Computer terror simulation used to recruit 'cyber defenders'

  • Published

A speed boat races down the Thames early in the morning – armed men onboard.

Wearing my life-jacket, I hold on to the side as we speed underneath Tower Bridge.

Our destination is HMS Belfast, the old battleship moored on the river, now a tourist attraction.

As they arrive, members of the National Crime Agency (NCA) approach a large group of people milling around on the deck and pounce on one man as he pulls his own weapon, dragging him to the ground.

The shouting is loud but the scuffle is brief – enough though to give one of the NCA officers a bruise on his head.

The man is taken back down to the speedboat and within a few seconds the mission is over. The only disconcerting thing is the laughter from the other people on the deck.

Image caption,
Much of the Cyber Security Challenge took place onboard the HMS Belfast

That is because they know it is just an exercise, a real-world component of the annual Cyber Security Challenge designed to seek out untapped expertise when it comes to securing computer networks.

Onboard HMS Belfast, the 42 contestants taking part in the challenge - split into teams - are soon back at their laptops.

They are in a race against time.

A digital clock is counting down in the corner.

The guns on the ship have been taken over by a hacker and – according to a video put up by a terrorist group that calls itself the Flagday Associates – when the countdown finishes the City Hall around the corner will be the target.

London Mayor Boris Johnson has clearly upset someone.

Image caption,
The HMS Belfast's guns were taken over by a hacker in the scenario

It has been created by companies and government bodies. No-one taking part currently works in the cyber-security industry, the idea is to identify new talent.

This event is the culmination of more than 10 months of qualifying competitions to find the country's cyber defenders.

Finding people with the right skills is a problem, everyone working in the field agrees.

"We have a big skill shortage in cyber skills across the country," says Mark Hughes, head of security at BT.

"This is a key part of bringing on new talent, whether that be school leavers or university graduates, and putting them into a challenging environment to test their skills and bring their skills on and hopefully getting a job in the industry."

There also may well be a large pay-cheque for the winner.

Image source, Other
Image caption,
The candidates had two days to identify whether the threat was real

The scenario unfolds over the 48 hours of the challenge with twists and turns relayed through the organisers and mock news reports on video screens.

The candidates have two days to identify whether the threat is real, find it and stop it, also gathering computer forensic evidence that could be used against the perpetrators.

"To win at this you need a lot of technical know-how of course, but it certainly isn't the only thing you need," Stephanie Daman, CEO of the challenge explains.

"Partly what you need to be a good cyber security professional is that urge to pull something apart and put it together again.

"It's a problem solving – thinking outside of the box – kind of urge and and you don't necessarily have to have come from an IT background to have that."

Image source, Other
Image caption,
Industry figures have said there is a lack of cyber skills in the country

In another room there are simulations of critical national infrastructure systems such as water systems and power systems – the type that are vital to everyone's daily lives.

Dr Kevin Jones from Airbus shows what is possible by switching off a simulated smart grid power system using his iPad (switching it back on again is much harder which makes his point about the dangers).

The teams are brought in here to find out if the malicious hackers have been able to get inside these systems.

GCHQ is among those looking to recruit.

Chris Ensor, a veteran information security official from the agency, says contestants will be invited to Cheltenham for some sandwiches and a look around the doughnut HQ later in the year.

Image caption,
Winning the challenge requires teamwork as well as technical skills

But how realistic is the scenario they are facing today?

Ensor points out that the guns of the real HMS Belfast are welded shut and not exactly open to hackers but the principle behind it is real. "Anything that is internet-enabled is potentially at risk," he says.

In a room on the ship, teams traipse in one by one to be grilled by a team of real-life senior officials and figures from industry, including Chris Gibson, the head of Britain's real-life Computer Emergency Response Team (CERT).

The officials play their part though for the scenario by telling the teams that they are about to brief senior government officials and need better answers than they have been getting.

Image source, Cyber Security Challenge UK
Image caption,
Adam Tonks (right) took home the top prize

To win the challenge you need to have not just technical skills but also the ability to work in a team and communicate your findings.

At the end of the gruelling competition it was 21-year-old Adam Tonks that was crowned UK Cyber Security Champion.

The computing student from Cirencester said he was "shocked but honoured" to have won the top prize which includes industry training and university courses worth over £100,000.

Related Internet Links

The BBC is not responsible for the content of external sites.