Last week, 42 cyber security amateurs prevented a cyber-savvy burglar from breaking into an Internet of Things (IoT)-connected home, in an ultra-realistic simulated competition run by security consultancy Roke and Cabinet Office-backed Cyber Security Challenge UK. The competition sought to find the UK’s best, hidden cyber talent and encourage them into jobs on the frontline of the UK’s cyber defence.
Defending Roke’s historic manor house, the contestants formed specialised cyber-units tasked to identify and secure the vulnerabilities in new, intelligent household gadgets such as smart locks, cameras, smart lighting, connected coffee machines, and numerous other devices that would be manipulated by the burglar to get into the site. In a race against the enemy, the teams plotted out the hacker’s route, and discovered how he had compromised the system, exploiting various weaknesses to gain access. The objective was to prevent the burglar from getting access to important documents stored in the mansion’s office.
The competition reflected real-life cyber-attack scenarios; the type many security experts fear are leaving UK homes vulnerable to hackers. An investigation by Which? in June showed how hackers can break into home networks and connected devices in just a few days. It also found eight out of 15 IoT devices were easily hackable, providing opportunities for hackers to exploit both organisations and households. Insecure IoT devices had a global impact in late 2016, when the Mirai botnet hijacked default credentials in internet-connected devices to create a Distributed Denial of Service (DDoS) attack on popular services such as Netflix and Twitter, preventing access for users.
The scenario tested the teams’ abilities to investigate irregularities in the mansion’s system, using highly sought after skills such as network analysis and digital forensics. The competition also encouraged the contestants to adopt the mind-set of a criminal, assessing their likely approach and anticipating their next moves – a key skill for thwarting criminal attacks in the real world.
The ten individuals that will represent the UK in the European Cyber Security Challenge were: David Buchanan, Sofia McCall, James Nock, Ben Jackson, Kieran Amrane-Rendall, Harvey Stocks, Edward Godfrey, Matt Watkins, Tom Ryczanowski, and Laurence Tennant.
The highest scoring candidates that will progress to Masterclass were: Tim Carrington, Sophia McCall, Laurence Tennant, David Buchanan, Harrison Speight, Kieran Amrane-Rendall, Alastair Greaves and James Benson.
The cyber security industry is in critical need of more professionals to secure businesses and governments across the world. With a recent report by industry association (ISC)2 predicting the shortfall of skilled cyber workers to reach 1.8 million globally by 2022, companies must act fast to secure the digital economy from emerging threats.
The competitors qualified from a series of online challenges and were assessed on the day by a team of industry experts who marked their proficiencies against today’s professional requirements. The top performers from the event will have secured a coveted place in the Masterclass grand finale in November. The assessors also selected a group of contestants to compete in the prestigious European Cyber Security Challenge competition against teams from a host of European countries.
Anyone interested in taking part in these competitions can sign up and play today at www.cybersecuritychallenge.org.uk.
Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: “Our competitions are designed to mirror the new and emerging cyber threats that society is now facing. The types of scenarios that we put our candidates through are based on real-world scenarios, but with an added twist to really see who has the skills and potential to join the profession. Demand for talent still outstrips supply when it comes to cyber security professionals and demand is only going to grow in the coming years. These competitions are a great way for candidates to experience what the industry is like and for employers to pick out potential recruits. We’d encourage anyone interested in cyber security to sign up and play today.”
Mark West, Information Security Lead, at Roke said: “The desire for convenience means our homes are filling with devices that talk to and share information with each other, with our phones, and with servers on the Internet. But the downside of the lights being on as you arrive home or a camera that allows you to see and talk to your pets when you’re not there, is the risk that a hacker could use these systems to gain access to your personal data. It’s vital that we have the ability to make sure that these devices are secure. This competition is designed to encourage the next generation that can help companies like ours do just that and protect the nation as a whole.”
