Cyber crisis management - are you prepared?

Developing next generation cyber defences and specialists

With the evolving threat landscape today, organisations must worry about far more than fraud and theft. Cyber criminals are becoming more sophisticated and highly organised and they are focusing their attention to disrupting services, destroying data, and holding systems to ransom. As a consequence the risk challenges for organisations grow more complex: Regulatory fines, legal damages, loss of trust, and reputation damage are becoming part of the equation.

What does it take for organisations to tackle these challenges? It requires much more than only properly managing an incident as it happens; multiple functions and skill sets must be highly trained and coordinated to contain, manage and recover from crisis incidents. And, it also means looking ahead and securing the next generation cyber and crisis management experts.

Deloitte-Sponsored Teams NOBUS and ETHernet Triumph at the 2018 Cyber 9/12 Student Challenge

Deloitte is proud to contribute to the training and development of next generation cyber specialists by co-sponsoring the fourth edition of the  European Cyber 9/12 Student Challenge, hosted by the Geneva Centre for Security Policy (GCSP) and the Atlantic Council, and two student teams.

Crisis situation scenario

It’s 10 April 2020, and in response to cyber attacks at several major European airports, the Office of the High Representative of the Union for Foreign Affair and Security Policy has established an international task force to determine the best course of action to prevent a widespread crisis. You are part of this task force and are requested to analyse the intelligence reports from the point of view of cybersecurity, law, foreign policy and security theory, and to present two to four policy response alternatives before recommending what you consider to be the best course of action. Your written and oral briefs will be considered by the Union for Foreign Affairs and Security Policy at 8 o’clock tomorrow morning.

A scriptwriter’s idea for Mission Impossible 7? Not quite, although the task faced by the competitors at this year’s Cyber 9/12 Student Challenge organised by the Geneva Centre for Security Policy and the Atlantic Council was no less complex. Twenty teams of students from universities in Europe and the U.S. had a two-day opportunity of experiencing what it means to deal first-hand with a mounting international cyber crisis.

Team setup

Deloitte sponsored two of the Swiss teams, each of which consisted of students from the ETH Zurich, the HSG University of St. Gallen and the Swiss Military Academy at ETH. The specialties of the participants ranged from Information Technology, Electrical Engineering and Distributed Systems to Political Science, International Relations, Finance and Military Science.

2018 Cyber 9/12 Student Challenge

Watch how the crisis unfolds

Team NOBUS: Jelena Mihajlovic,ETH; Floyd Basler, ETH; Reto á Porta, Swiss Military Academy at ETH; Kevin Kohler, HSG University of St. Gallen. Team ETHernet: Roc Iore, Swiss Military Academy at ETH; Jonas Gude, ETH; Andreas Biri, ETH; Ari Andricopoulos, ETH; from Deloitte: speaker Dr. Klaus Julisch and judge Gianni Crameri.

Success factors

The teams took Second and Third Place – an outstanding achievement which the students attributed to the diversity of their teams. “In our case, ״ emphasised one NOBUS team member, “diversity was really essential because each of us had a different approach to the issue. It was not necessarily easier, but it was more efficient in finding a proper solution. Cyber security is a very complex area and needs complex preparation and solutions."

Equally essential to the teams’ success was outstanding cooperation: not only listening to each other, but trying to really understand each other’s mind-set and point of view, as one team member put it. Managing a crisis requires thinking out of the box and, especially, recognising the need to match the level of response to the level of attack. Is an immediate reaction needed, or is it better to delay the response? What should be the role of private and governmental institutions? Need the military become involved? What about the media?

Another team member found that working on the escalation of the crisis in Round 2 of the simulation actually became easier as additional intelligence information made it possible to concentrate on solutions to concrete problems such as the effect of the attack on traffic. Once again, diversity within each team played a major role in developing creative solutions and in structuring a coordinated response.

Diversity, however, was not much help in Round 3 when, after working throughout the better part of the night, the bleary-eyed finalists were called upon to propose and defend their recommended course of action. Quite unexpectedly, this time the contestants found themselves facing not just the panel of judges, but also a full auditorium of critical listeners. Lack of sleep, constant time pressure, not knowing what new intelligence to expect from one moment to the next all contributed to making the experience remarkably realistic.

What did the participants take home from the challenge?

Aside from making new friends, the importance of teamwork, transparent communication and staying calm under stress when addressing major problems was confirmed by all participants. As one reassuringly put it: “Even though we can’t predict every crisis in advance, we know we can respond effectively.״

Deloitte heartily congratulates the members of Teams NOBUS and ETHernet on a mission well accomplished.

What is your organisation's cyber security maturity level?

Our experts can help you assess where you stand today and help you develop a strategy for the future.

Did you find this useful?