Updates

• 12 Jun 2026: 38 red teams have signed up
• 29 May 2026: 21 red teams have signed up
• 29 May 2026: CISS 2026 page created

The Critical Infrastructure Security Showdown 2026 (CISS 2026) is an international, one-of-a-kind cyber exercise in operational technology. It is held remotely, and open to invited international participants. CISS 2026 is sponsored by the Cyber Security Agency of Singapore and co-organised with the Digital and Intelligence Service, Singapore.

The 10th iteration of CISS 2026 returns with a familiar modality and added features:

1. Two-stage competition: Qualifying round (48-hour CTF) + Finals: “Live” testbed access (4 hours)
2. CTF challenge contributions by more local and international collaborators
3. Hybrid platforms: OT physical testbeds and cyber twins
4. Mystery platform
5. Live scoreboard
6. No cap on number of teams per organisation, though each team will still be limited to 8 persons
7. Treasures for the top 3 finalists: S$5,000 / S$3,000 / S$2,000

Exercise Scenario
This year’s theme is “X Marks the Exploit”, inspired by Pirates of the Caribbean: The Curse of the Black Pearl. The story begins in the Caribbean, where the feared pirate ship, the Black Pearl, attacks the town of Port Royal. Acting as pirates, the red team are required to retrieve a gold medallion from Port Royal. By infiltrating the port’s 5G network, they will discover the gold medallion secured within a vault powered by a nearby grid, EPIC.

After successfully disabling the EPIC plant and retrieving the gold medallion, the red team must pivot back from EPIC to MariOT, regain control of the Black Pearl, and manipulate the vessel’s systems to conceal its location and avoid detection.

Important dates (subject to changes)

21-23 Jul 2026: Stage 1 (48-hour CTF, GMT+8)

14-18 Sep 2026: CISS 2026 Finals