collaboration and influence, ownership and usage of resources such as infrastructure and personal data, and countless more. Much like fighting a Hydra, deal with one issue and more take its place. The competition has only given me a glimpse into the complexity of cybersecurity, but these issues are becoming more salient as time goes on. In engaging with the competition and speaking to the many experts who were kind enough to lend their time to the event, I have a newfound appreciation for the importance of the role of cyberspace and cybersecurity in politics today.

It was great that the competition was able to run this year, despite the restrictions imposed by the pandemic. Did you find that you were still able to build a community with the other teams? 

Hala: There are very few positives to the pandemic but one unlikely benefit I was pleasantly surprised to discover was that I was able to become more involved in extra curricular activities at the university of Kent. As someone who suffers from a chronic illness, I have often found it difficult to participate in activities that involve travelling to attend meetings. As such, throughout my time at university, I was less inclined to join a team or society that relied on a commitment to participation without much regard for its accessibility.

The strange benefit of “online university” for myself meant that I was able to and even more confident in committing to competitions, projects and co-curricular modules. One of my favourite competitions I had the pleasure of partaking in was this cyber strategy challenge. This was only possible because of their flexibility and commitment to providing the same opportunities to students despite the unexpected circumstances that the pandemic had brought.

I enjoyed meeting with my team mates every couple of weeks and catching up with them over MS Teams and working through the cyber problems and strategy tasks required of us. It was a great informal and productive way to connect with like-minded students. I certainly feel accomplished having joined this challenge and I am incredibly grateful to have had the opportunity to work alongside such wonderful teammates, learning off of each other, making new friendships, and building connections with ambitious and intelligent individuals in an field I hope to work in.

What would your advice be to students that are interested in cyber security and keen to get involved in this sort of event or to learn more? 

Gareth: Give it a go! This is a really exciting time to learn about cyber security and become involved, and the dilemmas presented by computing technologies cannot be put back in a box; they’re here to stay. And remember, cyber security is not an exclusive club. Again, in today’s increasingly interconnected world, comprehensive, infallible cyber security may, frankly, be a false hope. But the means to achieve this security will be social, political, legal and technical. Even a cursory glance at recent cyber security breaches, including significant breaches, the weakest point in the security system is often the human being using the networks and machines, not the hardware or software itself. Whilst cyber security is technical, it is also arguably universal. By definition, in using these technologies, we are ourselves cyber security actors. So, whilst the technical element is certainly there, students without this technical background can still absolutely – and indeed must – engage with cyber security, and they can do this by acquiring the ‘common linguistics’ of cyber security. This enables them to access both the technical and sociopolitical discourses of cyber security and, through this, develop pathways to understand the issues at stake and the means by which we can endeavour to address them. Both the Higher Education sector and private industry are increasingly conscious of the need for collaborative and multi-faceted approaches to cyber security, and the University of Kent is proactively addressing this important demand. The 2020-21 academic year marked the inaugural running of my new module situated in the School of Politics and International Relations, entitled ‘Governance and War in Cyberspace’, which I have had the pleasure to develop and convene. The Kent Law School and SPSSR respectively also offer modules which address the convergence of the social/legal and cyber realms.

If you would like to keep up-to-date with Cyber Security news and activities, you can subscribe to our newsletter by contacting cyber-info@kent.ac.uk