At the culmination of the challenge, 48 of the UK’s most gifted amateur cyber security enthusiasts took part in a gruelling challenge to thwart a live attack on fictitious shipping company Fast Freight Limited, which had been the victim of a major corporate espionage attack.
The simulation, set in Trinity House, the home of UK shipping navigation, concluded this year’s Cyber Security Challenge UK.
The candidates were faced with a critical situation where a rogue COO has provided cybercrime group Scorpius with data on technological developments, critical vulnerabilities in the shipping company’s fleet and information on ship schematics.
The 48 contestants, ranging from age 15 to mid-50s used their forensic analysis, incident response, live network monitoring, penetration testing and crisis management skills to thwart the major cyber-attack on FFL’s flagship vessel The Enterprise. The contestants were also required to present a legal case in a mock courtroom in front of prosecution and defence barristers, as well as a judge.
In a race against the clock, candidates received calls from clients, bosses and government authorities, forcing them to make snap decisions and apply logic, decision making, as well as ethical and moral choices.
Speaking at the event, Kevin Jones, head of Cyber Security Architecture & Innovation at Airbus, described the challenge: “Fast Freight Limited has had a rogue employee who has been bribed into selling secrets and intellectual property of the organisation, but in doing so, he has inadvertently opened up the network.
“These networks have been attacked and compromised by our red team, and the point of the blue team is to detect the presence of the hackers and prevent them from gaining any access.
“The weakest part of any organisation’s security is people and security behaviours and practices and so the hacktivists in this example have exploited the vulnerability in a person to gain access.”
Team Daman, made up of Caroline Haigh, David, Harrison Speight, Joshua Green, Justin Rowley, Thomas Steven Brook, were crowned as winners, while 22-year-old computer science student Mo Rahman took the competition’s top prize.
“All of our contestants are amateurs who are looking for a career in this profession,” said Nigel Harrison, acting CEO of the Cyber Security Challenge UK. “They will have been through online competitions and floated to the top of leader boards in those and the best of those we’ve invited across to come to the annual final.”
“Within probably three to four months, I would expect at least 70% of those to be in the industry.”
Concerns over maritime industry vulnerability
The threat of cyber-attacks in the shipping sector has come under scrutiny after the NotPetya attack in late June which saw Maersk group lose control of its IT system across multiple business units, which ended up costing the company up to $300m in damages. Other recent real-world events that have seen ships targeted was the 37,000-tonne tanker which vanished from GPS off the Russian coast after the vessel was hacked.
In September, the Government released a new code of practice for the shipping industry, outlining how it can improve its defences and manage breaches and incidents.
However, the industry is facing a critical skills shortage, with a projected shortfall of 1.8 million cyber security workers by 2022, according to a study by non-profit organization (ISC)².
The contest’s theme was also inspired by the need to focus on industrial control systems: the fictitious shipping company’s dockyard in Harwich, which contained robotic arms, manufacturing lines and unmanned vehicles also needed defending.
Also speaking during the day’s challenge, one of the contestants said: “A lot of people don’t think of cyber security when they think of shipping, so it’s really good to explore that. I know there are real life scenarios where cyber security is a problem in shipping, so it’s really good to put that into practice.”
The Cyber Security Challenge UK is co-designed by telecoms giant BT in partnership with defence leader Airbus and IT world leader Cisco, with support from NCA, Bank of England, Checkpoint, De Montfort University and 4PumpCourt.
The challenge first started out in 2010 to create a series of virtual and face-to-face competitions that would identify talented people for the cyber security industry. Now in its sixth year, the competition is backed by over 50 of the UK’s most prestigious public, private and academic organisations.
Next year’s edition is now open for applications, and hopes to continue to attract new talent into one of the UK’s fastest growing sectors.