Feeds

Psst, UK software devs: Up for a Cyber Security Challenge?

Future Stuxnet-style attack defenders wanted

Security for virtualized datacentres

A new Cyber Security Challenge UK competition aimed at finding people to protect the country against future Stuxnet-style attacks was launched on Wednesday.

Previous Cyber Security Challenge competitions focused on crypto-cracking, penetration testing and malware forensics – but this is the first competition in the challenge that will test devs' wits on software security. The two-year-old public- and private-funded programme is now looking for software and application developers with the security know-how to keep business and critical national infrastructure safe from the latest online attacks. Defence contractor QinetiQ and training body (ISC)² have teamed up to devise the challenge.

Why devs?

Software applications are increasingly being developed for very open, highly distributed environments, often involving elements of outsourcing and many suppliers. Traditionally, developers operate under tight deadlines to introduce new functionality and security has been a secondary concern. Competition sponsor (ISC)² said it had identified software vulnerability as the number one online threat in its survey of information security professionals. It said that the majority (73 per cent) of respondents had fingered it as the main problem.

The challenge aims to test the competitors' knowledge of security requirements, as well as their "instincts" for anticipating and resolving security vulnerabilities as they develop their own software. The best candidates will then be invited to QinetiQ at the start of next year for a "hands-on experience of writing secure code to move physical devices" and and exercise in protecting a "top secret facility from real life cyber-attacks".

John Colley, managing director of (ISC)² EMEA, explained: “Security instincts will be just as important as technical skills, as candidates prove they can effectively research and anticipate requirements for security at the same rapid rate at which software is developing.

“Those with the right instincts have a significant opportunity to demonstrate new skills that are incredibly relevant today. We hope this competition will attract, identify and nurture new talented individuals to work in this field,” he added.

How it works

The initial phase of the competition will involve an online exercise challenging competitors to write their own secure code. Between 15 and 30 of the best candidates will then progress to the face-to-face phase of the competition, next February. All participants at this stage will be awarded an training module, with the overall winner receiving a special prize. Winners from this event will then be invited to attend the Masterclass Final and awards weekend next March.

“Cyber criminals are increasingly developing the capabilities to manipulate the software used to control key security systems,” says Neil Cassidy, practice lead in cyber defence at QinetiQ. “Attacks like Stuxnet highlight the fundamental impact which these attacks can have on national infrastructure, from power stations to military installations.

"At QinetiQ’s face-to-face stage of this competition, competitors will be responsible for securing the systems protecting a simulated top-secret facility. They must identify vulnerabilities in command software systems and work to anticipate security breaches to avoid attack. Through this Challenge we aim to provide the software developers of the future with experience of what it takes to secure software systems and the impact any failures can have.”

The competition is open to software developers and students, with entry via a registration page here. Those already working in information security are not eligible.

Upcoming competitions in the ongoing security challenge scheme will include a packet-capture analysis competition, run by the SANS Institute, that will involve the analysis of network and web application attacks, as well as a linked-based competition, to be run by Sophos. The Cyber Security Challenge UK is now in its third year. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.