UK government security agency GCHQ wants the public to help protect a (fictitious) aerospace technology company threatened by imminent attack from cyber terrorists.
The scenario is the latest competition run by Cyber Security Challenge UK, which aims to attract new talent into the IT security industry. The year-long series of games ends in a live finale and a number of the finalists are often snapped up by the sponsors as recruits.
Over 11,000 young people have taken part since it began, and the competition is sponsored by Microsoft, PWC, the National Crime Agency and the UK government’s Cabinet Office among others. The game has a serious intent – it’s part of a nationwide drive by the government to combat the cybersecurity skills gap, and reflects how seriously the government is taking cyber security. The UK’s National Security Strategy lists cyber attacks as a ‘tier one’ threat to national security, alongside international terrorism and warns the threat from cyber attacks “is real and growing”.
Earlier this year the Cyber Security Challenge launched its programme of online and face-to-face games for this year by introducing a new ‘enemy’, The Flag Day Associates, via a threat video that warned of future cyber attacks against the UK.
The latest game asks players to play the part of GCHQ operatives asked to assess the threat to an aerospace company using GCHQ’s Astute Explorer, an automated code scanning tool which the game is named after, which has returned various snippets of code that may contain vulnerabilities. GCHQ said it had designed the game to test candidates’ cyber security skills: players are asked to identify these vulnerabilities, explain why and how they could be exploited, and finally suggests appropriate fixes.
You can register to play the Cyber Security Challenge game here.