A cyber war is being staged in central London (Wired UK)

Emiko Jozuka

Forty-two amateur cyber defenders gathered on the HMS
Belfast in London this week to take part in a cyber terrorist
attack simulation run by the Cyber Security Challenge UK.

The competition, known as the Masterclass and
developed by a group of cyber experts led by BT, is now in its
fifth year and aims to plug the skills shortage currently affecting
both governments and UK businesses.
The competition essentially invites participants to put their
skills to the test and experience a dramatised version of events
faced by regular cybercrime fighting professionals. It also allows
sponsors of the competition such as BT, Lockheed Martin and Airbus,
to hover on the sidelines and cherry pick the next cyber crime
busting whizz kids. 

In 2014, the competition took place in an underground
bunker of the Churchill War Rooms, with prizes worth £100,000 going
towards educational and career advancement opportunities.

This year, organisers aimed to stoke interest among
both the public and would-be cyber defenders by upping the dramatic
narrative of the competition. Aboard the HMS Belfast, cyber
defenders competed to regain control of the naval guns system,
taken over by fictitious cyber terrorist network, the Flag Day

“I wanted to design a realistic challenge that used
the kind of computer systems and networks
that cyber defenders have to defend in real life,” Robert
Partridge, Head of BT Security Academy, told WIRED.co.uk. “But I
also wanted to make it exciting and put some Hollywood into it as
well,” says Partridge, while noting that he wanted to “de-geekify”
the image of cyber security.

“There will be more jobs than candidates for [cyber
defence jobs] in the next 20 years, and we need to lift the profile
of cyber securities careers in the UK to address this skills gap,”
he continued.

Over the course of two days (12-13 March), the amateur
cyber defenders are tasked with finding the vulnerabilities and
flaws placed in the operating system set up by the competition
developers. Primarily, the competitors must race against the clock
to regain control of the ship’s gun systems. Secondly, they must
search for weaknesses within the IT system of fictitious physical
infrastructures, such as water treatment plants and manufacturing
facilities, in order to defend these against the rogue cyber
terrorist group.

As countries the world over make a push to establish
smart cities, the physical
infrastructures sustaining our societies are increasingly under
threat from cyber attacks. As more systems are brought online,
maintaining the security and stability of critical national
infrastructure becomes paramount.

As part of the competition, Airbus’s SCADA Challenge
Brief encourages competitors to conduct a security validation test
in real-time. This allows competitors to practice sussing out what
the flaws and best cyber security solutions are, before they are
deployed in the real world — or in this case within the fictive
one created by the challenge.

“Airbus group understands that the industrial controls
system that underpin our critical national infrastructures, such as
water treatment facilities, electricity grids, and our logistics
and supply chains, must also be considered for the cybersecurity
solutions that we bring in place,” Kevin Jones, Head of Cyber
Operations Research Team of Airbus Group, told WIRED.co.uk

“As these systems go online and become increasingly
interconnected, we also need to take action to secure them,” he
adds. The cyber attack, which physically affected the furnaces of a
German steel mine back in December 2014, demonstrates the extent to
which internet crimes are infiltrating physical structures, he

Cyber attackers are looking
to perform malicious actions against such industrially controlled
systems, and as security professionals, we have to make sure we’re
building up the defences,” adds Jones.

In order to combat cybercrime, the agencies involved
in this challenge asserted that a range of skills from the
technical to the analytical, legal and investigative are required
to bolster the UK’s response to cyber threat in the future.

“The challenges are getting more complex, and the
people who are defending against cyber attackers have to learn and
think like them,” says Director of Cyber Security Challenge UK,
Nigel Harrison. He cautioned, however, that alongside the threat
from cyber terrorists, businesses should be aware of both the
technical and human dimensions of the issue. “There are still
people out there who are running infrastructures which have simple
faults,” says Harrison, who mentioned buffer overflows on websites,
specifically. “It’s not just the problem of technology,” he adds,
“it’s defending against human error, or the insider attack as well.
So as a cyber professional, you need to defend against a whole
range of threats and challenges”.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

13 March 2015 | 12:52 pm – Source: wired.co.uk


Leave a Reply

Your email address will not be published.