RULEBOOK

Cyber Threat Protector

Introduction
In Cyber Threat Protector (CTP), the goal is to build
your network as quickly as possible so you can gain
more points than your opponent. While you are
doing this, you have to remember to defend your
network because your opponent is going to try and
disrupt your systems while building their network.
For every attack there is a defense. For every defense
there is an attack to get around it. The player with
the most complete set of security defenses will be
the one who is able to protect their critical systems
and emerge victorious.
TABLE OF CONTENTS

Preparation . . . . . . . . . . . . . . . . . . . . . 3

Game Objectives . . . . . . . . . . . . . . . . 3

Card Types . . . . . . . . . . . . . . . . . . . . . 4

Anatomy of a Card . . . . . . . . . . . . . . . 6

Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Players Turn . . . . . . . . . . . . . . . . . . . . 7

End of a Round . . . . . . . . . . . . . . . . . 14
 Preparation

A. You will need to have paper

and pencil, or some other way
to keep track of scores.
B. A single Cyber Threat Protector
deck is needed for two players.

Game Objectives

A. The first player to obtain 20

points at the end of a round
is the winner. If both players
reach 20 points at the end
of a round, play continues
until the tie is broken.
B. If players have no cards to
draw from the deck, then
they must shuffle the shared
discard pile and use it as the
new draw pile.
C. Points are calculated at the
end of each round. The total
score cannot go below zero
(0) points.

3
 CTD Card Types

Asset Cards
These are your primary cards to build your network. They represent the
physical assets you would encounter in a business, organization, or at home.
This is how you gain points.

Event Cards
These cards represent various forces that can happen to your network
and not the player playing the card. These Event cards are the only cards
removed immediately after being played, as signified by their color.

4
Defense Cards
These cards are used to protect your network just as you would at home
or in an organization. Defenses must be kept up to date. Failure to do
so could have significant consequences for your network. Defense cards
will prevent different types of attacks from harming your systems.

Attack Cards
CARD TYPES
These cards represent the various evil forces that exist on the Internet
today and not the player playing the card. Attack cards will reduce your
opponent’s points. Note: Defense cards may protect against these attack
cards; some Attack cards remove Defenses.

5
 Anatomy of a Card
Cyber Threat Protector cards vary in the information displayed. Some cards will
list the names of other cards that it can remove from play; others will block
cards from being played and some will have unique effects. Make sure to read
the Card Abilities! A description of information found on a typical playing card:

Card
Name ▶

▶ Point Value
Card
Abilities ▶
▶ Card
Information

Game Setup & Notes

Suggested Layout for Cards During Play

A. Shuffle the cards. Once the deck is shuffled, Attacks ▶

both players will decide who will be player
one. Then both players draw five (5) cards.
B: After a player has taken their turn, they
will discard remaining cards in their
hand and draw five (5) new cards before Defenses ▶
their opponent plays any cards.
C. Asset Cards do not need to be in play in
order to play Defense/Attack cards. Some Assets
▶

cards require other cards to be in play

before being played. Some cards can
only be used when specific cards are not in
play. Some cards will not be allowed to
have multiple in play.
6
 A Player’s Turn

Step 1
Player One will review the cards in their hand and choose four (4) cards they
want to play. This is the only time that up to four cards are played. Each round
after this, both players can only select up to three (3) cards to play.
▶

Player Two’s Hand

Draw Pile ▶

Player One’s Hand

▶

Step 2
Player One puts the IP Spoofing card into play. This counts towards the limit of
four cards that can be played by Player One during their first turn.
▶

Player One’s Hand

▶

7
 A Player’s Turn (continued)
Step 3
Player One puts an Anti-malware card into play. This is the second of four
cards that they can play.

Player One’s Hand

▶

Step 4
Player One puts a Desktop Computer card into play. This is the last card that
they can play. While player one had the option of playing up to four cards, the
remaining two (2) cards in player one’s hand require the opponent to have
PLAYER ONE

cards on their field that can be attacked, so they cannot be played.

▶

Player One’s Hand

▶

8
Step 5

PLAYER ONE
Player One then ends their turn. They will now discard their last two cards
into a new pile, face up, called the Discard pile. They proceed to draw five
new cards from the draw pile, and their turn ends.

