In a challenge set up by technology consultancy Roke and the UK Cabinet Office-backed Cyber Security Challenge UK, 42 cyber security amateurs have prevented a hacker from breaking into a connected home.
Defending the historic Roke Manor House, the contestants split into seven teams of specialized cyber units. The teams were presented with between four and five IoT products, such as smart locks, cameras, smart lighting, and coffee machines, each of which came with a vulnerability, Nigel Harrison, acting chief executive of Cyber Security Challenge UK, told Internet of Business.
Against them, a cyber-savvy burglar attempted to manipulate these vulnerabilities in order to gain access to the house. To prevent this, the teams were tasked with identifying the hacker’s route, and discovering how he had compromised the system. Once identified, the objective was to prevent the burglar from accessing important document’s stored in the mansion’s office.
Building battle-hardened security pros
The task was set up as one of six competitions that the Cyber Security Challenge is running this year, with the aim of encouraging more people to move into cyber security roles. The competitions are deliberately designed to reflect some of the real-life cyber attacks that have been witnessed globally in recent years. From connected teddy bears, to hotel doors, vending machines, and even sex toys, IoT-enabled devices have proven to be extremely vulnerable to cyber criminals.
Speaking about the importance of testing candidates in a real-life scenario, Mark West, information security lead at Roke said that the desire for convenience means our homes are filling with devices that talk to and share information with each other, with our phones, and with servers on the Internet. “But the downside of the lights being on as you arrive home or a camera that allows you to see and talk to your pets when you’re not there, is the risk that a hacker could use these systems to gain access to your personal data,” he added.
“It’s vital that we have the ability to make sure that these devices are secure. This competition is designed to encourage the next generation that can help companies like ours do just that and protect the nation as a whole.”
Meeting the skills gap head on
The need for a new generation of cyber-savvy professionals has long been spoken about in the media and in tech circles, but the problem of shortages remains. In a conversation with Internet of Business, Harrison emphasized the point: “Clearly, the UK needs a lot more people in the cyber security industry.”
The challenge Harrison’s organization hosts is one way of addressing the shortage of skills in the UK. “Our competitions are designed to mirror the new and emerging cyber threats that society is now facing,” he said. “The types of scenarios that we put our candidates through are based on real-world scenarios, but with an added twist to really see who has the skills and potential to join the profession.”
There are, he added, probably quite a lot of people who are brilliant technically, but who cannot communicate the challenges to co-workers, colleagues, and people in authority. “So, we spend a lot of time making sure these people are job-ready, they’ve got the technical skills but they’ve got the soft skills as well.”
The Cyber Security Challenge is about more than just technical skills, such as network analysis and digital forensics. Harrison suggests that the ability to give a brief, to react well to unexpected situations, and to plan effectively even under significant pressure, are all soft skills that the challenge looks to draw out of candidates.
The Cyber Security Challenge spends approximately 50 percent of its time identifying these soft skills, Harrison suggests. The candidates are assessed by a panel of judges from the Challenge and its affiliate partners, such as BT, the Ministry of Defence, and the National Crime Agency, with the highest scoring candidates in all categories qualifying for the Masterclass grand finale in November, where roughly two-thirds are often offered jobs, Harrison explained.
Reaching the widest talent pool
For Harrison, the opportunity to recruit cyber talent does not stop at the competition stage, however. The organization is engaging with school age children from 11 to 14, to encourage them to get into STEM subjects at GCSE level, as well as university students who are at a more advanced stage of their academic life.
However, the organization is also targeting candidates who might be less likely to enter a career in cyber security. For example, the organization has collaborated with the National Crime Agency to help young people who have found themselves on the wrong side of the law to get well-paid roles in the cyber security space.
It is also attempting to engage with people on the autism spectrum to encourage “neuro-diversity within the workforce”, so that they are not excluded from the workforce, but also because, as Harrison says – with the caveat that he is generalizing – those on the spectrum often have the right set of attributes for analytical jobs in the cyber security sector.
Finally, Harrison says the organization is aiming to encourage more gender diversity in the workplace. “Currently, probably only about 10 to 15 percent of the cyber workforce is female,” Harrison says.
The problem is that “11 and 12 year-olds are quite happy to think about STEM, [but] by the time they get to 13, 14, particularly if they’re in mixed schools, then it’s seen as a boys subject and they don’t want to become known as a geeky girl, so they tend to veer away. And by the time you get to GCSE or A-levels, you are down to 15 to 20 percent, and then by the time you get to undergraduate you are down to 10 percent. So we do have an image problem in the industry and we are looking to address that.”