Learning by doing: a wargame with the Sciences Po Student Cybersecurity Association

Cyber threats have become increasingly prevalent in our digitalized society. As a result, cybersecurity has undoubtedly emerged as a major strategic issue, impacting businesses, citizens, and even State’s security.

Unfortunately, Sciences Po students often perceive cybersecurity as an exclusively technical field, seemingly inaccessible to those without an engineering background. However, cybersecurity extends far beyond coding and technical expertise: it intersects with international relations, intelligence, business strategy, and public policy. In fact, many of the skills required in cybersecurity are non-technical or can be quickly learned making Sciences Po students well-positioned to play a strategic role in this field.

Discovering cyber threats and how to prevent them: a cyber wargame with the Sciences Po Student Cybersecurity Association

At the Sciences Po Student Cybersecurity Association, this is the core message we want to convey to our fellow students. In order to do so, we organize various event throughout the year. One of our key activities is a semestrial wargame, a format we have been developing over the past few years.

Thanks to the support of the PSIA Technology and Global Affairs Innovation Hub, we successfully organized a Spring edition of our wargame this April.

Wargames are inspired by Capture The Flag (CTF) events, a well-known activity in the cybersecurity ecosystem. However, our wargames do not require a technical background. They can be described as a blend of an escape game, a treasure hunt, and an investigation simulation. A scenario inspired by a real intelligence case is created, and groups of students must solve a series of (digital) challenges to successfully complete the mission.

In this edition, 20 students took on the roles of different intelligence agencies, working to prevent the release of a virus that could have devastating consequences for the Internet. To track down the hacker, players were led across various parts of Paris through a series of challenges, each involving varying degrees of technical difficulty from accessing encrypted documents or passwords to using a shell terminal to play a custom-designed video game.

Prior to the wargame, participants received a manual introducing the tools they would need. During the game, our team remained available to answer questions or provide hints. With this support, even participants with no prior knowledge in cybersecurity or IT were able to quickly learn how to use the requested tools and were never left stuck for long on a given obstacle.

From cybersec to OSINT: designing a challenging yet accessible learning experience

In addition to the more technical challenges, we incorporated a few challenges focused on OSINT (Open-Source Intelligence) and social engineering both crucial methods in modern intelligence yet often misunderstood. To better explain the logic behind this aspect of the wargame, here is a quote from Antoine Kahn, who was responsible for its design and implementation: 

“I recently took part in organizing a Wargame for the second time within the Sciences Po Cybersecurity Association. It’s a challenge I truly enjoy, as it allows me to put my technical skills to the test while tailoring them to a wide range of participant profiles.

For this edition, the challenges I designed were at the intersection of social engineering and more technical analysis tools. Social engineering plays a central role in modern cyberattacks. While people often imagine cyber threats as highly technical operations carried out by specialists, it’s frequently the human factor that makes them possible. This part of the Wargame aimed to raise awareness about the kind of information people share publicly online, and how easily it can be exploited. To complete these challenges, participants had to find social media accounts, inspect a website’s source code and decrypt an encoded message. These tasks gave participants hands-on exposure to core concepts underlying the digital tools we use every day. 

I firmly believe that tomorrow’s leaders, even those outside the tech world, should develop a broad understanding of the infrastructures that power modern technology. In its own modest way, this Wargame was designed to help foster exactly that.”

This is a perfect summary of what we aim to achieve (and we hope we did) in our wargames. Giving Sciences Po students the opportunity and knowledge to dive deeper into the digital tools they use daily is a unique way for us to raise awareness on how these tools can be used by malicious actors, and how to protect oneself from it. Once again, we thank the Technology and Global Affairs Innovation Hub for its support, which allowed us to reward the winning team with a 6-months VPN and antivirus subscription. 

“We really enjoyed solving the case alongside passionate students! We discovered a lot about the tools and technics that are used by cybersecurity analysts in a realistic yet fictional and fun format. Some of us had no prior knowledge of cybersecurity or IT so it was a great opportunity to discover a new field and gain some knowledge about a topic that can affect us both in our professional and personal life”.

The winning team

With the organization of a final workshop dedicated to OSINT where more than 25 students had the opportunity to meet several practitioners then collaboratively reproduce a real use case, this wargame really contributed to break the boundaries Sciences Po students usually face when considering cybersecurity and intelligence careers.

The Sciences Po Cybersecurity Association’s (SCA) is a student association founded in 2019 whose main purpose is to spread awareness on matters relating to cybersecurity and digital technologies through an international relations and public policy perspective.