Feeds

Psst, UK software devs: Up for a Cyber Security Challenge?

Future Stuxnet-style attack defenders wanted

The Power of One eBook: Top reasons to choose HP BladeSystem

A new Cyber Security Challenge UK competition aimed at finding people to protect the country against future Stuxnet-style attacks was launched on Wednesday.

Previous Cyber Security Challenge competitions focused on crypto-cracking, penetration testing and malware forensics – but this is the first competition in the challenge that will test devs' wits on software security. The two-year-old public- and private-funded programme is now looking for software and application developers with the security know-how to keep business and critical national infrastructure safe from the latest online attacks. Defence contractor QinetiQ and training body (ISC)² have teamed up to devise the challenge.

Why devs?

Software applications are increasingly being developed for very open, highly distributed environments, often involving elements of outsourcing and many suppliers. Traditionally, developers operate under tight deadlines to introduce new functionality and security has been a secondary concern. Competition sponsor (ISC)² said it had identified software vulnerability as the number one online threat in its survey of information security professionals. It said that the majority (73 per cent) of respondents had fingered it as the main problem.

The challenge aims to test the competitors' knowledge of security requirements, as well as their "instincts" for anticipating and resolving security vulnerabilities as they develop their own software. The best candidates will then be invited to QinetiQ at the start of next year for a "hands-on experience of writing secure code to move physical devices" and and exercise in protecting a "top secret facility from real life cyber-attacks".

John Colley, managing director of (ISC)² EMEA, explained: “Security instincts will be just as important as technical skills, as candidates prove they can effectively research and anticipate requirements for security at the same rapid rate at which software is developing.

“Those with the right instincts have a significant opportunity to demonstrate new skills that are incredibly relevant today. We hope this competition will attract, identify and nurture new talented individuals to work in this field,” he added.

How it works

The initial phase of the competition will involve an online exercise challenging competitors to write their own secure code. Between 15 and 30 of the best candidates will then progress to the face-to-face phase of the competition, next February. All participants at this stage will be awarded an training module, with the overall winner receiving a special prize. Winners from this event will then be invited to attend the Masterclass Final and awards weekend next March.

“Cyber criminals are increasingly developing the capabilities to manipulate the software used to control key security systems,” says Neil Cassidy, practice lead in cyber defence at QinetiQ. “Attacks like Stuxnet highlight the fundamental impact which these attacks can have on national infrastructure, from power stations to military installations.

"At QinetiQ’s face-to-face stage of this competition, competitors will be responsible for securing the systems protecting a simulated top-secret facility. They must identify vulnerabilities in command software systems and work to anticipate security breaches to avoid attack. Through this Challenge we aim to provide the software developers of the future with experience of what it takes to secure software systems and the impact any failures can have.”

The competition is open to software developers and students, with entry via a registration page here. Those already working in information security are not eligible.

Upcoming competitions in the ongoing security challenge scheme will include a packet-capture analysis competition, run by the SANS Institute, that will involve the analysis of network and web application attacks, as well as a linked-based competition, to be run by Sophos. The Cyber Security Challenge UK is now in its third year. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.