IoT connected soldiers hacked in latest Cyber Security Challenge UK competition

Posted — 14.08.2017
  • Her Majesty’s Government Communications Centre (HMGCC), MoD and BAE Systems host latest Cyber Security Challenge UK face-to-face competition
  • 25 cyber prodigies battle against fictitious hacktivist group and protect ‘connected soldiers’ from man-in-the-middle cyber attack
  • 15 year old was highest scorer of the competition and books his place in 2017 Masterclass
  • Top eight performers from the day invited to Masterclass competition in November where the UK’s leading cyber security firms look for new recruits

14th August 2017, London – Last Friday evening, Government communications agency HMGCC, the MoD, BAE Systems and Cyber Security Challenge UK arranged a mock cyber-attack on Internet of Things (IoT) connected soldiers in the field at the MoD’s Defence Cyber School, part of the Defence Academy, Shrivenham. Thirty cyber amateurs battled against a fictitious hacktivist group to avert an attack on a live test run of experimental military communications equipment as part of the MoD’s Future Soldier Vision.

The competition was the latest face-to-face semi-final round in Cyber Security Challenge UK’s 2017 series of competitions, designed to unearth and nurture the UK’s best cyber security talent and help them gain careers in the industry. The 25 competitors were selected from a series of gruelling online qualifying rounds on the Challenge’s CyPhinx (Play on Demand) system.

All its competitions are designed to reflect potential real-life cyber security scenarios. This competition comes in the wake of militaries becoming increasingly wary of cyber-attack. In October 2016, the Defence Secretary Michael Fallon announced that the Government will invest up to £265m to boost the defence of military cyber systems, highlighting the scale of the threat.

The scenario, created by cyber specialists from HMGCC, saw contestants use their cyber security skills to safeguard the experimental soldier geo-tracking technology. Midway through the test, a nefarious hacktivist group hijacked the system using a man-in-the-middle attack, a sophisticated type of cyber-attack in which attackers intercept and manipulate communications between two parties without detection. The team lost contact with the soldiers, and raced against the clock to remediate the situation.

Candidates were ordered to report to military chiefs to explain why contact was lost, and had to advise on how to respond within international legal guidelines. This tested their legal knowledge, while side tasks such as puzzles and ciphers hidden around the military site tested their cryptography and problem-solving skills.

The winning team was team Challenger 2: Andy Grabowski, Caroline Haigh and Io Swift Wolf.

The 12 candidates that will progress to Masterclass in November are: Mark Brown, Michael Carr, Chris Hatton, Zul Sadiq, David Baker, David Orelowitz, Daniel Nash, Phillip Whitehead, Joshua Green, Peter Abay, Caroline Haigh, Edward Ouzman who is just 15 year’s old!

Cyber specialists from government and industry assessed the contestants to rank their performance and suitability for careers in the industry. The top performers have been invited to the Masterclass grand final in November where they could be offered highly lucrative jobs that average around £60,000 per year.

(ISC)2, the world’s largest independent body of information security professionals, predicts a shortfall of 1.8 million workers by 2022 if current employment trends continue and it is critical that this is addressed in order to protect our country’s infrastructure. It also identified a critical need to hire more young people into the profession.

Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said:

“Cybercrime affects all organisations, whether that’s corporations, charities or even the military. Our events represent the scenarios that cyber security experts in the field could experience on a day-to-day basis, and the types of attacks they could come up against. With a widening skills gap affecting organisations’ abilities to protect themselves, events like these provide the perfect opportunity for new talent to shine in front of prospective employers.”

An HMGCC spokesperson said:

“Our work involves the design and delivery of communication systems and technical solutions to protect national security at home and overseas, and finding people with the capabilities to keep delivering this is paramount. Through initiatives such as the Cyber Security Challenge UK, we can watch the future of the industry in action, and this gives us so much confidence as we see first-hand the talent that is available to us and the country as a whole. Our customers are various Government bodies, and we’re growing fast thanks to their increasing demand for our services. Now we need even more fresh talent on board.”

Paul Bleackley, Cyber Education Manager, Defence Academy of the UK said:

“Cyber security is a huge area of focus for the UK military now, and bolstering our cyber capability is crucial for national security. We’re supporting this competition to help find and develop the cyber security talent out there and encourage them into roles that protect the country from the current and future threats.”

Cathy Sutherland, Director, National Security, BAE Systems said:

“Training, real-life experience and education are essential to develop future cyber security professionals. Working on programmes such as this puts us at the heart of finding the best talent, helping organisations stay safe from digital threats.”