Submitted by Rachel Gardner on Mon, 30/11/2020 - 08:31
Inspired by a cyber security competition that was co-founded and held here, a worldwide 'ethical hacking' contest takes place this Sunday for competitors who – the organisers hope – will fill a vital skills gap in computer security.
The 24-hour Country-to-Country Capture The Flag (C2C CTF) competition on 6th December will involve more than 150 competitors selected from top universities in America, Europe, Asia and Australia. The largest contingent of them will come from the University of Cambridge, many from this Department.
The participants – from a range of backgrounds, nationalities, languages, genders, experiences and cyber-security skills – were chosen for their motivation and resourcefulness. Deliberately placed in mixed teams with fellow competitors they don’t know, they will have to work online to solve a series of cyber-security challenges.
"To close the skills gap, we must encourage many more young people to discover that cyber security can be a stimulating intellectual challenge, a societally beneficial role and - why not? - a lucrative career path."
Frank Stajano and Howie Shrobe
"Our event brings together some very smart young people from all over the world who are keen on cyber security," says Frank Stajano, Professor of Privacy and Security here in the Department and one of the organisers of the contest. "They are the future cyber-defenders who will save the digital society."
He says that such initiatives are needed to help encourage more people to take up jobs in cyber-security. Globally, the industry employs 2.8 million professionals, but is estimated to need another four million recruits to fill a skills gap.
Victoria C, a student in this Department who was selected to take part, says: "I have an interest in working in cyber-security for the government and thought that through this event I could gain valuable connections and insights into the cyber-security area."
Back in 2015, Professor Stajano co-founded – with Dr Howie Shrobe of MIT – the original C2C competition (when C2C meant 'Cambridge to Cambridge') to try and encourage more students to develop an interest in computer security.
"As university educators we can, and do, teach security to our students," they said at the time. "But to close the skills gap we must entice many more young people to take up computer security at university, letting them discover that cyber security can be a stimulating intellectual challenge, a societally beneficial role and – why not? – a lucrative career path."
International cyber security contests
Professor Stajano founded a national and an international cyber security competition for university students: the Inter-ACE for students of the universities endorsed by GCHQ as Academic Centres of Excellence in Cyber Security Research, and the C2C contest, with MIT, for students from dozens of UK and US universities.
After running the events for three years – and attracting sponsorship and support from, among many others, the UK’s National Cyber Security Centre, GCHQ, the Cabinet Office and the Department for Digital, Culture, Media and Sport – he stepped back to an advisory role.
With his collaborators he wrote an extensive report on what they had learned about the best way to run such competitions and made it public to other organisation who might wish to take it up.
Now, the C2C in the competition title means 'Country to Country' and the contest is indeed enjoying a new – and even more international – lease of life.
Event goes global
It is being run as a five-year programme under the auspices of the International Cyber Security Centre of Excellence (INCS-CoE), founded by Keio University in Japan, and of which Cambridge is a member.
The event, which was formerly hosted here in the Department, is this year being hosted by Royal Holloway University of London. Next year it moves to Technion – Israel Institute of Technology, then to MIT in 2022, followed by Keio University in Japan in 2023 and finally Edith Cowan University in Australia in 2024.
As with the original C2C cyber security competition, the organisers believe that longer-term, some of the talented students who competed in their events "will be Chief Security Officers, Heads of Homeland Security and other positions of responsibility in their respective countries."
Daniele Sgandurra, Systems and Software Security Lab lead at Royal Holloway University of London, says: "We’re thrilled to organise this event to pioneer international collaboration and friendship in cyber security. Judging by the great interest from students and support from government and industries here, we believe the programme will make a significant impact."
