The Badge Archive

• Fulfills Steps 1-5 of GSUSA Ambassador Cybersecurity Investigator badge requirements.
• Leaders – please be aware of double dipping and make your own informed choice.

Items Needed

• Copy of the Ambassador Cybersecurity Investigator Info Required
• (Option A – Dice Game) One 8-sided die (Optional – use a 6 sided dice and cross off two of the types of attacks and eliminate two of the departments)
• (Option A – Dice Game) Stack of cards with 8 department names on them (See list below – descriptions are optional but helpful for brainstorming)
• (Option A – Dice Game) Copy of the City Cyber Attack Roll List
• (Option B – Leader Choice) Copy of only the scenario the Leader chooses from the City Cyber Attack Roll List
• Timer or stopwatch
• Several Copies of the City Cyber Attack Messages (keep leader info secret)
• Copy of a Ransom Note & City Opinions (keep consequences secret)
• Copy of City Cyber Attack Log File (keep leader info secret)
• Copy of City Cyber Attack Strategies

Instructions

1. Begin by briefly going over the Info Needed for each requirement. Keep this introduction short and simple—an overview of cyberattacks should take no more than 5 minutes.
2. Explain the scenario:
   “The city has been hit by a cyberattack, disrupting operations and compromising key systems. At 7:48 a.m., the breach was discovered, and law enforcement is actively investigating the hacker group believed to be responsible. Departments have been asked to evaluate the damage caused, taking into account the impact on both citizens and city employees. In five minutes, department heads will reconvene to present their findings and discuss the broader implications of this incident.”
3. Option 1 – Dice Roll:
   • Scouts roll the 8-sided die to determine what type of attack hits the city.
   • Scouts roll the die a second time to decide how many departments are affected.
   • Scouts draw the corresponding number of department cards to determine which departments are hit.
   • Scouts read the damage descriptions for the affected departments and have 5 minutes to brainstorm possible solutions.
4. Option 2 – Leader Choice:
   • The leader selects the type of attack and provides only that scenario to the group, resolving all 8 departments without dice or department cards.
   • Scouts read the damage descriptions for the affected departments and have 5 minutes to brainstorm possible solutions.
5. Announce the new scenario:
   “Law enforcement has made progress in the case! Officials suspect a hacker group known as GlitchGang is behind the attack. This group often communicates using steganography, a method of hiding messages in plain sight. In the weeks leading up to the attack, investigators noticed increased activity online from several users. Four message threads believed to involve GlitchGang have been flagged for review.”
6. Provide scouts with the four flagged Message threads and give them 10 minutes to analyze the threads and identify which users may be involved in the hacker group.
7. Present the ransom note:
   “The city has been targeted by a cyberattack that has disrupted access to critical systems and data. The attackers have issued a ransom note, demanding payment in Bitcoin to restore control and prevent further damage.”
8. Read the Ransom Note and set a 5-minute timer. Provide the list of City Opinions to guide the discussion. After debating the pros and cons, the group will make a final decision on how to respond.
9. Announce the Case:
   “The city needs help investigating suspicious activity in the log files. Officials believe the evidence will uncover the criminal behind the cyberattack. Investigators need your assistance to analyze the data and identify the perpetrator.”
10. Spend 15 minutes to allow investigators time to analyze the log files to uncover suspicious activity. Follow the Log File instructions and provide hints as needed. Scouts must determine:
    • Which department was attacked.
    • Who the attacker was.
    • What actions they took on the network.
11. Announce the Culprit:
    “The person responsible for the city’s cyberattack, FriendlyDaisy, has been caught. Recovery efforts are underway, but it will take months to fix everything. Decide on five cybersecurity strategies to prevent future attacks.”
12. Spend 10 minutes reviewing the list of 15 Cybersecurity Strategies, and vote on which apply specifically to this attack.
13. Using the National Institute of Standards and Technology (NIST) framework, vote on the top 5 strategies the city should implement moving forward.
14. Celebrate:
    “The culprit has been caught, the city is recovering, and strategies have been implemented to prevent future attacks. Until next time, Cyber Detectives!”

Department Card List

• Mayor: Leads the city, overseeing departments, budgets, and responding to emergencies.
• Police Department: Protects the public by patrolling neighborhoods, directing traffic, and investigating crimes.
• Fire Department: Responds to emergencies like fires, car crashes, chemical spills, and rescues.
• Water and Sanitation: Maintains safe water and sanitation systems, often using computerized tools.
• City Court System: Manages digital records for efficient information sharing and legal processes.
• Department of Education: Oversees public education, including student records, grades, and data security.
• Parks and Recreation: Maintains parks, ecological diversity, and recreational facilities like playgrounds, pools, and golf courses.
• Public Transportation System: Manages bus, rail, subway systems, and sometimes airports or seaports, ensuring safe travel for people and cargo.