CyberReadyGame from DG DIGIT

One of the focus topics of the #SaferInternet4EU campaign, launched on Safer Internet Day 2018 by Mariya Gabriel, Commissioner for Digital Economy and Society, is cyber hygiene... that is, taking steps to ensure that your online life is healthy and secure. Read on to find out more about "CyberReadyGame", an awareness-raising board game developed by the European Commission's Directorate of IT Security, part of the Directorate-General for Informatics (DG DIGIT).

Date 2018-07-03 Author Directorate-General for Informatics (DG DIGIT)

About the CyberReadyGame

The "CyberReadyGame" is an awareness-raising board game developed by the European Commission's Directorate of IT Security, part of the Directorate-General for Informatics (DG DIGIT). The aim of the game is to pass specific cyber knowledge from experts to non-experts by creating mixed teams and by engaging in various scenarios. It is easy to adapt to all age groups and roles. This approach offers a good learning method to upskill on cyber security awareness in both technical and non-technical matters, learning from each other through play while also creating possible future communities of practice. By following the below design, a good facilitator can organise it in his or her own ecosystem.

How does it work?

The time to play depends on the number of team members, but it is estimated that a minimum of 30 minutes is needed to complete the game. Anybody can play it, and there is a minimum of four players. You need a facilitator with good understanding of cyber security, and potentially one or two IT security experts or enthusiasts but this is not mandatory. The facilitator sets the tone and employs the scenario that fits best the players.
Screenshot from CyberReadyGame showing minimum players.
Players are split into two teams: Blue Hat team (defenders) versus Red Hat team (attackers). Each team receives the same scenarios, but are given different tasks. The game is facilitated by a trainer.
Screenshot from CyberReadyGame showing two teams
Below is a checklist of step one and step two in order to organise a round of CyberReadyGame play.

Step 1: Players receive the tasks belonging to team Defender (Blue Hat) vs team Attacker (Red Hat)

You are the "Blue Hat" team trying to respond to a situation in your organisation. Please:
  1. Discus in your team what may have happened.
  2. Decide on a list of questions that you will ask the "Red Hat" team in order to discover the real attack method.
  3. Share your knowledge/questions/ideas with your team.
You are the "Red Hat" team trying to hack an organisation. Please:
  1. Discuss in your team what is the best attack method to achieve your objective.
  2. Decide on two words relating to a method of attack and write them on a card. These words are the key the "Blue Hat" team will try to discover.
  3. Share your knowledge/questions/ideas with your team.

Step 2: Round of play

Examples of keywords used in the game
  • Denial of Service (DoS)
    The prevention of authorised access to a system resource or the delaying of system operations and functions.
  • Zombies/bots
    Computers connected to the internet that have been compromised by a hacker, a computer virus, or a trojan horse; secretly compromised with malicious logic to perform activities under the command and control of a remote administrator.
  • Advanced Persistent Threat
    An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
  • Malware 
    Software that compromises the operation of a system by performing an unauthorised function or process. Synonym(s) include malicious code, malicious applet, malicious logic.
  • Phishing
    A digital form of social engineering to deceive individuals into providing sensitive information.
  • Virus
    A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
  • Ransomware
    A program that scrambles a computer's files, demanding payment before they can be opened again. For example, the WannaCry ransomware attack asked for $300 in a virtual currency.

Examples of scenario (to be tailored and updated by the facilitator)

1. Imagine your organisation is a public transport provider. You just got hacked and 100 buses stopped working in different city stations. In your team, consider:
  • What type of attack was used against you?
2. Imagine your family has five devices connected to the internet. One day, the police knock at the door saying that all your devices were part of a network of serious online crime. In your team, consider:
  • What has just happened? 
Find out more in the video trailer created for the game:
This resource was created by the Directorate of IT Security, Directorate-General for Informatics (DG DIGIT) and openly available from the kick-off of European Cyber Security Month 2017 and is published on the Better Internet for Kids (BIK) portal with permission.
The next edition of European Cyber Security Month (ECSM) will take place in October 2018 - find more information on the ECSM website.

Related news