Some 42 cyber security amateurs prevented a cyber-savvy burglar from breaking into an Internet of Things (IoT)-connected home, in a realistic simulated competition run by security consultancy Roke, and the Cabinet Office-backed Cyber Security Challenge UK. The competition sought to find UK hidden cyber talent and encourage them into cyber jobs.
Defending Roke’s historic manor house, the contestants formed specialised cyber-units tasked to identify and secure the vulnerabilities in new, intelligent household gadgets such as smart locks, cameras, smart lighting, connected coffee machines, and numerous other devices that would be manipulated by the burglar to get into the site. Teams plotted out the hacker’s route, and discovered how he had compromised the system, exploiting various weaknesses to gain access. The objective was to prevent the burglar from getting access to documents stored in the mansion’s office.
The competition reflected real-life cyber-attack scenarios; the type IT security people fear are leaving UK homes vulnerable to hackers. An investigation by Which? in June showed how hackers can break into home networks and connected devices in just a few days. It also found eight out of 15 IoT devices were easily hackable, providing opportunities for hackers to exploit both organisations and households. Insecure IoT devices had a global impact in late 2016, when the Mirai botnet hijacked default credentials in internet-connected devices to create a Distributed Denial of Service (DDoS) attack on such online services such as Netflix and Twitter, preventing access for users.
The scenario tested the teams’ abilities to investigate irregularities in the mansion’s system, using skills such as network analysis and digital forensics. The competition also encouraged the contestants to adopt the mind-set of a criminal, assessing their likely approach and anticipating their next moves – a key skill for thwarting criminal attacks in the real world, organisers point out.
The ten that will represent the UK in the European Cyber Security Challenge were: David Buchanan, Sofia McCall, James Nock, Ben Jackson, Kieran Amrane-Rendall, Harvey Stocks, Edward Godfrey, Matt Watkins, Tom Ryczanowski, and Laurence Tennant. The highest scoring candidates that will progress to the Masterclass final in November were: Tim Carrington, Sophia McCall, Laurence Tennant, David Buchanan, Harrison Speight, Kieran Amrane-Rendall, Alastair Greaves and James Benson.
The competitors qualified from a series of online challenges and were assessed on the day by industry figures.
Anyone interested in taking part in these competitions can sign up and play at www.cybersecuritychallenge.org.uk.
Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: “Our competitions are designed to mirror the new and emerging cyber threats that society is now facing. The types of scenarios that we put our candidates through are based on real-world scenarios, but with an added twist to really see who has the skills and potential to join the profession. Demand for talent still outstrips supply when it comes to cyber security professionals and demand is only going to grow in the coming years. These competitions are a great way for candidates to experience what the industry is like and for employers to pick out potential recruits. We’d encourage anyone interested in cyber security to sign up and play today.”
And Mark West, Information Security Lead, at Roke said: “The desire for convenience means our homes are filling with devices that talk to and share information with each other, with our phones, and with servers on the Internet. But the downside of the lights being on as you arrive home or a camera that allows you to see and talk to your pets when you’re not there, is the risk that a hacker could use these systems to gain access to your personal data. It’s vital that we have the ability to make sure that these devices are secure. This competition is designed to encourage