A group of young cyber defenders has come together to stop a mock terrorist attack threatening to spread a lethal virus over the air in central London.
The exercise was part of the Cyber Security Challenge Masterclass, which saw 42 highly skilled non-professional cyber warriors gather in the assembly hall of Church House in Westminster to work together to extract online clues about the simulated atrocity and to halt its progress.
“We are trying to get into the attackers’ systems and reverse-engineer them to figure out how they work and what they have put in place and then stop it,” explained Andy Snowball, one of the participants in the competition. The Challenge provides aspiring cyber experts with an excellent and realistic opportunity to practise their skills and the UK industry with a chance to spot and recruit new talent.
“We were told a little bit of background information about what was going on and then we were basically given laptops and the network and we have to find out what services are running on those machines and on that network and get into the system ourselves. We don’t have very many privileges on the system, we have to kind of hack into it to gain control of the system,” Snowball added.
The participants have only a few hours to find a solution and prevent the deadly contaminant from spreading through Church House's air-conditioning system.
Throughout the game, their actions are carefully observed not only by the human assessors present at every table, but also by online monitors examining in detail the tools and actions which the participants are employing to solve the problem.
“We have a set of software agents that are sitting on the network and sort of observing what the competitors are doing,” explained John Blamire, CEO of Falanx, one of the masterclass's main sponsors, which is also responsible for the online monitoring.
“This, combined with the assessors themselves, who are trying to assess how they are operating both as a team and as individuals, will enable us to select the best cyber defender.”
The UK Cyber Security Challenge, now in its third year, aims to offer a path to people with interest in cyber-security to enter the industry and help to plug the existing skills gap.
“There is a skills shortage, there are a lot of vacancies, salaries are good in this sector and you can imagine that this sort of people who probably never believed that cyber security could be their career before, now they are thinking that there is something in there,” said Bob Nowill, chairman of the Cyber Security Challenge.
“It’s not only about hardcore technical skills. These people also need to understand behavioural sciences and psychology, which is for example something that women usually tend to be good at.”
The climax of a year of qualifying rounds, which filtered several thousand applicants, this year’s final has for the first time introduced the concept of counter-hackers.
“In addition to the guys having to do what they do, we also have someone trying to disrupt them,” explained Nowill. “So the penny drops on them sometimes that they themselves are being hacked and some of the progress they’ve made has been reversed. Each year we are trying to make it more challenging, more realistic, because the best for them to practise or exercise their skills is in an environment that is as close to reality as possible. You don’t want your cyber defenders to first experience something ghastly going on in a real-life scenario, you want them to practise before.”
The masterclass started on Thursday in Farnborough, with the participants being briefed by a government agency commander about a potential national security threat involving a biological attack in London. Using their forensic and crypto-analytical skills, they had to find clues about what exactly is being planned.
The cream of the crop, the organisers say, is more than ready to enter the industry.
“The skills they are employing and the tools that they are employing are the same they would use to solve common cyber-security challenges, such as someone trying to hack a government or the banking sector,” said Blamire.
The mock scenario might not be that far removed from reality. In the wake of last week’s tragic terrorist attacks in Paris, it has been revealed that Islamic State is trying to develop the capability to launch damaging cyber-attacks on its western enemies. The UK's Chancellor of the Exchequer George Osborne has announced that spending on cyber-security will be doubled by 2020 to £1.9bn a year.
Watch our video below: