Earlier this year I wrote about the Inter-ACE challenge, which set the finest computing talent in the UK against one another. It’s a competition that was born last year as a Cambridge v Cambridge battle, that saw the finest hackers from Cambridge University and MIT do battle. This year, the event was opened up to have a preliminary stage that featured teams from 12 universities who have been designated as Academic Centres of Excellence in Cyber Security Research.
Such cyber security challenges are an increasingly common way to both locate the finest talent in the field, but also to thoroughly test digital networks. One of the biggest such events took place in April, featuring 800 participants from 25 nations. The participants were asked to maintain networks in a fictional military base that was under attack.
The event, which was organized by NATO’s Cooperative Cyber Defense Centre of Excellence (CCD CoE) in Tallinn, Estonia, saw participants divided into red teams (offense) and blue teams (defense).
War games
The hope is that by using realistic situations and technologies, the participants will be able to hone their cyber security skills by testing themselves across all aspects of cyber security.
“These are real systems taken from the field,” the organizers say. “The same power grid system is used in energy transmission companies around the world. The drone uses the same system, software and ground station that is used in military systems around the world.”
The winners were a team from the Czech Republic, with an Estonian team coming second. The organizers say that the winning entrants used good tactics and stable performance across all of the scoring categories, but especially in terms of their strategy.
“The exercise was particularly challenging for all participants this year due to the increased scope and size of specialised systems involved. The teams had to protect large scale SCADA system controlling the power grid, military AirC2 system, military surveillance drone and Ground Station controlling the drone and Programmable Logic Controllers (PLCs) under intense pressure,” the organizers continue. “In the end all the teams have gained a valuable training experience, which is the ultimate goal of this defensive exercise.”
Locked Shields has been held every year since its inauguration in 2010, and is organized in cooperation with the Estonian Defence Forces, the Finnish Defence Forces, the Swedish Defence University, the British Army, the United States European Command, Air Operations COE and Tallinn University of Technology.
The growing cyber threat
Such competitions are increasingly used by organizations that wish to put their infrastructure and cyber skills to the test. This is increasingly important in environments whereby key infrastructure is owned by a wide range of organizations, and cyber security therefore has to be a collaborative endeavor.
A recent research briefing for the British government highlights the risk to critical national infrastructure, and the impact such a breach could have. It outlines a range of technical and organizational measures that could be undertaken to improve cyber security, but warn that no guarantees can be made.
The Government published its second five-year national cyber security strategy in 2016. Noting that the previous strategy’s dependence on market forces to drive cyber security improvement did not achieve sufficient progress, the new strategy promises greater Government intervention.
With cyber skills and capabilities a key part of this defense, competitions such Locked Shields and Inter-ACE are great ways of uncovering the talent required to keep infrastructure secure.