Would-be cyber warriors are taking on a simulated biological attack in London by a fictional cyber terrorist group in thw 2015 Cyber Security Challenge UK final.
Forty-two contestants are competing in the two-day final that began on 19 November 2015, which organisers describe as the most realistic civilian cyber security simulation ever staged.
From a crisis centre in London, contestants will be required to use their skills to defend Westminster Abbey from a simulated biological cyber terror attack.
Over the course of the competition, contestants have had to demonstrate real-life technical skills, while adhering to a strict legal framework closely based on UK government legislation.
The competition is designed to identify hidden cyber talent in the general public, and attract them into the cyber security industry to help address the global shortage of cyber security professionals.
The urgency of this skills shortage was highlighted by chancellor George Osborne in a speech at GCHQ on 17 November 2015, in which he said the estimated global cyber security workforce shortage will widen to 1.5 million by 2020, according to a study by (ISC)².
Over the years, 50% of the previous Cyber Security Challenge UK final candidates have landed jobs with the UK’s biggest cyber security employers.
The latest Cyber Security Challenge UK final was developed by international defence firm QinetiQ and a consortium of the country’s elite cyber experts from organisations including the Bank of England, GCHQ, National Crime Agency, BT, Cisco, Falanx Group and Roke Manor Research.
During the ultra-realistic simulation, candidates will be assessed on digital forensics, pen-testing and defensive skills used by real-world operatives, including the use of the very latest cyber security tools.
Candidates will be tasked to design a security strategy to ensure they can regain control of Westminster Abbey’s environmental control system, while ensuring they adhere to GCHQ’s real-life legal permission checks around forensic and pen-testing practices.
The final is the culmination of a series of rigorous qualifying rounds held online on the Cyber Security Challenge UK’s new play-on-demand (PoD) platform, Cyphinx, launched in September 2015.
Thousands of competitors have used their cyber skills to lead an investigation into the mysterious Black Oleander terrorist group.
The winner of the final will be crowned the next Cyber Security Challenge UK champion at an awards ceremony sponsored by SANS Institute.
“While there is drama and suspense as the storyline unfolds, everything the candidates are doing matches the tasks of those fulfilling cyber security jobs in real life,” said Cyber Security Challenge UK chief excecutive Stephanie Daman.
“They will be tested on the technical, ethical and business skills needed for the cyber security industry and some of the top talent in the UK will be found during our competition. Our consortium of sponsors has provided a tremendous amount of expertise in designing this competition and is set up to enable candidates to demonstrate they are ready for jobs in the industry.”
QinetiQ cyber chief technical officer Bryan Lillie added: “The cyber security threat to the UK, both to businesses and the general public, is constantly changing and developing so we must ensure we have the highest level of talent protecting us from it.
“The challenge is perfect for ensuring this; QinetiQ itself has hired past competitors to help it provide protection for critical national infrastructure and the government.”
Steve Herron, IT security consultant at QinetiQ, was working as a system administrator for a legal firm when he competed in the Cyber Security Challenge UK final in March 2015. His performance in the competition led to a job offer from QinetiQ.
“The job at QinetiQ was exactly what I was looking for and I really can’t believe my luck. To take such a radical career diversion at my age is really something, and I’m over the moon,” he said.
The 2015 competition explores the nature of insider threats – the leaking of highly sensitive data from within an organisation. Some of the most high-profile recent incidents, such as the Ashley Madison and Sony hacks, have been shown to be caused by insiders.
PwC’s 2015 Information security breaches survey revealed that well over 50% of the worst breaches in 2015 have been caused by those inside an organisation.
The best teams in the competition will win thousands of pounds worth of career-enabling prizes and the ultimate winner will be crowned the UK’s best cyber security talent.
Registration for the 2016 Cyber Security Challenge UK opens on 23 November 2015, and with the Cyphinx platform users can learn basics of cyber by creating 3D avatars and exploring a virtual world before playing the competition games.