The second edition of a business-development focused cyber security challenge, the Cyber 10K, has concluded – with the worthy winner receiving £10,000 to further develop an innovative security dashboard tool.
The challenge was run by the information assurance firm NCC Group supported by a judging panel including your correspondent, representing The Register.
Cyber 10K was open to both individuals and groups and geared towards backing ideas to tackle the most pressing security challenges affecting businesses and consumers. Students, graduates and non-security specialist IT workers and software developers were all encouraged to apply.
Products from across the spectrum of infosec problems were considered but applicants were offered suggestions of areas that might want to focus upon. These included: consumer and user awareness, training and support; IoT and mobile security1; cyber incident response and clean-up; and cloud security. The challenge was opened in September, with a 30 November deadline set for competition entries.
Entries were judged by a panel consisting of: Paul Vlissidis, director of the .trust division at NCC Group; Professor Tim Watson, director at University of Warwick’s cyber security centre; Professor Steve Schneider, director of the Surrey Centre for Cyber Security; Alex van Someren, founder and former chief exec of nCipher turned managing partner at Amadeus Capital Partners; and your correspondent.
The entries were whittled down to a short-list of the two most promising: "MouseVault", a computer mouse with a built-in fingerprint sensor and password storage technology, and "Defence in Depth", a computer health-check and security dashboard app for Windows aimed at small businesses. Judges were asked to evaluate each on the basis of the significance of the problem being addressed, market potential and feasibility.
Each of the two finalists were gently grilled by the judges on their ideas during a 30-minute group Skype session during which the finalists pitched their product development ideas. "Defence in Depth" emerged victorious from this Dragons’ Den-style exercise, gaining higher marks for both technical merit and artistic flair.
Winner Ross Higgins, a school network manager with IT security training, will be offered additional advice and support from NCC on how to develop his product alongside the prize money.
"Defence in Depth" has already reached the prototype stage, with Windows 7 as the initial target platform. During the judging processes, the idea of further developing the technology so it helped promote user awareness of social engineering threats such as phishing and tricking users into downloading dodgy apps was floated. Runner-up Alex Illsley, a software engineer, was also be offered tips.
Defence in Depth screenshot
A (slightly edited) version of Higgins' pitch for "Defence in Depth" can be found below:
Many home users and small businesses have poor defences against malware, viruses and rootkits, often only relying on antivirus products alone. The main point of entry for attacks is usually email or exploitation of vulnerabilities in web browser plugins. Users have little visibility of these problems.
The Defence in Depth depth application is designed to carry out an overall assessment of the computer's defences, assisting users to make any required changes to improve this, such as updating out-of-date apps or removing insecure plug-ins. A score level is also provided for the computer's current state along with a separate score for future protection.
Cyber 10K aimed to stimulate creative thinking as well as encouraging innovative approaches towards addressing the many challenges the industry faces. The competition is partly designed to encourage students and recent grads to take up careers in IT security.
A key aim of the competition is to engage young people and discover hidden talent in the field of cyber security.
The UK is historically a key worldwide centre of infused development, spawning security innovators such as nCipher, Sophos and many others. Cyber 10K aims to help in finding the next generation of security innovators. Seeking out new talent and encouraging the younger generations to become immersed in the world of cyber security more generally can be part of wider plans to tackle the skills gap. ®
The Register is a media partner of Cyber 10K and our security correspondent John Leyden is a member of the judging panel.
1There was a marked shortage in the number of mobile or IoT security apps entries submitted to the competition, for reasons that aren’t immediately clear. Perhaps the problems in these areas are so severe that they are putting would-be developers off. Alternatively it might be that designing mobile security apps has become somewhat unfashionable, possibly temporarily.