A 21-year old computing student from Cirencester has won the 2015 Cyber Security Challenge UK.
Adam Tonks beat thousands of entrants and 41 fellow finalists, selected during 12 months of online and face-to-face cyber battles to uncover the cream of UK amateur cyber defence talent.
The two-day Masterclass final was developed by a team with members from BT, GCHQ, NCA, Lockheed Martin, Airbus Group, C3IA, PGI and Palo Alto Networks.
“I’m absolutely shocked but honoured to be the winner of this year’s Cyber Security Challenge,” said Tonks.
“I’ve learned so much from the whole experience and, although it’s been a gruelling few days, I’ve had a lot of fun working through every element that has been thrown at us by the UK’s best cyber professionals. I’m really proud of this achievement.”
The champion has a choice of career-enhancing prizes worth over £100,000, including valuable industry training, university courses and access to strategic industry events.
Stephanie Daman, chief executive of Cyber Security Challenge UK, said the final gave candidates the most authentic experience to date of a real cyber attack.
“We put them in the situations they can expect to experience as full-time professionals. With the skills level on show we are confident that any one of our finalists would represent a highly valuable addition to our profession,” she said.
According to Daman, around half of last year's finalists are already in their first cyber security jobs, while most of the rest are well on their way, taking training courses, accreditations or internships to boost their CVs.
“There is no reason why all 42 of our finalists this year can't follow in their footsteps,” she said.
This year's Masterclass final kicked off on 11 March 2015 at BT Centre, with a news report that set the task for the finalists, followed by two full days of intense competition at HMS Belfast, moored on the Thames.
Their mission was to avert a plot by a cyber terrorist group to seize control of a naval gun system, which was aimed at London's City Hall.
Cert-UK, the UK’s national computer emergency response team, worked participants through the scenario to make it as life-like as possible.
Critical national infrastructure priority
Finalists battled against the clock to find out how the fictitious group – known as the Flag Day Associates – broke into a simulated network that supposedly controlled the ship's guns.
The finalists were tasked with wrestling back control of the gun systems, while searching for similar "holes" in the IT system of a simulated water treatment and manufacturing facility, to ensure the terrorist group could not infiltrate these as well.
The continued security of critical national infrastructure is an increasing priority as more systems are brought online.
Industrial Control Systems are increasingly linking physical services such as telecommunications, power and utilities to the cyber world, which also underpins many commercial logistics and supply chain networks.
To aid their investigation, finalists were given access to industry-standard tools such as the Kali Linux distribution, commonly used by cyber security practitioners across government and industry to help protect networks from cyber terrorists akin to the Flag Day Associates.
While technical ability is key, candidates were also scored on their ability to operate in appropriate legal and ethical frameworks – a crucial skill for would-be cyber specialists.
Increased risk of cyber attack
As the 2015 competition ended, registration opened for the 2015/16 programme of competitions, which will feature a range of brand new competitions.
These will be accompanied by a brand new play on demand platform that will enable anyone in the UK to visit the Challenge website, and in just a few clicks, assess their potential for a career in cyber security.
"GCHQ recognises the important role of Cyber Security Challenge UK in attracting new talent into a growing, and much needed, cyber security profession,” said Robert Hannigan, director of GCHQ.
Andy Archibald, deputy director of the National Crime Agency’s National Cyber Crime Unit, said: “Fighting cyber crime is a vital part of safeguarding the security of people and businesses in the UK, and there are increasing opportunities in law enforcement for people with the right technical skills to continue their own development while helping to pursue criminals and protect the public .
“Previous Cyber Security Challenge competitors are already working with the NCA across a number of projects, and those involved in this year’s Masterclass have the best possible platform not only to showcase their talents, but also to learn more about how they can contribute to the UK’s cyber security in the real world.”
Mike Langley, vice-president, Western Europe and South Africa at Palo Alto Networks, said any business or organisation operating today will experience some form of cyber threat.
“The Masterclass highlights the need to talk about cyber security in terms of both detection and prevention,” he said.
Cyber Security Challenge UK started in 2010 by creating a series of virtual and face-to-face competitions that would identify talented people for the cyber security industry.
Now entering its 6th year the challenge is backed by over 50 of the UK’s top public, private and academic organisations, and hosts a wide programme of activities to promote cyber security as a career and help talented people get their first cyber security jobs.