▶
Player One’s Hand
▶

▶
Discard Draw
Pile Pile

Step 6
It is now Player Two’s turn.
▶ Player Two’s Hand
PLAYER TWO

Player One’s Hand: New Cards from Draw Pile

▶

Discard Draw
Pile Pile

9
 A Player’s Turn (continued)
Step 7
Player Two may play up to three (3 cards) in their hand. Player Two uses their
Anti-malware Not Updated card and targets Player One’s Anti-malware
defense card.

▶ Player Two’s Hand

▶
Player One’s
Cards ▶
Step 8
Per the effect of the Anti-malware Not Updated card, Player One’s Anti-malware
PLAYER TWO

is discarded. The Anti-malware Not Updated card remains on the field.

▶ Player Two’s Hand
▶

Discard
Pile

Player One’s
Cards ▶
10
Step 9

PLAYER TWO
Player Two puts an I Love You Virus card into play (which was not usable when
Player One had Anti-malware in play). This counts toward their three-card limit.

▶ Player Two’s Hand

▶

Player One’s
Cards ▶

Step 10
Player Two puts a Hardware Failure into play. This is the last card they can play
for this turn.

▶ Player Two’s Hand

▶

Player One’s
Cards ▶
11
 A Player’s Turn (continued)
Step 11
Player One will remove one asset from their field. In this case, the asset being
removed is the Desktop Computer, because of the Hardware Failure. Both
cards, Desktop Computer and Hardware Failure, will be sent to the discard pile
immediately. Gold Event cards are immediatly removed after they are played.

▶ Player Two’s Hand

▶
▶ ▶
Discard
Pile
Player One’s
Cards ▶
Step 12
PLAYER TWO

Player Two will now discard their remaining cards to the shared discard pile
face up and draw a new set of five cards.

▶ Player Two’s ▶
Cards
▶
▶

Player One’s
Cards ▶ Discard
Pile
Draw
Pile

12
Step 13

PLAYER TWO
The round has ended, and it is time to update the players’ scores. Asset cards
enable the player to gain points; however, Attack cards remove points played
by the opponent. Note: Score cannot go below zero points.
▶ Player Two’s Hand: New
Cards from Draw Pile

▶ Player
Cards
Two’s

Player One’s
▶

▶
▶
Cards Discard Draw
Pile Pile

▶ Player One’s Hand: New

Cards from Draw Pile

Step 14
The score at the end of the first round is: zero points for Player One; zero
points for Player Two. Remember, even in a situation where the final score
each round is a negative number, the score tallied will not go below zero.

▶ 0 Pts for Player Two

Note: There are no
Asset Cards in play
to gain points, and
only Attack Cards
that remove one (1)
point each.

0 Pts for Player One ▶

13
 End of a Round
A. A round consists of one turn for Desktop Computer, 1 Point from
each player. the ISP Connection and 1 Point
from the Laptop Computer.
B. Each player will add the points
gained from their asset cards in play D. Since the opponent played two
and subtract the points from their attacks, those points will count
opponent’s attack cards in play. The against the points gained.
scores for this round will be added to E. For this turn, the active player is
each player’s total score. The total awarded 1 Point. This score is then
score, however, will not be allowed to added to the player’s total score.
go below 0 points. F: Add or subtract points gained or
C. In the images below, the active player lost after each round, until a
would gain 1 Point from the player reaches 20 points or higher.

▶ Opponent’s Attacks

-1 -1 Active Player’s Assets

▶

1 1 1

14
 Game Notes

16
 About the CIAS [Gaming]
The Center for Infrastructure Assurance & Security (CIAS) at
The University of Texas at San Antonio (UTSA) is committed
to creating a culture of cybersecurity through educational
gaming programs. The CIAS conducts research into effective
ways to introduce students to cybersecurity principles.

The CIAS’ Cyber Threat Protector game is designed for

students in grades 3-5 to introduce cybersecurity terminology
and defense strategies. Other cyber-related games include
the popular Cyber Threat Defender®: The Collectible Card
Game, Project Cipher and Pyramid of Knowledge. For more
information, visit CIAS.UTSA.edu.

We’d Love Your Support!

By sponsoring Cyber Threat Protector, you are
helping elementary students nationwide
learn the basics of cybersecurity in a fun
and engaging game that will prepare them
for their future in cybersecurity!
For more information, please
visit CIASGaming.com.

Note to Security Professionals

In developing this game, we recognize that we have taken some liberties
with how things actually work. We have attempted to keep true to the spirit
of computer security, but for playability reasons have slightly modified how
things might actually work in reality. We believe, however, that the game
is close enough that individuals playing the game will be able to gain some
understanding of basic computer security concepts.