Cybermonth

Cybersecurity made fun and effective

A look at some of ITER's 2023 Cybermonth activities., which were designed to balance education and entertainment.
In today's digital age, everything we do online is exposed to cyber risks. Cyberattacks can compromise our personal data, our professional work at the ITER Organization, but also ITER networks, data and even its industrial and control systems. That is why cybersecurity is not just a task for experts, but a shared commitment for all.

Cybersecurity month is a worldwide initiative designed to spotlight the importance of digital safety. For the second year now, the ITER IT Security team has joined this global effort with a dedicated in-house cybersecurity awareness campaign.

"Cybermonth is a unique opportunity to empower our users and remind them of the importance of cybersecurity within the ITER Project and also in their personal lives," says Romain Bourgue, in charge of IT Security at the ITER Organization. "The campaign was designed as a series of engaging and interactive games, covering a range of topics that reflect the current threats and challenges in the cybersecurity domain."

To achieve widespread participation, IT Security implemented a new approach by gamifying the 2023 Cybermonth campaign around issues that the team considered crucial. "We wanted to focus on aspects and threats that the IT Security team deals with on a day-to-day basis and that we want everyone to be aware of. By educating users on how to recognize and avoid these cyberattack tactics, we aim to enhance the security of both professional and personal digital interactions." 

One of the activities featured in the campaign was an escape room scenario, where users could save the tokamak from imminent destruction by unlocking the central computer using a password and a second factor of authentication. Success was achieved by solving various security-related puzzles scattered throughout the room.
One of the main focuses was social engineering—a malicious technique that exploits human factors to manipulate users into divulging sensitive information or performing malicious actions. Greed and fear are often used to make people act irrationally, for example by provoking them to give out their credentials by promising a discount or getting them to click on a link that claims their account has been hacked.

The campaign was not only informative, but also entertaining and rewarding. Users could track their progress and compete to be part of a Hall of Fame, adding a touch of fun and excitement to the educational campaign. "It was a real challenge to balance entertainment and substance—raising awareness in an amusing way without diluting the underlying message. But cybersecurity awareness really can be fun and effective," says Maria Mitoi, one of the team members responsible for designing the activities.

Congratulations to the 2023 cybersecurity heroes! In the end, every participant secured a victory, at least in the form of valuable knowledge...
The results of the campaign were impressive, with a high level of participation and positive feedback from the users. The campaign demonstrated ITER's commitment to cybersecurity and reinforced the idea that it is a shared responsibility for everyone. 

"Cybersecurity is not just a priority; it's a team effort," concludes Romain Bourgue, who is looking forward to next year for another impactful Cybermonth.