Interviews

Cyber challenge

by Mark Rowe

This weekend the Cyber Security Challenge UK <https://cybersecuritychallenge.org.uk/> sees 40 people compete to decide the UK’s new Cyber Security Champion.

This is the culmination of 12 months of virtual and face-to-face competitions. It’s a motor-racing themed challenge. Professional cyber teams from HP and Cassidian CyberSecurity have designed a challenge based on a high-profile Formula 1 race to put competitors through their paces in Bristol on Saturday, March 9.

The Cyber Security Challenge UK began in 2010 as a series of national competitions aiming to find talented people for the increasing number of job opportunities in cyber-security. Now in its third year, the Challenge has broadened its scope to act as a source of advice, support and guidance for anyone interested in the profession. It is backed by 50 organisations from across cyber-security that contribute about £100,000 of career enabling prizes each year to candidates.

Candidates arriving in Bristol this weekend have battled through simulated malware and malicious code from hostile states and ‘Stuxnet-like’ attacks on high security facilities to secure their place in the Masterclass grand finale. Orange and Prodrive, SANS Institute, QinetiQ and Sophos were all behind unique face-to-face competitions that took place in late 2012 and early 2013.

For the final, cyber security professionals at HP and Cassidian CyberSecurity have worked together to create an ultra-realistic cyber defence competition set during the weekend of a high-profile Formula 1 race.

The competition will comprise both technical and policy issues in order to expose candidates to the types of challenges they would face as cyber security professionals.

The technical component of the 2013 Masterclass will take place on a cyber range platform, custom-built by Cassidian CyberSecurity. Competitors will assume the roles of analysts and investigators within an Incident Response Team working on behalf of F1 Widgets, a fictitious small to medium-sized enterprise (SME) that supplies on-board diagnostic equipment for Formula 1 cars. The equipment enables diagnostic and operational communication between the pit crew and engine management system in the car. This means that any vulnerabilities or compromise associated with the device could adversely impact the safety and security of the race.

Before the race, a customer of F1 Widgets suspects that their equipment has been tampered with. Accordingly, competitors will be responsible for conducting an investigation into F1 Widget’s IT infrastructure to determine whether or not a security breach has occurred.

The second half of the Masterclass has been developed by HP and will focus on the security policy in place at a Formula 1 racing firm. Candidates will be tasked with reviewing policies across the entire lifecycle of departments in the lead up to a race and identify any potential vulnerabilities.

After the technical and policy challenges, candidates must present recommendations as to whether or not the race should proceed and improvements. Candidates will take part in a day of competition on Saturday, March 9, and an awards ceremony will take place on Sunday, March 10, where the Cyber Security Challenge UK Champion 2013 will be announced.

What they say

“In 2011 Cassidian delivered the Event Management Room for the 2011 Formula 1 Abu Dhabi Grand Prix race ensuring the security of all events around the race. We understand that cyber security is a growing issue in all fields where success depends both on protecting the intellectual property (IP) of the product, in this case the car, and also the privacy of communications, such as information relayed between the F1 team during races, vital to performance on the track. We chose to test Masterclass finalists using this theme to provide an accurate representation of what cyber security professionals are up against on a daily basis,” says Roy Matthews, Cassidian’s Cyber Defence Lead. “Success in the Masterclass will be dependent on an individual’s ability to work effectively within a team to identify solutions to the technical and policy challenges.”

“Cyber defence skills are not solely based on technical aptitude. In the real-world, cyber security professionals need to have an awareness of wider business-to-business security and risk analysis, with the ability to understand how risks can impact the entire supply chain. The aim of our policy challenge is to get candidates to consider how much risk you accept before you expose the organisation to real danger or how secure you need to be before you run over budget or impede the operations of the team,” says Jonathan Bathurst, Cyber Lead, UK Public Sector, HP Enterprise Services. “This is the third Masterclass HP has been proud to host, and is a demonstration of our commitment to improving the UK’s IT cyber security skills and boosting employment in our dynamic IT sector generally.”

“The Challenge is committed to supporting people to develop the skills needed for successful careers in cyber security – Masterclass is the ultimate platform for this to happen. By working with leading industry members like HP and Cassidian CyberSecurity we can enable all finalists to understand the realities of working in this exciting and hugely rewarding industry,” says Stephanie Daman, CEO, Cyber Security Challenge UK.

The following are helping in various ways to deliver the Cyber Security Challenge UK:

o Cabinet Office, Office for Information Assurance and Cyber Security
o HP
o PwC
o BT
o Cassidian CyberSecurity
o EE (Everything Everywhere)
o GCHQ
o QinetiQ
o SANS Institute
o SOPHOS
o 2E2
o 7Safe part of PA Consulting Group
o CompTIA
o Dtex Systems
o Encription IT Security and Forensic Services
o GOSCOMBE Technologies
o HMGCC
o Infosec Skills
o (ISC)2
o KPMG
o Lancaster University
o MOD
o Metropolitan Police Central e-crime Unit (PCeU)
o Raytheon UK
o Royal Holloway, University of London
o Royal Mail Group
o Ultimate Communications
o DISA
o Field FisherWaterhouse LLP
o Information Assurance Advisory Council (IAAC)
o Invigia
o justASC
o Level 3 Communications
o Lockheed Martin
o MEMSET Dedicated Hosting
o Micro Systemation
o NEXOR
o Northrop Grumman
o The Open University
o Prodrive
o RSA The Security Division of EMC
o Selex ES
o Symantec
o Trusted Management Ltd
o Ultra Electronics
o Unisys
o Vodafone
o AFCEA UK London
o BCS
o BIS (Department for Business Innovation Skills)
o Council of Registered Ethical Security Testers (CREST)
o Centre for Secure Information Technologies (CSIT)
o DC3 (Department of Defense, Cyber Crime Centre)
o Ipr Connections
o DSTL
o e-Skills UK
o Get Safe Online
o The Institute of Engineering and Technology (IET)
o Institute of Information Security Professionals (ISSP)
o The Information Security Awareness Forum (ISAF)
o Information System Security Association (ISSA)
o Knowledge Transfer Networks (KTN ICT)
o LIAG
o London First
o SMI
o Wiley
o US Cyber Challenge.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing