In a face-to-face final cyberbattle, one unlikely Brit proved the ultimate weapon against an attack on a Formula One Team.
The Cyber Security Challenge UK -- essentially the Olympics of cybergames -- aims to locate the next generation of tech whiz kids. The year-long tournament identifies hidden cyber talent from all walks of life to defend the country from hackers, cyberattacks and computer viruses.
In its third year, the games kicked off with more than 10,000 registered contestants who were eventually weeded down to just 40 of the very best.
The final forty had to navigate several online and face-to-face competitions over the past year to claim the prize. Qualifying rounds included the Sophos “Malware Hunt,” QinetiQ’s “Command and Control" and GCHQ’s “Balancing the defense.”
The Formula One battle held this past weekend was something else.
In the “Masterclass” developed by HP and Cassidian Cyber Security, competitors were required to grapple with highly realistic threats that a wide spectrum of government and industry regularly face.
Set in the glamorous world of motor sports, the challenge scenario depicts F1 Widgets, a fictitious supplier to a Formula 1 racing team that was hacked in the lead up to a big race.
F1 Widgets provided essential diagnostic equipment and communication between the pit crew and the Formula 1 car engine management system. Any vulnerability or compromise could adversely impact the safety and security of the race.
In the lead up to the race, a customer also suspects that someone tampered with the equipment F1 Widget provided.
The competitors conducted an investigation into F1 Widgets’ IT infrastructure to determine whether there had been a security breach. Their task: to spot malicious attacks and come up with the best solutions to fix them.
HP developed the second half of the Masterclass, focused on the security policy in place at the company. Competitors had to review current cyberpolicies across the departments in the lead up to a race and identify any potential vulnerabilities.
An unlikely superhero emerged from the competition: Stephen Miller, a 28 year-old pharmaceutical company employee without any formal security training.
“To succeed in this competition and become the UK’s new cybersecurity champion, Stephen has had to demonstrate not only exceptional technical skills but also an ability to relate them to a common business scenario,” HP’s UK Public Sector Cyber Lead Jonathan Bathurst explained.
“This requires an ability to weigh up risk, take into account budgets and operational limitations and be able to present a coherent case to a non-technical audience with sensible measures that are in the best interest of the organization for the future.”
Miller won his choice of prizes worth more than $150,000 plus opportunities for paid internships and the offer of university scholarships.
“Stephen’s success in the Challenge, as a chemist with no formal training in this profession, is a powerful demonstration of the hidden talent that exists in people from across all types of professional backgrounds,” Cyber Security Challenge UK CEO Stephanie Daman said. “Identifying and nurturing this talent is vital.”
The organizers announced a number of new initiatives and competitions for the fourth iteration of the Challenge. These include student cybercamps as well as more competitions from mobile forensics and incident response through to malware identification and software vulnerabilities.
They also introduced a Cyber Security Challenge app with a brand new cipher available on the iTunes store for iOS and Android. It will provide regular competitions, Challenge news and guidance on cybersecurity careers. It launched with a brand new cipher from PwC immediately ready to play.
Cyber Security Challenge UK is an exemplary way to cultivate cyberwarriors -- and a similar program on U.S. soil is long overdue.
Ballet dancer turned defense specialist Allison Barrie has traveled around the world covering the military, terrorism, weapons advancements and life on the front line. You can reach her at firstname.lastname@example.org or follow her on Twitter @Allison_Barrie.