Come Compete in the White Hat Cyber Forecasting Challenge

Mary Brooks, Paul Rosenzweig
Wednesday, March 9, 2022, 8:31 AM

This challenge will be a tournament and it will ask participants to issue predictions on a range of cybersecurity topics.

"All Eye Overlord" (Aswin Behera,; CC BY 4.0,

Published by The Lawfare Institute
in Cooperation With

Rare are the moments when policy wonks get to put their theory into practice. But today we are happy to announce the White Hat Cyber Forecasting Challenge! We invite every Lawfare reader to take up the challenge of issuing predictions on future developments in the world of cybersecurity. 

What do you get for playing? Not just the pleasure of real-world experimentation. And not just bragging rights if you’re accurate (though we hope you are!). We are actually offering prizes* for accurate predictions. Sound interesting? Read on.

Lawfare readers may be familiar with some of the earlier work we’ve published. We began by exploring the idea of crowd forecasting and prediction markets generally in “Let’s Bet on the Next Big Policy Crisis—No, Really.” Then, we particularized our theories and wrote about “How Crowd-Forecasting Might Decrease the Cybersecurity Knowledge Deficit.” Finally, we detailed some of the practical considerations that would go into a working crowd-forecasting market: “Betting on Cyber: Offering an Analytical Framework for a Cybersecurity Crowd-Forecasting Platform.”

Today, we put that theory to the test. We have partnered with an online forecasting platform, Metaculus, to create a beta test for our ideas: the White Hat Challenge! This challenge will be a tournament (running from early March to the end of the year), and it will ask participants to issue predictions on a range of cybersecurity topics, with a particular focus on trends in geopolitics, government and government policy, events and incidents, industry statistics, and ransomware.

The ultimate goal of our test is to identify how and under what circumstances open-source, unclassified crowd-forecasting communities can generate accurate forecasts that could make it easier for practitioners and policymakers to make informed decisions that improve cybersecurity decision-making. Here is a sampling of the types of questions we are considering:

  • Will the Senate Committee on Commerce, Science, and Transportation reach an agreement on preemption for a federal data security and data privacy law in 2022?
  • Will a major enterprise breach be publicly attributed to the exploitation of the Log4j vulnerability prior to Sept. 1, 2022?
  • Will the U.S. executive branch attempt to ban or otherwise further limit ransomware payments in 2022?
  • Will Taiwan be the victim of a major successful Chinese-attributed cyberattack against its critical infrastructure before Dec. 31, 2022?
  • Will a DDoS (distributed denial-of-service) attack of greater than 2.4 terabits per second occur in 2022?

That’s just a sample of the more than 30 predictive questions we will be asking, any or all of which participants can choose to answer. Signing up is quick and free. And, as we said, there will be cash prizes for those who are the most accurate. So come join us! You can register here:

Our hope is to have some preliminary aggregate results in June, and we plan to publish a summary paper at the end of the test.

*The Fine Print: Of course, there are rules. If you want to join, you can see them at the Metaculus site. The most important rule to note up front is that you must participate in the first few weeks in order to be eligible for prize money. So, check it out sooner rather than later! Note that forecasting will end on Dec. 31, 2022. But winners will be determined in June 2023 (in order for resolution data to come in).

Mary Brooks is a public policy fellow at the Wilson Center. Most recently, she was a fellow for the Cybersecurity and Emerging Threats team at the R Street Institute. She was also the lead researcher and associate producer for The Perfect Weapon (2020), an HBO documentary that explores the rise of cyber conflict as a key feature of modern inter-state competition. Prior to that, she served as the special assistant for a DC-based international human rights law firm dedicated to freeing political prisoners. She graduated cum laude from Harvard University with a bachelor’s degree in government and a language certificate in Arabic.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare