Forty-two amateur cyber defenders gathered on the HMS Belfast in London this week to take part in a cyber terrorist attack simulation run by the Cyber Security Challenge UK.
The competition, known as the Masterclass and developed by a group of cyber experts led by BT, is now in its fifth year and aims to plug the skills shortage currently affecting both governments and UK businesses.
The competition essentially invites participants to put their skills to the test and experience a dramatised version of events faced by regular cybercrime fighting professionals. It also allows sponsors of the competition such as BT, Lockheed Martin and Airbus, to hover on the sidelines and cherry pick the next cyber crime busting whizz kids.
In 2014, the competition took place in an underground bunker of the Churchill War Rooms, with prizes worth £100,000 going towards educational and career advancement opportunities.
This year, organisers aimed to stoke interest among both the public and would-be cyber defenders by upping the dramatic narrative of the competition. Aboard the HMS Belfast, cyber defenders competed to regain control of the naval guns system, taken over by fictitious cyber terrorist network, the Flag Day Associates. "I wanted to design a realistic challenge that used the kind of computer systems and networks that cyber defenders have to defend in real life," Robert Partridge, Head of BT Security Academy, told WIRED.co.uk. "But I also wanted to make it exciting and put some Hollywood into it as well," says Partridge, while noting that he wanted to "de-geekify" the image of cyber security. "There will be more jobs than candidates for [cyber defence jobs] in the next 20 years, and we need to lift the profile of cyber securities careers in the UK to address this skills gap," he continued.
Over the course of two days (12-13 March), the amateur cyber defenders are tasked with finding the vulnerabilities and flaws placed in the operating system set up by the competition developers. Primarily, the competitors must race against the clock to regain control of the ship's gun systems. Secondly, they must search for weaknesses within the IT system of fictitious physical infrastructures, such as water treatment plants and manufacturing facilities, in order to defend these against the rogue cyber terrorist group.
As countries the world over make a push to establish
smart cities, the physical infrastructures sustaining our societies are increasingly under threat from cyber attacks. As more systems are brought online, maintaining the security and stability of critical national infrastructure becomes paramount.
As part of the competition, Airbus's SCADA Challenge Brief encourages competitors to conduct a security validation test in real-time. This allows competitors to practice sussing out what the flaws and best cyber security solutions are, before they are deployed in the real world -- or in this case within the fictive one created by the challenge. "Airbus group understands that the industrial controls system that underpin our critical national infrastructures, such as water treatment facilities, electricity grids, and our logistics and supply chains, must also be considered for the cybersecurity solutions that we bring in place," Kevin Jones, Head of Cyber Operations Research Team of Airbus Group, told WIRED.co.uk "As these systems go online and become increasingly interconnected, we also need to take action to secure them," he adds. The cyber attack, which physically affected the furnaces of a German steel mine back in December 2014, demonstrates the extent to which internet crimes are infiltrating physical structures, he explains. "Cyber attackers are looking to perform malicious actions against such industrially controlled systems, and as security professionals, we have to make sure we're building up the defences," adds Jones.
In order to combat cybercrime, the agencies involved in this challenge asserted that a range of skills from the technical to the analytical, legal and investigative are required to bolster the UK's response to cyber threat in the future. "The challenges are getting more complex, and the people who are defending against cyber attackers have to learn and think like them," says Director of Cyber Security Challenge UK, Nigel Harrison. He cautioned, however, that alongside the threat from cyber terrorists, businesses should be aware of both the technical and human dimensions of the issue. "There are still people out there who are running infrastructures which have simple faults," says Harrison, who mentioned buffer overflows on websites, specifically. "It's not just the problem of technology," he adds, "it's defending against human error, or the insider attack as well.
So as a cyber professional, you need to defend against a whole range of threats and challenges".
This article was originally published by WIRED UK
