Come Compete in the White Hat Cyber Forecasting Challenge

By Mary Brooks, Paul Rosenzweig
Wednesday, March 9, 2022, 8:31 AM

Rare are the moments when policy wonks get to put their theory into practice. But today we are happy to announce the White Hat Cyber Forecasting Challenge! We invite every Lawfare reader to take up the challenge of issuing predictions on future developments in the world of cybersecurity. 

What do you get for playing? Not just the pleasure of real-world experimentation. And not just bragging rights if you’re accurate (though we hope you are!). We are actually offering prizes* for accurate predictions. Sound interesting? Read on.

Lawfare readers may be familiar with some of the earlier work we’ve published. We began by exploring the idea of crowd forecasting and prediction markets generally in “Let’s Bet on the Next Big Policy Crisis—No, Really.” Then, we particularized our theories and wrote about “How Crowd-Forecasting Might Decrease the Cybersecurity Knowledge Deficit.” Finally, we detailed some of the practical considerations that would go into a working crowd-forecasting market: “Betting on Cyber: Offering an Analytical Framework for a Cybersecurity Crowd-Forecasting Platform.”

Today, we put that theory to the test. We have partnered with an online forecasting platform, Metaculus, to create a beta test for our ideas: the White Hat Challenge! This challenge will be a tournament (running from early March to the end of the year), and it will ask participants to issue predictions on a range of cybersecurity topics, with a particular focus on trends in geopolitics, government and government policy, events and incidents, industry statistics, and ransomware.

The ultimate goal of our test is to identify how and under what circumstances open-source, unclassified crowd-forecasting communities can generate accurate forecasts that could make it easier for practitioners and policymakers to make informed decisions that improve cybersecurity decision-making. Here is a sampling of the types of questions we are considering:

  • Will the Senate Committee on Commerce, Science, and Transportation reach an agreement on preemption for a federal data security and data privacy law in 2022?
  • Will a major enterprise breach be publicly attributed to the exploitation of the Log4j vulnerability prior to Sept. 1, 2022?
  • Will the U.S. executive branch attempt to ban or otherwise further limit ransomware payments in 2022?
  • Will Taiwan be the victim of a major successful Chinese-attributed cyberattack against its critical infrastructure before Dec. 31, 2022?
  • Will a DDoS (distributed denial-of-service) attack of greater than 2.4 terabits per second occur in 2022?

That’s just a sample of the more than 30 predictive questions we will be asking, any or all of which participants can choose to answer. Signing up is quick and free. And, as we said, there will be cash prizes for those who are the most accurate. So come join us! You can register here:

Our hope is to have some preliminary aggregate results in June, and we plan to publish a summary paper at the end of the test.

*The Fine Print: Of course, there are rules. If you want to join, you can see them at the Metaculus site. The most important rule to note up front is that you must participate in the first few weeks in order to be eligible for prize money. So, check it out sooner rather than later! Note that forecasting will end on Dec. 31, 2022. But winners will be determined in June 2023 (in order for resolution data to come in).