Cyber Security Challenge joins with GCHQ for security development programme

The Cyber Security Challenge is linking with GCHQ to develop counter-espionage and cyber security skills for the real world.

Cyber Security Challenge joins with GCHQ for security development programme
Cyber Security Challenge joins with GCHQ for security development programme

The Cyber Security Challenge, now in its fourth year, has teamed up with the UK's intelligence agency to give the public the chance to act like a security operative and attempt to prevent an attack on a fictitious aerospace firm from a group of fictitious group of cyber-criminals called the Flag Day Associates.

The new game ‘Assignment: Astute Explorer' will see players who register to take part given the chance to analyse code from the aerospace company, identify vulnerabilities and then suggest fixes.

Players are expected to identify the cracked code and its vulnerabilities. Once they have found the flaws, players must then explain how and why they might be exploited - and then offer security fixes. The competition is designed to promote the UK's cyber talent and encourage entrants into the IT security profession.

According to a spokesperson for the Challenge, the Astute Explorer game follows on from an assignment set by global security software vendor Sophos that, over the last weekend, tasked the public to analyse a hard-drive recovered from the Flag Day Associates.

The hundreds of candidates who tackled the Sophos competition revealed plans for a future attack on Ebell Technologies - described as an aerospace and electrical engineering company, who are world leaders in the production of military and civilian aircraft, green energy technologies such as wind turbines, and a variety of electronics products.

Announcing the game, Chris Ensor, the deputy director for the National Technical Authority for Information Assurance, said that GCHQ is pleased to have developed an original game for the Cyber Security Challenge.

"We have designed Astute Explorer to really test candidates' Cyber Security skills. At GCHQ, like many other high tech organisations, we recognise the need for a skilled workforce which is why we are delighted to once again support the Cyber Security Challenge to inspire the next generation of Cyber Security talent," he explained.

Stephanie Daman, CEO of the Cyber Security Challenge, meanwhile, said that Astute Explorer is an ingenious game from GCHQ which will not only provide an enjoyable challenge but will test skills that are in high demand by employers in this sector.

"I would encourage anyone with an interest in how IT systems and the information they hold can be protected to sign up and give it a go," she said.

Commenting on this latest phase of the Cyber Security Challenge, Professor John Walker, a visiting professor at the School of Computing and Informatics with Nottingham Trent University, said that the initiative is very worthwhile, since it tests a number of security skills that are already important for most organisations.

He cautioned, however, that there a skills gap between the expertise that Astute Explorer seeks to test, and the real management security skills needed in modern organisations. 

Professionals that pass the tests, he explained, will need to see beyond the current limits of ISO 27001 certifications - and their like = and evolve a set of skills that can be used to counter - and mitigate - the rising tide of adverse attention from hackers, hacktivists, criminal gangs, and state sponsored cyber-attacks.

"My one hope is that we will ensure we keep this valuable initiative up-to-date, and to ensure we get these new recruits to the world of white hat security think along the same lines as black hat activists, and so ensure we have skilled gamekeepers who cane think like poachers," he said.

Sarb Sembhi, a member of the ISACA International GRA Committee, agreed with Walker's analysis, noting that this latest competition will benefit from the links with GCHQ - and is going to be more exciting and challenging than previous competitions.

"The skills that these tests are seeking to bring to the fore are quite technical in nature, and this is to be welcomed. However, it is equally important that contestants will also need to develop their management skills alongside their technical security abilities," he said, adding that there is a distinct need for management and leadership skills in the security business.

You can, he explained, have the best team of security professionals within an organisation, but without the management skills to motivate and lead the staff in the right direction, this can be a stumbling block.

"The bottom line is that we need to bring out the best in people. I welcome this latest step in the Challenge - it's excellent - but I also think there needs to also be guidance on management skill development in the security space," he said.

"The good news is that we have been working on this within ISACA with the Nexus program, which seeks to shape the future of cyber security through cutting-edge thought leadership, as well as training and certification programs for professionals in the IT security space," he added.