After two days of intense hands-on training and development, a new potential generation of UK cyber security defenders (including members of the public and military personnel) have been tested to see if they have what it takes to protect their country from online attacks.
Held at the Defence Academy in Shrivenham, the Cyber Security Challenge UK’s new cyber camp was delivered by a number of the UK’s most prestigious cyber defence companies to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession.
The assessment on Friday 29 August was devised by cyber security operatives from GCHQ and witnessed brave candidates assemble a cyber team battling to overcome the threat of a cyber terrorist group, the Flag Day Associates, who have been staging a number of attacks in the UK over recent months.
The latest incident was reported by the central security team at Parliament Square, a large central London meeting and conferencing space known to host classified gatherings characterised by high secrecy and sensitivity. The team confirmed that the web-based application that controls their intelligent building management software had been targeted and successfully compromised.
Under the guidance of mentors from GCHQ and other industry experts, as well as previous Challenge candidates, the cyber camp recruits were assessed on their ability to run penetration testing as part of a full security assessment of the web application in order to identify the vulnerabilities that may have been exploited by the attackers.
To prepare them for this test, the cyber camp recruits were taken through two days of training administered by some of the country’s leading cyber security experts.
Content details of the cyber camp
The cyber camp programme was put together by the Challenge with the support of C3IA Solutions (who provide information risk management training and cyber security services for the MoD, the Government and industry) and included:
• Defence, aerospace and security expert QinetiQ introducing cyber camp attendees to the principles of risk assessment and management
• Forensic technology teams at PricewaterhouseCoopers running lessons on digital forensic analysis
• Introductions to business continuity management and security architecture provided by worldwide information security training and education company Infosec Skills (two further modules were completed online ahead of the cyber camp)
• Web application security testing instruction courtesy of cyber security services and solutions specialist IRM
• A module on vulnerability research from Raytheon, the technology and innovation leader specialising in defence and national security
• An interactive session on legal and ethical practice within cyber security delivered by the National Crime Agency
The final stage of the cyber camp witnessed candidates sitting their first professional qualification – the Certificate in Information Assurance Awareness (CIAA) – free of charge. This came courtesy of InfoSec Skills and its examination provider, the Global Certification Institute (GCI).
Cyber camp attendees who performed particularly well were granted places on the new CESG-accredited Cyber Scheme Team Member course.
Growing skills gap in cyber security
The Cyber Security Challenge UK began in 2010 as three competitions run by a small group of supporters from industry, Government and academia designed to address the growing skills gap in the UK cyber security profession.
Now in its fifth year, the Challenge has grown its range of competitions to better represent the variety of skills currently demanded within the profession and is backed by over 75 sponsors from across UK Government (including through its National Cyber Security Programme) as well as major names from industry and academia.
The cyber camps are a more recent addition to the Challenge competition programme. They sit alongside a variety of exciting virtual competitions and provide a first opportunity for candidates to begin crafting their skills.
Stephanie Daman, CEO of the Cyber Security Challenge UK, commented: “Last year’s inaugural cyber camps showed the demand from amateurs to be given the opportunity to break into this field. The camps afford everyday civilians the chance to see what it’s really like to work as a professional in this sector, and what’s involved in defending the UK from ever-growing cyber attacks.”
Daman added: “Talented individuals learn from the best in the industry and, by dint of receiving a qualification for their efforts, they’re provided with a genuine career-enhancing experience. This sector needs more people with talent and skills and all of those involved in this cyber camp will have enjoyed a truly unforgettable experience.”
Kevin Williams, head of partnerships at the National Crime Agency’s National Cyber Crime Unit, stated: “We are proud to be part of this year’s cyber security camp and help to inspire the next generation of specialists to think about a career in cyber security. Our officers tested the skills, technical ability, knowledge and understanding of the candidates to see whether they have what it takes to defend the UK and its citizens from cyber-related attacks. We look forward to continuing our support for the Cyber Security Challenge UK over the coming months.”
Virtual competitions and foundation modules
Terry Neal, CEO at InfoSec Skills, explained: “We’re delighted to support the Challenge through our virtual competitions and foundation modules in IA Governance and IA Architecture delivered during the cyber camp. We hope to inspire the next generation of cyber specialists and help to get them started on their career paths in Information Assurance.”
Charles White, CEO of IRM, said: “Watching the cyber camp recruits learn and compete while surrounded by the physical history of the British Armed Forces illustrates the extent to which the Internet has transformed our lives and how, as a society, we must respond to that change. Where once we had tanks and large armies to defend our nation, we now have skilled and tenacious individuals who thrive on a technical challenge – the UK’s Armed Forces for a Digital Age, if you like.”
On an equally serious note, White also commented: “At this time there is a severe deficit of qualified individuals who are capable of assessing and improving our cyber security defences. If our citizens, Government and businesses want to stay safe in cyber space while also continuing to reap the economic and social benefits it brings then more effort has to be invested in nurturing cyber security talent.”