The final of the Cyber Security Challenge UK 2015 is well underway, with 42 contestants taking part in a simulated real-life cyber-terrorism incident, pitting their wits together in an attempt to identify and overcome the threat.
The two-day ‘Masterclass’ event is being hosted in the dramatic surroundings of HMS Belfast, moored on the banks of London’s Thames river. The winners will be announced on Friday evening.
In the fictional scenario, participants must prevent the misuse of a naval gun system which has been hacked by cyber-terrorists, and is pointed directly at London’s City Hall. They must find out how the group infiltrated the network, regain control, and also search for vulnerabilities within critical national infrastructure systems to ensure these are not also open to infiltration.
The high-level task was designed by experts from BT, GCHQ, NCA, Lockheed Martin, Airbus, C3IA and Palo Alto Networks.
Partners and sponsors of the flagship event were on hand to explain the motivations behind the Masterclass session, and what the contestants were expected to gain from the day.
BT’s Rob Partridge said that the event “gives candidates the chance to interface with industry. There is a big skills gap, and we have the need to find more people.”
Mark Hughes, President of BT Security, told Infosecurity that participants must demonstrate “individual excellence.” He added that, in addition to hard tech skills such as vulnerability analysis and pen-testing, the finalists must also exhibit logical and problem-solving skills, as well as teamwork and leadership.
These latter, ‘soft’ skills, are often described as being in short supply in the industry. Hughes, however, disagrees, saying that, “We need to be careful about lulling ourselves into believing we’re not very good at that.”
One of the competition’s assessors, Joe Stirland of Airbus (which designed the CNI part of the challenge), told Infosecurity that he is “looking for the stars of the future who can protect these systems.”
He added: “We’re trying to provide the candidates with a challenge to give us a pen-test vulnerability assessment on these systems and provide us with a brief as to how we would secure them. The skills shortage or research shortage needs to be filled quickly. If [CNI systems] get hacked or break there are devastating consequences.”
Lockheed Martin’s Nigel Lee, meanwhile, said that his company’s primary aim in its collaboration with Cyber Security Challenge was “to support the UK government’s initiative to do with the Cyber Security Strategy,” and also to engage with young talent.
“You can see a lot of teamwork,” Lee added. “In the competitive environment it’s coming out. There are a lot of individuals who perhaps routinely are quiet who suddenly become their own individuals and lead teams. We’ve got 42 good ambassadors here to go back across the UK and spread the message.”
One of these 42, contestant Alexander Donisthorpe, took time out to chat to Infosecurity while the Challenge was in full swing. He explained that the competition has given him a great opportunity to learn new skills and also meet likeminded people from diverse backgrounds: “I’ve been doing this stuff for a while; I’m on my degree doing computer security so I look up this stuff. But one of my friends here hadn’t touched computers till he went to university, now he’s way up there.”
Cyber Security Challenge was first founded in 2010 with the ambition of addressing the UK skills shortage within cybersecurity. The event is backed by over 50 public, private and academic organizations.
Cyber Security Challenge board member Nigel Harrison explained to Infosecurity that: “We have, almost, a failed generation of people who regarded ICT as nothing but Excel or Powerpoint. They just got switched off by that. People who were bright and understood coding couldn’t get an academic way in schools to do that. So they opted out of the general education system; the talented people weren’t picked up.”
Events like this, he said, were part of the organization’s program to address that skills shortage.