By Ethan Dettman and Halima Binte Islam
Special thanks to the Hume Center for National Security and Technology for providing financial support to our team.
Introduction
During the first weekend of March, we had the opportunity to travel to Washington, D.C. to compete in the Cyber912 Strategy Challenge. Hosted by the Atlantic Council, the event saw 40 teams from 36 schools compete to provide the best intelligence briefing on a fictional scenario. Teams competed both virtually and in person, graded by a diverse panel of judges. The judges represented members of the National Security Council, and teams were assessed on the accuracy, feasibility, and usefulness of briefings. The competition took place over three rounds spanning two days and was hosted atJohns Hopkins University’s School of Advanced International Studies, Bloomberg Building.
The scenario centered on a suspected Democratic People’s Republic of Korea (DPRK) attacker using social engineering to penetrate a major fictional IT vendor and exfiltrate data, ultimately leading to the cancellation of two World Cup games. The alleged attacker was linked to DPRK intelligence through a third-party threat analysis report. Teams received one Intelligence Report per round, with the first released on February 13th, giving us about three weeks to research and prepare before Round 1 on March 7th. Our team met about twice a week leading up to the competition, checking in with one another and proofreading each other’s work. Additionally, we anticipated the time crunch that the competition would provide and drafted ‘cheat sheets’ of government agency roles and responsibilities.
Team Composition
The team competed under the name CyberHokies and consisted of four members: Halima Binte Islam, Ethan Dettman, Tolu Kolade, and Sully Mrkva. Halima and Ethan both study international politics with a focus on the intersection of technology and international relations, while Sully and Tolu bring a computer engineering background to the team. Dr. Brantly served as coach, providing guidance that kept the team’s recommendations grounded in feasibility and practical utility. This composition gave CyberHokies the ability to approach the scenario from both a technical and policy perspective simultaneously, which proved to be a consistent advantage across all three rounds.
Preparation
With Intelligence Report I in hand, we divided the work according to what each person knew best. Halima and Ethan focused on the policy and geopolitical side, researching DPRK cyber doctrine and mapping out which response options were realistically available to the U.S. government. Sully and Tolu worked through the technical dimensions, examining how the supply chain compromise likely unfolded and what the forensic picture looked like. Dr. Brantly pushed us throughout to make sure our conclusions were defensible, not just plausible.
Our recommendation was to use the breach to further crack down on international cybercrime, monitoring affected customer data from the breach, and fostering closer relations between the private and public sectors. Formulating a response that was realistic and still mitigated the attacks was a challenge, as our first instinct saw us suggesting government overreach. We originally wanted to suggest a complete audit of the networks, something not feasible due to privacy concerns and private corporation interests. This helped to illustrate the limits of bureaucratic governance to our team.
By the time we loaded into the car for D.C., we had gone over the briefing enough times that even the drive became one last review session. It was a good use of the time, and it meant we arrived feeling ready rather than scrambling. We rewarded ourselves with a walk around the city. Our hotel was very close to the Capitol, offering a reminder of the weight that cyber professionals carry every day.
The team: Sully, Halima, Tolu, Ethan, and Dr. Brantly
Competition
Our performance in Round 1 on Day 1 immediately reflected the value of that preparation. We arrived at 8:00 AM, eating the provided breakfast and quizzing one another on our individual roles in the presentation. We made great use of the time between breakfast and our briefing, as we viewed a rival presentation, networked, and made last-minute adjustments to our oral briefs. All teams had 10 minutes to present, 10 minutes of deliberation, and then ten minutes of feedback from the judges.
We addressed the judges’ questions across both technical and policy lines with confidence, and the NSC-representative panel assessed briefings from varying institutional perspectives, a dynamic that rewarded the team’s dual-track approach.
