About the CyberReadyGame
The "CyberReadyGame" is an awareness-raising board game developed by the European Commission's Directorate of IT Security, part of the Directorate-General for Informatics (DG DIGIT). The aim of the game is to pass specific cyber knowledge from experts to non-experts by creating mixed teams and by engaging in various scenarios. It is easy to adapt to all age groups and roles. This approach offers a good learning method to upskill on cyber security awareness in both technical and non-technical matters, learning from each other through play while also creating possible future communities of practice. By following the below design, a good facilitator can organise it in his or her own ecosystem.
How does it work?


Step 1: Players receive the tasks belonging to team Defender (Blue Hat) vs team Attacker (Red Hat)
- Discus in your team what may have happened.
- Decide on a list of questions that you will ask the "Red Hat" team in order to discover the real attack method.
- Share your knowledge/questions/ideas with your team.
- Discuss in your team what is the best attack method to achieve your objective.
- Decide on two words relating to a method of attack and write them on a card. These words are the key the "Blue Hat" team will try to discover.
- Share your knowledge/questions/ideas with your team.
Step 2: Round of play
-
Denial of Service (DoS)
The prevention of authorised access to a system resource or the delaying of system operations and functions.
-
Zombies/bots
Computers connected to the internet that have been compromised by a hacker, a computer virus, or a trojan horse; secretly compromised with malicious logic to perform activities under the command and control of a remote administrator.
-
Advanced Persistent Threat
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
-
Malware
Software that compromises the operation of a system by performing an unauthorised function or process. Synonym(s) include malicious code, malicious applet, malicious logic.
-
Phishing
A digital form of social engineering to deceive individuals into providing sensitive information.
-
Virus
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
-
Ransomware
A program that scrambles a computer's files, demanding payment before they can be opened again. For example, the WannaCry ransomware attack asked for $300 in a virtual currency.
Examples of scenario (to be tailored and updated by the facilitator)
- What type of attack was used against you?
- What has just happened?