Energy firm hack tests amateur defenders in Cyber Security Challenge
An energy company under cyber-attack is threatened with a massive financial loss . To its rescue come 42 amateur cyber defenders keen to prove their crime fighting skills in the Cyber Security Challenge 2016 masterclass.
The competition, supported by the National Crime Agency (NCA), the Bank of England, accountancy firm PricewaterhouseCoopers and UK intelligence agency GCHQ, aims to help plug the UK’s cyber defence skills gap by identifying the best available talent in the population.
“Cyber-crime is a rising threat, it’s something that we need to work together to tackle,” said Claire Pluckrose from the National Cyber Crime Unit of the NCA.
“The scenario that they have set up today in the cyber security challenge is so true to life. When I walked in today, I thought I was walking into one of our offices because it really does reflect the type of threats that we need to be alive to and have the skills and capabilities to respond to.”
The 42 experts competing in the masterclass in London’s Shoreditch Studios represent the cream of the crop from applicants who passed through months of smaller challenges and exercises.
“We have a whole range of people, our youngest contestant is 16 and our oldest contestant is 56,” said Cyber Security Challenge director Nigel Harrison. “I could broadly categorise them into two groups – there are people who are getting their first step on the ladder and those who are career changers. About 50 per cent of our contestants are under 23, looking for the first step, and 50 per cent are older.”
The competition's track record of matching talent with employers is impressive. More than half of the participants in the past masterclasses found employment within the sector, frequently with the challenge’s sponsors.
“In March last year, we had 42 contestants 37 of whom are now working in the industry. We had 42 participants in November 2015 - 35 are now working in the industry,” said the competition’s chief assessor Oscar O’Connor. “We have 42 people here today, having replaced nine who between the competition that has qualified them for the masterclass and today have found jobs, most of the time with the sponsors who were running the face-to-face competition that they were playing in.”
The realistic set-up framing the masterclass contributes greatly to the candidates’ success. In this year’s session, the 42 finalists split into six teams to act as cyber-security experts of a fictitious consultancy group PCW, which has been called to investigate a hack at a large power company.
“The power company is being blackmailed. They are about to launch a new product, some kind of a smart meter and some bad guys have installed some malware in that device, which is about to be shipped,” explained O’Connor.
“The masterclass is trying to give the contestants a flavour of what’s really happening. Most of them arrive here, having played the so called capture the flag exercises. This is very much about thinking beyond the technology, trying to put yourself into the head of the insider, who is a part of this blackmail attempt, to understand their motivations.”
The competition tests communication skills, complex thinking and the ability to work as a part of a team.
“You find where your weaknesses are,” said Plymouth University computer and information security student Christopher Sabine. “It’s a good opportunity to try things you haven’t done before and test your skills. You find where you are not as strong and that allows you to develop those weaknesses and hopefully improve them.”
Business analyst Chris Bailey, at 56 the oldest participant, praised the competition for opening doors into an otherwise rather closed sector.
“The way this is organised gives people the opportunity to consider career areas that wouldn’t normally be open,” he said.
“Something like this gives people the opportunity to show what they can do and prove that they are good. That opens the door.”
The NCA’s Claire Pluckrose said initiatives such as the Cyber Security Challenge can steer young cyber talent away from employing their skills in the wrong way.
Only two days ago a 19-year-old boy from Kings Langley in Hertfordshire pleaded guilty to running a ‘cyber-attack for hire’ service that had been used by international perpetrators to carry out 1.7 million attacks over a two-year period. Such cases are not rare.
“We see a whole range of age groups that are capable of hacking,” said Pluckrose. “They use their skills to demonstrate to their peers how successful they are and that’s the kind of behaviour that we want to get into early on and educate them that there are some great opportunities to use their skills within law enforcement and industry.”
The Cyber Security Challenge works in close cooperation with the Cyber Security Strategy, which received a £1.9bn from the government earlier this week to help advance the UK’s cyber preparedness.
This year’s scenario explored areas that are of major concern to cyber professionals – the risk to infrastructure as well as the vulnerability of connected devices are among major topics discussed at conferences, which are increasingly being recognised by the businesses themselves.