Three Trinity computer science students scored gold in a new cybersecurity competition designed to stretch their hacking abilities and capacity for teamwork – and address the UK’s looming skills gap in this area.
Stella Lau and Gábor Szarka were part of the four-strong Cambridge team that won gold, and Dimitrije Erdeljan won first prize in the individual event.
They were among 40 students who participated in the Inter-Ace Cyberchallenge, co-organised by Cambridge’s Computer Laboratory and Facebook, with support from the Cabinet Office, the Engineering and Physical Sciences Research Council (EPSRC) and GCHQ.
The event – the first of its kind – took place at the University of Cambridge Computer Laboratory on 23 April in Cambridge.
Facebook set and administered the challenges, which spanned web application security, binary reverse engineering and exploitation, forensics, and crypto. In addition, half of the competing universities accepted the invitation to submit a ‘guest’ challenge. Facebook visualised the state of play on a huge digital map of the world, whose appearance echoed the board game ‘Risk’. Each challenge was associated with a country that could be conquered and re-conquered.
Dr Frank Stajano, Head of the Cambridge Academic Centre of Excellence in Cyber Security Research and Director of Studies in Computer Science at Trinity, said it was ‘a sportified version of a hacking competition’ in which students could hone skills ‘the bad guys were using’ in the real world.
Training students for those challenges closes the gap between theory and practice in cyber security education. With any type of security, you can’t develop a strong defence against these types of attacks if you’re not a good attacker yourself – you need to stay one step ahead of the criminals.
The Inter-Ace Cyberchallenge was open only to the 13 universities that have been recognised as Academic Centres of Excellence in Cyber Security Research by EPSRC and GCHQ.
Ten of these centres sent four-person teams to the event and more than 40 other students from those universities participated remotely.
The competition built on the Cambridge2Cambridge cybersecurity challenge, organised by Cambridge and MIT in 2015-16. Ten Cambridge students flew to MIT, including Trinity’s Brett Gutstein, Janko Ondras and Gábor Szarka. The latter ending up on the winning team, returning home with a share of the $15,000 prize. Other Trinity students also participated in the qualifying rounds for Cambridge2Cambridge: Dimitrije Erdeljan, Stella Lau, Wai Wai Ng and Marko Stankovic.
Dr Stajano said the cybersecurity achievements of the Cambridge undergraduates who participated in the qualifying rounds and the competitions were ‘truly astounding.’
I am very proud that so many of them hail from Trinity. It is a privilege for me to supervise them and get to know them and I hope that some of them will continue with security PhDs. To any savvy employer these smart kids are already worth their weight in gold.
The success of these events has inspired changes to the undergraduate computer science course at Cambridge, beginning in 2016-17. Dr Stajano explains:
I believe the role of a university is to teach the solid foundations, the timeless principles, and especially ‘learning how to learn’, rather than the trick of the day; so I would not think highly of a hacking-oriented university course that primarily taught techniques destined to become obsolete in a couple of years.
On the other hand, he said, it is bad to offer theory without practice.
It will be extremely beneficial for students to leave university with a greater understanding of the kind of adversaries they’re up against when they become security professionals and are tasked to defend the infrastructure of the organization that employs them.
And the benefits of the Cambridge and MIT events were not limited to hacking skills. Collaboration and team working were key aspects.
We don’t want merely to train individuals: we want to create a new generation of security professionals, a strong community of ‘good guys’ who met each other in these competitions in Cambridge during their undergraduate years and built a network of worthy peers to rely upon 10 or 20 years later when they become Chief Security Officer for their company or Head of Homeland Security for their country. This is how we build the next generation of cyberdefenders to keep tomorrow’s digital society safe.
Listen to Dr Stajano on BBC Radio 4’s PM: http://www.bbc.co.uk/programmes/b0783ln6 (starts at 21:00)
Read BBC Chris Vallance’s story: http://www.bbc.co.uk/news/technology-36153391