The deck guns of HMS Belfast have been hacked, and turned towards City Hall in central London, a cyber terror group counting down to a full attack on the city.
No, this isn’t the synopsis of the latest Hollywood blockbuster, but the final of a competition run in part by intelligence agency GCHQ to find the next generation of cyber protectors.
This is the Cyber Security Challenge.
Deep within a command room aboard the famous warship, you and a team are tasked with diving into Belfast’s networks to find the data needed in order to gain back control of the ship.
Then you must analyse the infrastructure of other sites; including a chemical waste plant and a power grid in order to find fragilities and close them before they are exploited too.
The 42 finalists are grouped in teams, all hunched over laptops, scanning the code and network features of the mock system aboard HMS Belfast, trying to work out how cyber terror group Flag Day Associates gained control in the first place. As part of the competition they’ve been issuing ‘threats’ for some time now.
After a series of qualifying rounds this is the grand finale, and one that has been designed to be theatrical and testing for those involved.
“What we’re really doing is putting the next generation of potential cyber talent through their paces, and that’s really the point of the competition,” says Stephanie Daman, chief of the Challenge.
“It really represents the culmination of 10 months worth of qualifying rounds within the Cyber Security Challenge, and those rounds are aimed at finding those talented potential cyber defenders, and the idea of the competition really is that they will have a chance to tackle what I think is the most realistic, and largest cyber attack simulation for civilians ever run in the UK.
“Critically, those that you see today do not work – at the moment – in the cyber security industry, and that’s really our job; to find the hidden talent and get those people, and give them a platform to showcase their skills and to build that UK talent pool.”
The main games room is quite a sight too; as well as the candidates there is menacing low lighting and a pumping sound track of menacing noises to keep them on their toes. That’s if the central command screen showing in various London landmarks in crosshairs and countdown clock isn’t doing that already.
Alexander Doutsthorpe, a 24-year-old candidate from Somerset said of the set-up: “It’s lots of loud noises. The news flashes keep you focused I guess. They give you loads of information and say see what you can get from this, and so there’s been a lot of finding your way around networks. I imagine later on it will get a lot more intense as well.”
This isn’t just for fun though; the big players behind it are looking for new staff to help protect the country from the growing threat of cyber terrorism.
One of GCHQ’s representatives at the event, known only as ‘Toby’ said: “Certainly we are keeping an eye on the candidates. All of those here today will be invited to GCHQ and if they want to they can have an interview with us.
“So just by getting to the final today it gives them a little bit of an open door to push against. We’re not going to recruit everyone here today for obvious reasons, but it gives us a little bit of insight. We can then start looking and thinking who are the candidates to pick out. Part of this is about identifying those individuals.
“We are looking for really talented individuals from a technical side but also those with softer personal skills as well. This presents a really great vehicle for us to test some of those skills and present them with a range of challenges, some of which that are really important to us to draw on some of those skills.”
This is a view shared by sponsor BT, whose president of security, Mark Hughes was keeping watch over the candidates.
“The aim is to address the cyber skills shortage gap that we have at the moment in the UK,” he said.
“I think there’s a lot of latent talent in terms of the young kids who are in school now and are interested in computer science or interested in technology who can take that interest and hopefully through events like this turn that into potentially a career path in the future.”
According to BT figures, the UK cyber security industry is short of personal numbering in the “thousands”. The event runs over two days and will see one candidate crowned champion on Friday evening, but plenty of those here could end up with a job offer.
Given the controversy surrounding GCHQ and questions of surveillance in the UK, the agency added the event was an opportunity to present a more “accessible face” to those with an interest in their work.
Cyber crime is becoming an increasingly prominent issue in daily life, with awareness heightened following a string of high-profile cyber attacks.
In December last year Sony Pictures was hacked and thousands of private files – including movies, as well as user names and passwords of employees were posted online. The attack was reportedly the work of North Korean hackers in response to Sony film The Interview, which depicted the assassination of North Korean leader Kim Jong Un.
This followed the high profile leak of thousands of nude and explicit images of celebrities, including actress Jennifer Lawrence, after an apparent brute force hack of iCloud passwords.
On from the main games room there is a second, seemingly less chaotic space known as the SCADA room. In fact, things are just as intense in here; each team enters one at a time, are presented with three types of infrastructure (a water plant, chemical waste facility and a power grid) and given an hour to find vulnerabilities within each system. There are scaled down models of each site on show, and the assessors are constantly asking for feedback on what the team are doing.
So, what do those taking part make of it all? Ese Oduyoye is the only women in the final, and got involved after she started following cyber terrorism in the news. She already works in IT, but the experience has got her thinking about a career change.
“Sometimes it’s a bit overwhelming because there’s so much to do and so little time to do it so sometimes you’re stuck and you don’t know what to do but you have a team and you can actually work together to try and achieve the goal,” she said.
“I’ve definitely learnt a lot already. Before now I didn’t really know much about networks but – I wouldn’t call myself an expert – but now I do know some stuff. Working with these guys has been really worthwhile. I can definitely see myself going into it as a career after.”
Meanwhile Alexander said he just wants to make a difference.
“I’ve always been a computer guy, always looking for more puzzles and these guys offer free puzzles.
“I had already considered it as a career – I have some history – I was in the Oxford University Training Corps – I did that for a year and thought this is amazing. I’m a techie guy, I’m not really a front-line fighter, but I like to be useful still, so I thought you know what, I want to do something good and help everyone else.”
The Cyber Security Challenge concludes on Friday.