General

The Standoff will take place non-stop during Positive Hack Days, starting right after the forum opens and lasting until the end of the forum.

Teams consist of five or more people. Each team can play for one side (attackers, defenders, SOC) only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally (at the venue), remotely, or mixed (some team members at the venue and others remotely).

Preparation. One month before The Standoff, the organizers will hold a briefing for each side. The organizers will explain the game structure and rules, preparations and details of the game infrastructure, victory conditions, and awards. SOC and defender teams will be given information about the city infrastructure they are to protect.

During The Standoff. The organizers will assign space for team members and necessary equipment. Proper beds will not be present at the venue, so teams will need to organize any sleeping arrangements themselves. Food will be available both day and night.

At the start of the competition, each team will receive access to the game infrastructure. The connection will be made via a dedicated computer (if the team is at the PHDays venue) or via VPN (if the team is participating remotely).

During the game, a portal will provide basic information about the game infrastructure and list of objectives. News from the organizers will be published there as well.

Rules

The teams can do absolutely anything that is not forbidden by the rules. Teams may not:

  • Interfere with the functioning of The Standoff.
  • Attack the underlying infrastructure of The Standoff.
  • Attack the jury's computers.
  • Generate unreasonably large amounts of traffic (flood).

In addition to the foregoing, defenders may not apply IP-based address blocking.

Teams in violation of these rules may be disqualified.

The game will be continuously monitored by the jury. Important: the jury may clarify the rules at any time prior to the game start, as well as change the state of game infrastructure during the game.

Attackers

Attackers have complete freedom of action, so long as they do not impair the functioning of the game. They are invited to achieve their objectives by any means necessary. All objectives are general in nature (for example, "hack the telecom operator"), vary based on the target type, and can be accomplished in different ways.

Most of the objectives will be known to the attackers, but the game also has hidden objectives that are triggered by certain actions or events. Some objectives can be accomplished only on a particular timeframe and/or only by one team.

Information about team progress in completing objectives will be available throughout the game, in the team profile on the site of The Standoff, as well as in the overall ranking of the teams.

Attackers may use any tools they like, so long as they do not break the core rules (indicated above). At the start, all teams are provided with basic information about the attackable targets; this information will be available on the forum. All other information must be found by the teams themselves. Attackers may share information with each other.

The Standoff will include a separate contest to see who can create the largest botnet. Details will be given by the organizers at the briefing one month before the contest.

During The Standoff, participants who wish to do so may give a short presentation on their experiences, unless otherwise specified.

The rules for awarding points in various categories will be published right before the start of competition. The overall winner is the attacker team with the highest score. A team's total score consists of the points earned by completing particular objectives.

Defenders

Defenders can be both corporate teams and individual specialists (pseudonyms are allowed for privacy). The teams' tasks include designing, installing, configuring, and using protection mechanisms, as well as ensuring the security and integrity of the assets of the company to which the relevant team is assigned.

The defender teams will be split based on area of responsibility, each taking on security for one particular target: telecom operator, office complex, electrical plant/substation, oil company, railway, or bank.

Any protection mechanisms available in software or virtual device form may be used. The organizer does not provide licenses for any protection mechanisms other than for the software produced by the organizer. Hardware solutions may be used, with limitations, only by ICS defender teams. The organizers reserve the right to selectively forbid use of particular protection solutions. ICS protection solutions are not allowed to perform disconnects; only monitoring is allowed.

The organizers will apply guidelines to determine whether and how to make rules changing the game infrastructure for a team (network settings, protection methods in use, and other) so as to ensure a balance between defense and offense. In order to maintain balance on the corporate infrastructures, a more-or-less constant number (within a certain range) of vulnerabilities will be present.

In the course of the game, teams should periodically give presentations on incidents and their work so far. Defenders are not scored; they are evaluated and awarded by the jury.

SOCs

SOCs provide the city's companies with insight and well-honed processes for detecting and preventing incidents. They also make life easier for defenders, thanks to their work detecting and investigating incidents as well as monitoring the city's entire network.

During The Standoff, the job of SOCs is to quickly inform defenders of attacks and propose defensive measures. Like the defenders, SOC teams should publicly describe the attacks and methods they encounter, as well as provide statistics on the overall state of play (attack trends and other metrics).

SOC teams are not scored; rather, they are evaluated and awarded by a jury of industry experts.

City residents

The city is home to a wide range of people, including corporate employees and carefree denizens who use smart gadgets in their daily life. During the contest, virtual residents will actively use city services—so bear in mind that they are trusting and prone to falling for social engineering.

Victory conditions

Victory in The Standoff overall, as well as in particular categories, is based on the objectives successfully accomplished by a particular team. Winners are determined by team score. The organizers will announce the winners at the awards ceremony after the game.

Game progress can be tracked on the site of The Standoff, which includes a leader board and rankings with category leaders.