Our presentation went well. The judges asked pointed questions, and having members who could speak to both the technical and policy angles meant we were rarely caught off guard. Networking with the judges afterward was one of the most valuable parts of the day, as we were able to hear their critiques of our recommendations. Their critiques gave us a sense of what they were looking for and how they thought about the scenario across a wide variety of professions. Critiques ranged from needing to include a Congressional response to requesting a more technical breakdown, reflecting the variety amongst the judges Cyber912 offered. In the first round, among other judges, we had a congressional aide, a telecommunications official, and a CISA official. The wide diversity in critiques gave us a lot to work with heading into Day 2. However, we did not know we would advance until we were on the way to dinner, giving us a sweet surprise before eating. We ate at Ruta, an authentic Ukrainian restaurant in Bethesda, MD. We met Dr. Brantly’s family and enjoyed some great food with great company.
After dinner, our team had to prepare for Round 2. The new intelligence briefing saw a fork in the scenario, with cyberattacks taking down major banks in Cambodia and the UAE alongside DPRK denial of the original cyberattacks. These attacks predictably led to diplomatic fallout diffused globally, with the UAE withdrawing their ambassador from the US. The new attacks required us to shift our attention away from a response to the DPRK and PRC, and towards appeasing our allies in the UAE and keeping Cambodia within the US sphere somewhat. Intelligence Report II was challenging, as we had to synthesize a ton of different information that seemed at best tangentially related.
This required us to update our analysis quickly, and by that point everyone was tired. The time pressure was real, and there was less margin for the kind of back-and-forth that had made our preparation strong. What carried us through was the structure we had built beforehand. Defined roles and trust between team members kept things moving even when the energy was running low. Our team worked together in the hotel lobby until late in the night drafting our document and oral briefs. We trusted each other to carry out our individual assigned roles, and even with the time change (we lost an hour of preparation!), we managed to submit our decision document by 7:00 AM Sunday.
Waking up on Sunday, the entire team was tired. Our team walked to the Bloomberg building, feeling the stress from the time change and the upcoming presentation. The presentation itself went well, but the team was more nervous than the day before. We had less time to prepare and made some avoidable mistakes. The discussion after the presentation was robust, and the judges pushed us on a few of our recommendations, which gave us a lot to reflect on. Our team received more pointed feedback, and some miscues would have been avoided with more preparation time. For instance, we suggested CISA should oversee a foreign investigation, something that the CISA professional on our judge’s panel called out. Our team learned that a small amount of preparation lends itself to making small errors like organizational misclassification. If our team was cleared and legitimately briefing the NSC, our mistake would have had much larger ramifications. Through this experience, we gained
Takeaways
The Cyber912 Challenge offered more than a competitive experience. Competing alongside teams from seven countries and institutions ranging from military academies to international universities reinforced that cybersecurity policy is a genuinely global challenge, one that requires both technical precision and strategic judgment. Our ability to field a competitive, interdisciplinary team in a global environment with some of the best cyber professionals speaks to the strength and the value of investing in experiential learning opportunities that place students in high-stakes, professional settings. Hearing the multitude of critiques across multiple disciplines was extremely valuable, mirroring the diversity of real-life National Security Councils.
As many of our team members plan to work in government someday, one of our most valuable takeaways was how complex the government truly is. What we see on the news, e.g., the FBI leads the investigation of a cyber-attack, has a complex web of behind-the-scenes duties that led to this. Analysts first gathered intelligence, then synthesized it into actionable reports, ala our decision documents. Next, authorities must be provided to specific agencies or organizations to carry out the prescribed duties, often with overlapping or unclear responsibilities. Intelligence Report II also illustrated the value of having good intelligence analysts through the sheer volume of information teams had to comb through for Round II. The report opened with DPRK denial of the Cornerstone attacks, then quickly shifted into a cyberattack on Cambodian and UAE banks. Our analysis and prescription of potential courses of action forced us to prioritize the most important aspects of the scenario.
Different judges, even on the same panel, would recommend different policy outcomes. Some were more hawkish; others emphasized the importance of multi-agency responses. Competitions like Cyber912 build analytical agility and collaborative problem-solving that classrooms alone cannot replicate, and they produce graduates who are prepared to contribute to the national security community from day one. The entire experience was well worth it. Everyone on the team would recommend participating in future Cyber 9/12 competitions.
Our Briefing Slides are below for reference:
