Protection Group International (PGI) and Cyber Security Challenge UK recently pitted 30 cyber security amateurs against each other in an simulated cyber-attack on an automotive company; all to find UK cyber talent.
In a role known as ‘red teaming’, candidates were tasked to infiltrate Internet-connected GPS tracking devices to find critical vulnerabilities that hackers could exploit, and protect the Internet of Things (IoT) based system from attack. The trackers were to be installed on a range of prestige vehicles offered by the fictional company, dubbed ‘Premiere Vehicles Limited’.
The competition was the first face-to-face semi-final round of the UK Cabinet Office-backed Cyber Security Challenge UK’s 2017 competitions, ending in November with a final in London (2015’s pictured). Its aim; to find and deliver more cyber security talent into the sector and work towards plugging the industry’s skills gap.
The competition was designed to reflect scenarios and vulnerabilities that professionals face for real, and mirrored 2016’s most notorious DDoS cyber-attack, in which thousands of IoT devices were hijacked and used as a botnet army to bring down the servers behind popular websites such as Reddit and Twitter. Candidates took advantage of some of the vulnerabilities that led to that attack (exploiting hard-coded credentials) in the IoT-based tracking devices.
Candidates were tested on their ability to ethically break into devices, and use these as entry points into the company’s network. As they progressed through the competition, their skills in network analysis, digital forensics and brute force attacks were assessed by industry experts; proficiencies that are in great demand by the cyber security industry today. The scenario tasked the contestants to think like attackers in order to successfully defend the organisation from future attacks.
Defending an organisation involves digital skills, but also requires innovative thinking, coordination and teamwork so candidates were also tasked with lock-picking challenges, combining clandestine techniques in the physical and digital worlds, to break into an organisation’s networks. Successful candidates were able to use the GPS devices as entry point to subvert the internal systems of ‘Premiere Vehicles’ and gate-crash a VIP launch event in which PVL unveiled its new fleet of cars. The winners were rewarded with a test drive in Audi’s new RS Q3, which was supplied for the event by Audi Tetbury.
What they say
Stephanie Daman, CEO at Cyber Security Challenge UK said: “The pace of technological change that our society is undergoing creates an even greater demand for a wide range of cyber security skills. PGI’s Face-to-Face competition reflects this change and illustrates the latest skills that professional organisations require such as knowledge of connected devices and ethical hacking abilities. These competitions can only take place with the support of our sponsor community, all of which are looking to hire the most outstanding talent. Five of today’s 30 candidates are under 18, showing that there is some great talent at the younger ages. These competitions are crucial for providing an outlet for their skills and demonstrating that cyber security is a great career for them.”
And Ian Lyte, Senior Security Consultant at Protection Group International said: “The competition reflects the breakneck pace of technological progression in our society and how it has created new and unpredictable vectors of attack, which cyber criminals are quickly taking advantage of. We specialise in protecting organisations from online attacks and as such, we need highly-skilled people who can face the latest threats. These competitions allow us to unearth, recruit and train the UK’s most talented individuals in a way that would not otherwise be possible.”
