IoT-connected soldiers ‘hacked’ in latest Cyber Security Challenge UK competition

On Friday 11 August, Her Majesty’s Government Communications Centre (HMGCC), the Ministry of Defence (MoD), BAE Systems and the Cyber Security Challenge UK arranged a mock cyber attack on Internet of Things (IoT)-connected soldiers in the field at the MoD’s Defence Cyber School, which is part of the Defence Academy at Shrivenham. A cohort of 24 cyber amateurs battled against a fictitious hacktivist group in a bid to avert an attack on a live test run of experimental military communications equipment energised as part of the MoD’s Future Soldier Vision.

The competition was the latest face-to-face semi-final round in the Cyber Security Challenge UK’s 2017 series of competitions, specifically designed to unearth and nurture the UK’s best cyber security talent and help them gain careers in the industry. The 24 competitors were selected from a series of gruelling online qualifying rounds conducted on the Challenge’s CyPhinx (Play on Demand) system.

All of the Challenge’s competitions are designed to reflect potential real-life cyber security scenarios. This latest competition comes in the wake of the military becoming increasingly wary of cyber attack. In October last year, the Defence Secretary Michael Fallon announced that the Government will invest up to £265 million to boost the defence of military cyber systems, thereby highlighting the scale of the threat.

The latest scenario, which was created by cyber specialists from HMGCC, witnessed the contestants using their cyber security skills to safeguard the experimental soldier geo-tracking technology. Midway through the test, a nefarious hacktivist group hijacked the system using a ‘Man-in-the-Middle’-style attack: a sophisticated type of cyber attack in which attackers intercept and manipulate communications between two parties without detection. The team lost contact with the soldiers and raced against the clock to remediate the situation.

Candidates were ordered to report to military chiefs to explain why contact was lost, and then had to advise on how to respond within international legal guidelines. This tested their legal knowledge, while side tasks such as puzzles and ciphers hidden around the military site examined their cryptography and problem-solving skills. 

Challenger 2 takes the honours

The winning team was team Challenger 2, whose cohort comprised Andy Grabowski, Caroline Haigh and Io Swift Wolf. The 12 candidates who will progress to the Masterclass in November are Mark Brown, Michael Carr, Chris Hatton, Zul Sadiq, David Baker, David Orelowitz, Daniel Nash, Phillip Whitehead, Joshua Green, Peter Abay, Caroline Haigh and Edward Ouzman (who’s just 15 years of age).

Cyber specialists from Government and industry assessed the contestants to rank their performance and suitability for careers in the industry. The Masterclass Grand Final in November is where those candidates could be offered highly lucrative jobs that command average salaries of around £60,000 per annum.

(ISC)2, the world’s largest independent body of information security professionals, predicts a shortfall of 1.8 million workers by 2022 if current employment trends continue, so it’s critical that this issue is addressed in order to protect our country’s infrastructure. There’s an immediate need to hire more young people into the cyber profession.

Nigel Harrison, acting CEO of Cyber Security Challenge UK, said: “Cyber crime affects all organisations, whether that’s corporations, charities or even the military. Our events represent the scenarios that cyber security experts in the field could experience on a day-to-day basis and the types of attacks they could encounter. With a widening skills gap affecting organisations’ abilities to protect themselves, events like these provide the perfect opportunity for new talent to shine in front of prospective employers.” 

An HMGCC spokesperson added: “Our work involves the design and delivery of communication systems and technical solutions to protect national security at home and overseas. Finding people with the capabilities to keep delivering this is paramount. Through initiatives such as the Cyber Security Challenge UK, we can watch the future of the industry in action. This gives us so much confidence as we witness first-hand the talent that’s available to us and the country as a whole.”

Focusing on national security

Paul Bleackley, cyber education manager for the Defence Academy of the UK, explained: “Cyber security is a huge area of focus for the UK military. Bolstering our cyber capability is crucial for national security. We’re supporting this competition to help find and develop the cyber security talent out there and encourage them into roles that protect the country from both current and future threats.”

In conclusion, Cathy Sutherland (director of national security at BAE Systems) observed: “Training, real-life experience and education are essential to develop future cyber security professionals. Working on programmes such as this puts us at the heart of finding the best talent, in turn helping organisations to be safe from digital threats.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts