UCL Department of Science, Technology, Engineering and Public Policy


The ECSEPA Policy Crisis Game

28 February 2019

How do you make dense research topics intersecting cybersecurity and public policy cool? The answer, the Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) project team believes, is by turning it into a game!

Photo of UCL East Building

That’s right, despite being a far cry from your average Tuesday night murder mystery game at the local pub, the ECSEPA Policy Crisis Game that took place in London on 21 February 2019 was designed to be just as gripping and thought-provoking. More importantly, according to one participant, “the real-world value of the Game was that it brought together the policy community working across the UK Government under one roof” to exchange views on complex and profound issues in cyber.  From officials leading incident response to advisors overseeing long-term planning, the participants hailed from a diverse base of cybersecurity specialisations. The aim of the Game? To explore how the UK policy community makes decisions as a series of simulated cyber crisis scenarios unfold throughout the day.

We are not here to test your skills – we know you are all experts in your respective fields.  It’s about understanding how you use a wide range of evidence given to you to make crucial decisions that have bearings on national security concerns, explained UCL STEaPP’s Dr Madeline Carr during the plenary opening speech.

Image of Dr Alex Chung, Dr Madeline Carr, Professor Siraj Shaikh and Atif Hussain
During the game, a mixed set of evidence was presented to the attendees to tease out security implications and strategic approaches in response to the evolving situations.  Spanning socio-economic considerations to cyber-physical impacts on the populous, the interactive sessions brought to light a number of policy challenges.  These included how to determine the threshold of cyber-physical incident triggers, how to gauge proportionate response, and how to improve cross-government coordination mechanisms.


The Game is still in early development.  As a start, this exercise will let us further evaluate and refine our cybersecurity evidence quality criteria framework based on today’s findings and feedback, commented Coventry University’s Professor Siraj Shaikh who chaired the event and led the game design phase of the project.

While it’s not the only game in town that investigates cyber policy response, with another such example being the Cyber 9/12 Student Challenge, the human dimension of the ECSEPA project is inimitable amongst its contemporaries in so far as game design is concerned.  It was developed with and for the policy community, one of the trademark research principles that sets STEaPP projects apart from other interdisciplinary studies: action research through co-design and co-production of projects with government stakeholders. But it’s not over just yet for the ECSEPA project.  In fact, over the course of 2019, the ECSEPA team will be releasing their findings back to the policy community in a usable way.  Their impact-driven approach to policy engagement is spearheaded by STEaPP’s newly formed Policy Impact Unit (PIU).


The ECSEPA project is funded by the EPSRC and undertaken with the full support of the Digital Policy Lab (DPL) and the Research Institute in Science of Cyber Security (RISCS) based in STEaPP.  Apart from undertaking cutting edge research, DPL members also run the Digital Technologies and Public Policy (DTPP) stream in STEaPP’s MPA programme.