Press "Enter" to skip to content

Sanford Palo Alto Cyber Cup

The Sanford Palo Alto Cyber Cup is a partnership between the Sanford School of Public Policy and Palo Alto Networks.

2021 Competition (October 23-24, 2021)

The second annual iteration of the Sanford Palo Alto Cyber Cup will be held on October 23 and 24, 2021. As the university community takes advantage of Duke Cyber Week to learn about cybersecurity and tech policy and its role in a wide array of disciplines and social debates, undergraduate and graduate students are invited to participate in a public policy cyberattack response simulation.

The Sanford Palo Alto Cyber Cup is a partnership between the Sanford School of Public Policy and Palo Alto Networks, a leading incident response, risk management, and digital forensics firm.

The annual competition will challenge teams of students to develop and present policy recommendations designed to address hypothetical, high-stakes cybersecurity scenarios. For this competition, the scenario will challenge teams to respond to a breach of critical infrastructure. Competitors will grapple with both the immediate response to the cyber incident and the social and political fallout the event creates. The winning team will earn $2,000 and first-round interviews for a cybersecurity internship with Palo Alto Networks.

For more information about the 2021 competition, contact Aden Klein at aden.klein@duke.edu.

2020 Competition

The inaugural Sanford-Crypsis Cyber Cup was held in October 2020 as a new partnership between the Sanford School of Public Policy and The Crypsis Group, a leading incident response, risk management, and digital forensics firm (now part of Palo Alto Networks).

The competition is designed to challenge teams of students to develop and present policy recommendations designed to address hypothetical, high-stakes cybersecurity scenarios. The 2020 competition centered around a cyber incident targeting Duke Health system days before a high-ranking cabinet official was scheduled to undergo an operation.

Competitors were asked to develop a policy response drawing from federal, state, private sector, and military resources. Uncertainty about the actor behind the attack, adequate response strength, and proper authorities led to a complex scenario that forced teams to think outside of the box and innovate new policy responses.

Finalist teams advanced to a second round, where new developments revealed the actor behind the attack and drastically expanded the risk to US critical infrastructure. Teams had less than 30 minutes to develop a response to the rapidly-evolving scenario, simulating the uncertainty and short response time of an actual cyber incident.

You can read a Sanford article on the winning team here.