Church House, behind Westminster Abbey in London, was ground-zero for a simulated cyber-attack on Friday to test the finalists in this year's Cyber Security Challenge.
A total of 42 contestants took part in the realistic cyber-security attack simulation, designed to unearth hidden talent and find tomorrow's cyber-security experts.
Staged over three days, the competition was organised by Cyber Security Challenge UK and international defence giant, QinetiQ. Testing the contestants with real world simulation technology used by the US Army, they had to defend Church House from a fictional biological/cyber terror attack.
The ‘fake' scenario was a very pertinent one – an individual working for a pharmaceutical company called ZSB Formulas had leaked some form of ‘biological weapon' to a terrorist group called Black Oleander that had rigged up this weapon to be unleashed inside of Church Houses' environmental control systems while the royal family was present.
The simulation tested candidates' skills in digital forensics, pen-testing and defensive skills used by real world operatives, including the use of the very latest cyber-security tools.
Candidates had to design a security strategy to ensure they can regain control of Church Houses' environmental control system, whilst ensuring that they adhere to GCHQ's real-life legal permission checks around forensic and pen-testing practices.
Falanx Assuria were also present, and were monitoring the networks and ensuring there was no cross hacking going on between the contestants.
According to organisers, this year's competition explores the nature of insider threats and the leaking of highly sensitive data from within an organisation. PwC's 2015 Information Security Breaches Survey found that well over 50 percent of the worst breaches this year have been caused by those inside an organisation.
Bryan Lillie, CTO of Cyber Security at QinetiQ, highlighted the fact that the contestants have had to demonstrate both real life and technical skills for the challenge, explaining that this is not just a challenge for “techies”.
Speaking to SCMagazineUK.com, contestant Tim (surname withheld), a student of cyber-security at Royal Holloway, University of London explained that as part of the realistic scenario, each team has to present its findings to the board of directors of the fictitious ZSB Formulas company. Teams are assessed in part on their ability to explain what had happened during the cyber-attack and how they planned to fix it.
Lillie said: "The cyber-security threat to our country, both to businesses and the general public, is constantly changing and developing so we must ensure we have the highest level of talent protecting us from it. The Challenge is perfect for ensuring this – QinetiQ itself has hired past competitors to help it provide protection for critical national infrastructure and the government."
When asked why the security industry is turning to such unconventional methods of recruitment, Bob Nowill, Chairman of Cyber Security Challenge UK told SC, “Traditional recruitment methods just aren't working, it is incredibly difficult to judge someone's level of skill from a CV and this is why Cyber-Security Challenge UK was founded, to help find talent in an exciting and engaging way.”
Unfortunately, the gender gap was the ever present elephant in the room. Jane Lang, project manager at Qinetiq and one of the people who designed the Cyber Security Challenge, said that to get young women interested in tech, cyber-security and STEM subjects in general, more needs to be done to introduce today's young women into the subjects at a young age so they could see these are not just “subjects for boys”.
The best team on the day and winners of the competition were Team Krypton. Managing to disarm the weapon on time and stop it being released through air vents, the team will undoubtedly win a lot of industry attention and thousands of pounds worth of career-enabling prizes. The ultimate winner, Peter Clarke was crowned the UK's best cyber-security talent, as he displayed the mix of skills the competition required.
Having received his award, Clarke said: “I feel like it's been a rollercoaster ride. I only entered the Cyber Challenge eight or nine weeks ago without anything higher than a GCSE and a few Microsoft qualifications in my back pocket so to be here now is unbelievable. I've had an interest in cyber for several years now and keep abreast of the current trends and tools in the industry, but this is the first step towards a future career in the area. I really want this to become my profession and the Cyber Security Challenge has given me a catapult into the industry that you can't find anywhere else.”
Peter now receives his choice of rewards from a collection of career-enhancing prizes worth over £100,000 including valuable industry training, university courses and access to strategic industry events – all provided by Challenge sponsors.
Ciaran Martin, director general Cyber, GCHQ said: "GCHQ continues to support the vital search for fresh cyber-security skills via our sponsorship of the Cyber Security Challenge UK. Developing a resilient and talented cyber-security skills pipeline is absolutely essential to enable the UK to flourish in today's digital world."
David Cole, managing director at Roke Manor Research, said, “Cyber-security skills and talent are vital to protecting the UK, and Roke are proud to sponsor the Cyber Security Challenge UK to identify those people who can make a significant contribution to the UK's security, prosperity and productivity.
"As founding members of the University of Southampton's Cyber Security Academy, GCHQ's Cyber First Initiative and with a history of contributing to the development of the cyber-security research and knowhow through a comprehensive network of university links, sponsorship of PhD students/ courses and an active college and school liaison programme, we are committed to bringing talented people into the UK's cyber-security profession.”
Mark Hughes, CEO at BT Security, said, “Protecting businesses, government and the general public attacks is vitally important for the UK. Getting security right is essential and promoting the industry as the UK faces a worrying shortage of cyber-security talent.
"This is a critical matter of national security and economic prosperity and we need to find the right people to trained and take on key roles in the cyber-security profession going forward. The Masterclass is an alternative and innovative way to attract new and urgently needed talent into cyber-security. This is something BT is delighted in helping develop and running the forthcoming large and exciting Cyber Security Challenge UK Masterclass.”