Online Mobile Gaming (OMG) has developed a new game called MoodyCatz. But three weeks before its planned release a rival company launched a product called FuriousCatz, which is very similar. OMG’s directors suspect that FurioiusCatz was copied from detailed plans leaked with the aid of an insider; but it didn’t have the IT security controls in place to prevent the leak or detect the culprits – so it calls in a third-party with inherent forensic skills to investigate and recommend.
That’s you – and this is the latest challenge from Cyber Security Challenge UK. Your task is to identify the high risk users and the activities that led to the breach. “One of the easiest ways [to gain access] is by targeting employees on the inside and having them create security vulnerabilities or steal information directly,” explains Mohan Koo, the MD Dtex Systems. Without skilled security analysts who are able to effectively filter through large volumes of data, internal security breaches can often take days, months or even years to detect, rather than minutes or seconds. The ability to find the events which really matter in a timely fashion is a much needed and scarce skill.”
This, a virtual competition run by Dtex Systems, is the first part of a two part challenge. Winners will be invited to Orange’s new face-to face competition, developed with Prodrive, the British motorsport and automotive engineering group. It will be held at the Banbury racing track in November where 30 candidates will come up against a genuine motorsport set-up, complete with Aston Martin Racing car, pit crew, technical team and a complex ICT infrastructure which connects them all.
The scenario is reminiscent of the real life situation where McLaren obtained and made use of secret Ferrari technical documents – and was fined $100 million and stripped of points in 2007. Here, however, the Aston Martin Racing team is seeking a security solution in preparation for Le Mans. Candidates will work in teams to identify security requirements and demonstrate what will work and can be realistically afforded. It will finish with a presentation to the team’s board.
“This competition is all about risk analysis,” explains Cyber Security Challenge UK CEO Stephanie Daman. “How much vulnerability can you allow before you put the team at risk? How secure do you need to be before you run over budget or negatively affect the operation of the team? Whilst we are using Aston Martin Racing as a glamorous example, strip it away and it is basic business-to-business security.”
Cyber Security Challenge UK, now in its third year, runs a series of national competitions aimed at attracting talented people into the security profession. Registration for this challenge is now available and will remain open until noon on 28th September. The first part will run from 8 October to midnight on 19 October. Winners will then be invited to attend the second part of the competition on 24 November.