New exercise unveiled to help businesses in the fight against cyber attacks
Press release issued: 8 March 2018
The Metropolitan Police Service (MPS) has unveiled an innovative new exercise that teaches business leaders how to protect their companies from cyber attacks. The resource, entitled 'Decisions and Disruptions', funded by the Engineering and Physical Sciences Research Council (EPSRC), was first developed by a group of academics, currently based at the University of Bristol, in partnership with the National Cyber Security Centre.
Officers in the Met's Fraud and Linked Crime Online (Falcon) unit have adapted it to be included in their regular cyber awareness presentations given to businesses and organisations.
Since it was first demonstrated in June 2017, 13 exercises have been run with external companies, 33 have been run internally with a further eight delivered to other police forces.
The cyber prevent team are booked to carry out another 18 events to more than 100 people during the next two months, which include a bank, and a multiple business event where ten exercises will be running simultaneously.
A number of the events are being ran in partnership with the City of London Police’s Cyber Crime Unit who have adopted the initiative and are also delivering it as part of their cyber-crime awareness offering, ensuring businesses across the capital are protected.
The exercise, which consists of two game boards with Lego pieces that represent a company with separate premises, is designed to explore the decisions that people make, in order to protect their businesses and organisations from modern day threats, such as hacking and malware attacks.
All the scenarios in the game are based upon real-life situations and current threats.
Current National Cyber Security Centre (NCSC) and Met Police cyber security guidance is provided in the post-exercise debrief.
The initiative builds on existing support for companies given by the NCSC, who have published a Small Business Guide listing top tips to shield from potential online attacks.
A number of the events are also being run in partnership with the City of London Police’s Cyber Crime Unit who are also delivering it as part of their cyber-crime awareness offering.
Detective Chief Superintendent Mick Gallagher, head of the Organised Crime Command, said: "We've had excellent feedback from everyone who has been shown this exercise and it is an excellent tool to promote awareness of the growing range of cyber security threats. Due to the physical representation of the game board, it makes cyber security easier to understand and the scoring system introduces a competitive and fun element, which is proven to aid learning.
"The scale and complexity of cybercrime and fraud online is constantly evolving and our officers are proactively targeting the criminals responsible. However, it is also an important part of our work to educate members of the public how to protect themselves online and reduce their chances of being a victim of crime."
Professor Awais Rashid, Professor of Cyber Security in the Department of Computer Science at the University of Bristol, added: “Decisions and Disruptions is a table top game that we developed where players can experiment with cyber security risks, learn about decision-making and its consequences, and reflect on their own perception of cyber security. The research we have conducted so far using the game, including the collaborative work with the London Metropolitan Police, has uncovered a number of key insights about how different demographics in organisations - managers, IT personnel and security experts - approach security decision-making, the good practices and the pitfalls to be avoided.”
"The game requires no prior cyber security expertise from players and the details of how to build a game board are freely available on the website. Anyone interested can build their own board and learn about cyber security in a fun way with friends, family and co-workers."
The Engineering and Physical Sciences Research Council (EPSRC)-funded ‘Decisions and Disruptions’ was first developed by a team at Lancaster University led by Professor Awais Rashid, now based at the University of Bristol.
Further information about the EPSRC project ‘Mumba: Multi-faceted Metrics for ICS Business Risk Analysis’ is available on the website, and is part of the Research Institute on Trustworthy Industrial Control systems.
About the Engineering and Physical Sciences Research Council (EPSRC)
As the main funding agency for engineering and physical sciences research, our vision is for the UK to be the best place in the world to Research, Discover and Innovate.
By investing £800 million a year in research and postgraduate training, we are building the knowledge and skills base needed to address the scientific and technological challenges facing the nation. Our portfolio covers a vast range of fields from healthcare technologies to structural engineering, manufacturing to mathematics, advanced materials to chemistry. The research we fund has impact across all sectors. It provides a platform for future economic development in the UK and improvements for everyone’s health, lifestyle and culture.
We work collectively with our partners and other Research Councils on issues of common concern via Research Councils UK. www.epsrc.ac.uk