A teenage university student has won a GCHQ-backed competition designed to find and encourage UK cybersecurity skills.
Jonathan Millican has been named the UK Cyber Security Challenge (UKCSC) winner. Image credit: UKCSC
"I'm a bit overwhelmed," Millican told ZDNet UK on Monday. "I'd told myself by the time it got to the prize giving that I didn't have a chance. It was a big shock [to win]."
Teams competed in a number of challenges designed to test technical skills and team-working, culminating in a competition called the 'Masterclass'. Millican was not in the winning team, but a UKCSC press statement said that he had to "demonstrate a range of technical, communication and leadership skills," and that his performance had been judged the best.
In the Masterclass challenge, devised by HP and Cassidian, teams were asked to look at streams of data in a simulated attack on a company, Cassidian senior security engineer Tim Shipp told ZDNet UK on Monday.
"We tried to mimic an actual attack," said Shipp. "We started off with port scans exploring vulnerabilities on a web server."
The attack evolved to include the exploitation of hardware vulnerabilities — specifically a printer — to steal data from the imaginary company, accompanied by a website defacement to try to mask the data-exfiltration, said Shipp.
The second part of the challenge involved teams designing a secure infrastructure for an organisation.
I'm a bit overwhelmed. I'd told myself by the time it got to the prize giving that I didn't have a chance.– Jonathan Millican, UKCSC winner
Millican won a number of prizes, including an iPad, and plans to eventually attend Royal Holloway, University of London, to take up a masters degree in a computer security-related subject.
"If I'm offered a postgraduate degree at Cambridge, I may take it, and go to Royal Holloway afterwards," said Millican.
The culmination of the UKCSC comes after a number of arrests last week of individuals alleged to have taken part in LulzSec hacking attacks.
Young people tempted to take part in hacking for ideological or other reasons may not appreciate the scale of the damage they may be able to cause through hacking, Cassidian computer network defence manager Roy Matthews told ZDNet UK.
"Some people involved in criminality actually don't realise the impact of their actions," said Matthews. "High profile arrests can serve to highlight how damaging attacks can be on an infrastructure."
The next UKCSC
The next UKCSC will have a component that is open to IT security professionals, said Baker.
For the last two years, IT security professionals have been barred from the competition to give less experienced competitors a chance. One part of the competition will now be open to organisations, which can use the "Net wars" competition results to identify training needed by employees, for a fee, said Baker.
"It's a really good developmental and training tool," said Baker. "You can see how people do on each level, and see what education and training they need."
Half of the fee, which ZDNet UK understands will be around £500 per competitor, will go to Sans Institute, and half will go UKCSC.
The next UKCSC will also include a prize for 30 younger participants of a four-day training camp at Lancaster University, said Baker.
Jonathan Hoyle, director general for cyber security at GCHQ, said initiatives such as the UKCSC help organisations find people with skills to "continue to develop and maintain our leading edge in cyberspace" in a statement on Sunday.
"GCHQ are proud to be sponsoring the challenge and are keen to assist in developing the cyber security talent pool for the benefit of the whole of the UK," said Hoyle.