The defence contractor Raytheon UK designed and hosted a simulated cyber-terrorist strike on Saturday at London’s BT Tower. It was part of work to unearth new talent to defend the UK against cyber threats. The online battle, part of the Government-backed Cyber Security Challenge UK, tested UK amateurs’ ability to defend a physical infrastructure from cyber-crime groups.
Raytheon UK’s Head of Cyber Research, Paul Crichard, said: “With crime and terror escalating online, we need a new generation of digital defence warriors ready to face these threats. We designed this contest to mimic the high-pressure emergency situations that real-world professionals have to deal with, and show gifted people who may just enjoy code-breaking or reverse engineering as a hobby, that their talents are actually vital to the UK economy. The skills and enthusiasm on display in these competitions show the wealth of innovation the UK could be tapping into. We are now working on new ways to grow this talent pipeline across the UK; Raytheon recently launched a new cyber innovation competition aimed at UK SMEs with prizes totalling £100,000.”
The cyber-attack simulation challenged attenders on their ability to defend against a real-time cyber-threat, designed to mimic the Heartbleed and Shellshock cyber attacks. Their performance was assessed by staff from Raytheon UK, GCHQ, the National Crime Agency, BT, C3IA and Airbus Group.
The demo emulated a realistic cyber-attack and saw challengers infiltrate a model server system to win back control of a large building’s power supply. On outsmarting the fictitious hacking group, the Flagday Associates, the BT Tower’s observation deck revolved to mark the winning team’s success.
The challenge aims to raise awareness of career opportunities in cyber security, while addressing a national cyber security talent shortage. Stephanie Daman, CEO at the Cyber Security Challenge UK, said: “The recent Carbanak attack that plundered global banks show that the economic cost of cyber-crime is continually rising. The resources that UK industry leaders are now investing to attract new talent through events like these indicate that they are taking the threat to our economy very seriously. The industry is dedicated to finding new ways to address the critical talent shortage across Britain, as we see rising cyber-crime posing a threat to UK assets and even critical infrastructure.”
The amateur code-breakers – selected from over nine months of national assessments – were analysed on their ability to use cyber security tools, from cryptography to Kali-Linux, one of the most advanced penetration testing packages created.
The winning team on the day was Adam Tonks, a student from Cirencester currently studying at Bournemouth University; Darren Brooke, an IT consultant, from Pontypridd, South Wales; Robert Laverick, who runs a software development consultancy in Redcar; and Steve Haughton, a network manger from Cardiff. They each receive a range of prizes including Raspberry Pi 2 devices and Xbox Ones. The Challenge’s grand final – The Masterclass next month – sees finalists from all four of the Challenge’s face to face competitions come together in London; hosted by a consortium comprising of BT, GCHQ, the National Crime Agency, Airbus Group and Lockheed Martin. Visit http://cybersecuritychallenge.org.uk.
Comment
Ross Brewer, vice president and managing director for international markets at LogRhythm
“However, we do need to be careful not to place too much credence on people alone. While a workman can never blame his tools, it is also imperative to have the right systems in place to help identify and remediate potential threats. There is now so much data passing through the networks of both private organisations and national infrastructure, that people alone cannot be the relied upon to identify when something is wrong.
“Instead, security intelligence is paramount. These systems are designed to monitor networks constantly in order to spot anomalies – and can process far more information in real-time than any human being. There’s no doubt that we need the best people on the case, and events like this are an excellent way of finding them – let’s just also make sure they’re given the best possible tools to work with.”
