UK.gov unleashes 3D virtual world to train GCHQ's kiddie division
Cyber-workforce to learn in 'Cyphinx' land from an early age, just like Nork hackers
The next generation of Blighty's cybersecurity workforce is to be trained without even realising it, in a Cabinet Office-funded cyber skyscraper built "solely to find, test and recruit cyber talent".
The cyber skyscraper, which is pleasingly hosted in Skyscape's cloud, has been dubbed Cyphinx.
Cyphinx is a browser-based MMO-inspired platform for Play-on-Demand (PoD) cyber-security games and ciphers, running on the vuln-ignoring Unity's Web Player, with levels peppered with advertisements from sponsors.
According to Cyber Security Challenge UK's (CSCUK's) CEO Stephanie Damon, Cyphinx was developed in direct response to an ISC² study which estimated there would be a workforce cyber-skills shortage of 1.5 million by 2020.
Attending the launch, the Cabinet Office's deputy director at the Office for Cyber Security and Information Assurance, David Raw, stated that the gaming platform was a perfect fit for the Government's Cyber Security Strategy priorities.
"We believe Cyphinx has huge benefits in identifying the cyber professionals of the future," he said.
CSCUK's Jay Abbott, the techie project head, explained that although Cyphinx was currently just a portal to the PoD games, later contributions would develop immersive gaming experiences to complement players' current abilities, allowing them to show off their achievements and seek help through a mentoring system – due to launch later this week – in the skyscraper's lobby.
"We need to get back to gaming," said Abbot, who reminisced about his Commodore Amiga 1000 and noted a significant overlap between gamers and those with cyber-skills.
"It was a fundamental design feature of what we're doing, Cyphinx had to be an open platform which anyone could contribute to. The skyscraper has no limit to its floors, which don't even have to resemble floors. One could be a battleship," he said.
Abbott added that CSCUK's "engagement with schools and universities means that those at a similar level, across all levels, can compete against each other to develop the most difficult challenges".
Among the games launched is a Whitehatters Academy challenge, designed by Dave Mound, which encourages players to decipher a hidden message from an ego-hacker, before moving on to analyse geotagged tweets in an interesting introduction to Geospatial Intelligence.
Whitehatter Academy's initial hidden message.
Cyber Security Challenge UK's sponsors, both public and private, have declared their interests in the organisation as a means of mitigating a "cyber-skills shortage".
An event staged at HMS Belfast earlier this year was the culmination of a ten-month process to find new talent for Blighty's infosec workforce, and pitted 42 whitehats against the FSociety-esque Flag Day Associates.
In that instance, challenges had been developed by Lockheed and Airbus, with input from GCHQ and NCA, to handle a cyber-terrorist incident.
Cyphinx, however, features different challenges, including:
- A game in which a corrupt worker has caused havoc on a room of full of computers and machines, requiring candidates to download and work through various files in order to restore the network, which was developed by a team of cyber-apprentices from Malvern aged between 17 and 20.
- A game using the Minecraft platform to hide "codes in walls, behind pictures and in a virtual game of hopscotch".
- A series of mini-challenges developed by Clearswift, which ask candidates to find hidden information within files buried by an employee.
- A game created by pen-testing company ProCheckUp, in which candidates are asked to analyse a network trace using traditional methods of file extraction.
Games for Cyphinx were developed by Clearswift and ProCheckUp, as well as "talented cyber hobbyists", one of the youngest of which – Ben Rackliff – is 12 years old.
Rackliff told The Register about his game, Schlep, which requires players to investigate an office environment for suspicious items and security mistakes, including post-it notes showing Wi-Fi passwords and unattended and logged-in terminals.
Rackliff developed his game using Blender, a free and open-source 3D creation suite, which he supplemented with his own Python scripts.
Cyphinx is backed by the Cabinet Office and other public and private sector sponsors including BT, Northrop Grumman, SANS Institute, and Skyscape Cloud Services.
Those interested can sign up to Cyphinx on the Cyber Security Challenge UK website. ®
Sponsored: Becoming a Pragmatic Security Leader