Students simulate crisis leadership during cyberattacks
How do you manage an escalating crisis where cyberattacks coincide with societal disruption, disinformation, and supply chain disturbances? This was the central question when master’s students in Cybersecurity at the School of Engineering in Jönköping took part in an extensive simulation-based exercise last week.
“The aim of the exercise was to give students practical experience in participating in and leading this type of scenario – something they can take directly into their future careers within cybersecurity and critical infrastructure,” says Erik Bergström, Associate Professor in Computer Science and Programme Director of the master’s programme in Cybersecurity at the School of Engineering.
During the exercise, students worked with a fictional energy company “Juelco,” created to resemble a Swedish company operating within solar, wind, and hydropower.
“The simulation is inspired by a NATO exercise I participated in a few years ago. The focus on energy is partly because it represents highly critical infrastructure that we all depend on. I also have a personal interest in the energy sector,” says Erik Bergström, who led the exercise together with Sonny Johansson, Lecturer in Informatics at the School of Engineering.
Inspired by a changing global landscape
Erik explains that recent global developments have influenced the design of the simulation.
“Global events such as the war in Ukraine is a good example, with threat actors operating in our region, as well as the disruptions following the COVID-19 crisis, when much of the world came to a standstill,” he says.
The supporting material was designed to reflect the complexity of real-world organisations in critical sectors and served as a foundation for the decisions students had to make throughout the simulation.
“I think the exercise was very good, and we were faced with many difficult and realistic situations. With each stage, the threats became more sophisticated, and we had to find ways to respond. I believe the experience will be very useful for me going forward,” says Pepijn Algoedt, a student from Belgium.
Exercises with escalating crises
The simulation was structured as a series of discussion-based crisis exercises, where students—working in groups of seven to eight—formed a company management team. Each participant took on a specific role, such as IT, security, finance, HR, or communication.
During the exercise, the facilitators introduced so-called injects—new developments that escalated the situation, such as cyber intrusions, disinformation campaigns targeting wind farms, supply chain disruptions, or challenges linked to international suppliers and geopolitical tensions. Each development required analysis, prioritisation, and joint decision-making.
The scenario unfolded over several phases, starting with initial incidents, followed by a six-month escalation, and ultimately a situation one year later where operations had temporarily stabilised, even as new threats continued to emerge.
“Through the exercise, I hope to gain a better understanding of how a crisis team operates during an ongoing cyberattack. We barely finished dealing with one incident before the next one occurred. You really experience the stress in a tangible way, which I think will be very valuable in the future,” says student Nils Nodén.
Communication and collaboration in focus
An important objective of the exercise was to illustrate that incident management is not just a technical matter. Students also had to consider internal and external communication, HR issues, supplier dependencies, backup solutions, and relations with the media and the general public.
After the exercise, students reflected on their experiences. Rather than focusing on right or wrong decisions they were asked to consider their reasoning, collaboration, and the ability to see the bigger picture—key skills for handling real-world crisis situations.
More photos from the exercise:
