Professional Documents
Culture Documents
Activity 1: Under Attack: How To Set Up The Game
Activity 1: Under Attack: How To Set Up The Game
● Place the learners into groups. Each group should have no more than four
members.
● Each group will need a full set of Attack Cards.
● Print out a full set of Protection Cards; they should be kept with the teacher until
they have been purchased.
● Print out a full set of incident cards. Each group will eventually collect three
incidents each. There are nine incidents in total, so if there are more than three
groups, more copies of the incidents will be needed.
Step 1: Tell the groups that they are the network managers for an online retailer and
their job is to protect the network and the website from cyberattacks.
Step 2: Tell the groups that their first task is to decide how they will spend their initial
budget of £20,000. Ask one member of each group to come to the teacher to buy their
protection cards. They don’t have to spend £20,000, but they can’t exceed this amount
for the first round.
Step 3: Give each group a random incident card. They now have three minutes to work
out which type of attack it is. They must look through their attack cards to pick the
appropriate card that relates to the incident. Their next job is to decide between them
whether or not the attack was a success or whether the protection methods they
purchased would have thwarted the attack.
Step 4: Once the time is up, ask each group to take turns explaining to the class what
the incident was, what attack type they think it is, and whether or not they had adequate
protection in place. If the teacher and class agree that they have identified the correct
attack they get a point; they get an additional point if they had the correct protection in
place.
Page 1 Last updated: 07-02-20
Year 9 – Cybersecurity Teacher instruction sheet
Lesson 6 – Under Attack
Save a copy
Step 5: Tell the groups that they now have an additional £20,000 to spend on extra
protection methods. Ask a member of the group to purchase the cards from the teacher
as before. Repeat steps 3 and 4.
Step 8: Discuss which possible protection methods were mentioned the most. Two-factor
authentication and anti-malware were used the most in the scenarios below.
Answers
The table below shows all the incidents and what attack type each incident is, as well as
possible solutions. Use this as a guide, but it is important to also allow the groups to
justify why they think their protection method would be effective.
The customer login page on the website DDoS Pay the Internet Service
is receiving a huge number of requests Provider to regulate the
from lots of IP addresses. The server amount of Internet traffic
can’t cope and is in danger of shutting allowed through to the
down; this will take the website offline server at any one time
Multiple attempts are being made to log Brute force Two-factor authentication,
in to the account of the chief executive of CAPTCHA, firewall,
the organisation; they are currently in a secure password policy
meeting without their computer
Attack cards:
Incident cards:
Protection cards:
This resource is available online at ncce.io/cybs-6-a1-d. Resources are updated regularly — please check
that you are using the latest version.
This resource is licensed under the Open Government Licence, version 3. For more information on this
licence, see ncce.io/ogl.