Aspirant UK cyber security champions prepare for battle in Bristol

The final of the current UK national Cyber Security Challenge takes place in Bristol this weekend

The final of the current UK national Cyber Security Challenge takes place in Bristol on 9-10 March.

The 40 finalists will battle it out in the HP and Cassidian CyberSecurity motor-racing themed challenge to become the next UK Cyber Security Champion.

“The Challenge is committed to supporting people to develop the skills needed for successful careers in cyber security, and the final is the ultimate platform for this to happen,” said Stephanie Daman, CEO of Cyber Security Challenge UK.

“By working with leading industry members, we can enable all finalists to understand the realities of working in this exciting and hugely rewarding industry,” she said.

The Cyber Security Challenge UK began in 2010, as a series of national competitions, with the aim of finding talented people for the increasing number of job opportunities in cyber security.

In February 2013, the latest (ISC)2 Global information Security Workforce Study revealed that the shortage of skilled cyber security professionals is leading to more frequent and costly data breaches.

Now in its third year, the Challenge has broadened its scope to act as a source of advice, support and guidance for anyone interested in the profession.

It is currently backed by more than 50 organisations from across the cyber security sector, which contribute about £100,000 worth of career-enabling prizes.

Candidates face the final security challenge

To reach this year’s final, candidates battled through simulated malware and malicious code from hostile states and Stuxnet-like attacks on high-security facilities in the first two rounds of the competition.

Orange and Prodrive, SANS Institute, QinetiQ and Sophos were behind the second round face-to-face competitions that took place in late 2012 and early 2013.

For the final, cyber security professionals at HP and Cassidian CyberSecurity have created a realistic cyber defence competition, set during the weekend of a high-profile Formula 1 race.

The competition will comprise both technical and policy issues to expose candidates to the types of challenges they would face as cyber security professionals.

In the technical component, competitors will assume the roles of analysts and investigators within an incident response team working on behalf of F1 Widgets, a fictitious firm that supplies on-board diagnostic equipment for Formula 1 cars.

The equipment enables diagnostic and operational communication between the pit crew and engine management system in the car. Any vulnerabilities or compromise associated with the device could adversely affect the safety and security of the race.

In the lead-up to the race, a customer of F1 Widgets will suspect that its equipment has been tampered with. Accordingly, competitors will be responsible for conducting an investigation into F1 Widgets’ IT infrastructure to determine whether or not a security breach has occurred.

In 2011, Cassidian delivered the Event Management Room for the 2011 Formula 1 Abu Dhabi Grand Prix race, ensuring the security of all events around the race.

“Cyber security is a growing issue in all fields where success depends both on protecting the intellectual property (IP) of the product, in this case the car, and also the privacy of communications, such as information relayed between the F1 team during races, vital to performance on the track,” said Roy Matthews, Cassidian’s cyber defence lead.

“Success in the final will be dependent on an individual’s ability to work effectively within a team to identify solutions to the technical and policy challenges,” he said.

Competitors will be responsible for conducting an investigation into F1 Widgets’ IT infrastructure to determine whether or not a security breach has occurred

Reviewing security policies and identifying vulnerabilities

The second half of the final will focus on the security policy in place at a Formula 1 organisation. Candidates will be tasked with reviewing current policies across the entire lifecycle of departments in the lead-up to a race and identifying any potential vulnerabilities. 

“Cyber defence skills are not solely based on technical aptitude. In the real world, cyber security professionals need to have an awareness of wider business-to-business security and risk analysis, with the ability to understand how risks can affect the entire supply chain,” said Jonathan Bathurst, cyber lead, UK public sector, at HP.

“The aim of our policy challenge is to get candidates to consider how much risk you accept before you expose the organisation to real danger, or how secure you need to be before you run over budget or impede the operations of the team,” he said.

Following the technical and policy challenges, candidates must present recommendations as to whether or not the race should proceed and suggest improvements that could be made in future.

Candidates will take part in an intense day of competition on Saturday 9 March, followed by an awards ceremony on Sunday 10 March, at which the Cyber Security Challenge UK Champion 2013 will be announced.

Last year’s Challenge was won by North Yorkshire first-year student at Cambridge Jonathan Millican, after his technical, communication and leadership skills were judged the best of more than 30 other finalists.


Read more on Hackers and cybercrime prevention