Draft27-12
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
IS NOW<br />
Combining thermal security cameras with video management systems.<br />
www.flir.com<br />
Untitled-20 1 18/02/16 10:18<br />
Some of the<br />
contestants in the<br />
Cyber Security<br />
Challenge UK;<br />
supported in part by<br />
the Government’s<br />
National Cyber Security<br />
Programme<br />
Photo courtesy of Cyber<br />
Security Challenge UK<br />
The view from Level<br />
39 at Canary Wharf<br />
at the Immersive<br />
Labs launch in London<br />
Docklands<br />
Photo by Mark Rowe<br />
56<br />
ways to find talent:<br />
Immersive academy<br />
Immersive Labs, a Bristol-based cyber security start-up that<br />
helps identify and develop talent through a cloud-based<br />
cyber training and assessment platform, has launched the<br />
Digital Cyber Academy (DCA). That encourages<br />
full or part-time students to develop cyber skills by<br />
immersing users in real-world exercises through<br />
online cyber labs and running a leader-board to help<br />
employers and recruiters fill their cyber security<br />
skills gaps. The developers stress gamification, as<br />
users are rewarded for each task they complete,<br />
and the higher up the leader-board they rise. In<br />
other words; not classroom learning and not college<br />
certifications, and no ‘right’ degree. James Hadley,<br />
CEO and founder of Immersive Labs, was an<br />
instructor at GCHQ’s Summer School: He said: “We<br />
have acknowledged that academic background has little<br />
bearing on an individual’s ability to develop much soughtafter<br />
cyber skills. The Digital Cyber Academy will enable<br />
millions of students to develop knowledge and hands-on<br />
skills, allowing them to be recognised as highly cyber<br />
skilled by potential employers. We’re looking forward to<br />
building a community of cyber security talent from around<br />
the world, on a single platform.” And Robert Hannigan, a<br />
former director of GCHQ (see below) said: “Identifying,<br />
developing and measuring practical cyber security skills is<br />
Ex-GCHQ chief:<br />
technology<br />
will develop<br />
Speaking in support of the Digital<br />
Cyber Risk Academy was a former<br />
director of GCHQ, Robert Hannigan.<br />
We took the chance to speak to him<br />
afterwards.<br />
Professional Security’s one<br />
question to him, and the<br />
founder of the Academy, James<br />
Hadley, was about how cyber relates<br />
to physical security; as, to take the<br />
example of the building the Academy<br />
was launched in, many floors up One<br />
Canada Square at Canary Wharf, it’s<br />
one thing to protect tenants in cyber<br />
terms, but it’s for nothing if someone<br />
can walk in and plant a memory<br />
stick with malware, or walk out with<br />
a laptop under your arm. Both men<br />
granted this; the Academy is not<br />
looking at once to tie in with training<br />
for physical security, presumably<br />
having enough on its plate with<br />
cyber. Robert Hannigan did recall<br />
DECEMBER 2017 PROFESSIONAL SECURITY<br />
the great challenge for all companies today. Most traditional<br />
training methods are outdated and we need to think<br />
differently for a new generation of intuitive, competitive<br />
and diverse individuals. The criminal world has been good<br />
at recruiting new talent often found through online gaming,<br />
it’s time we take a similar crowd-sourced approach that is<br />
profoundly disruptive for the greater good.” p<br />
Cyber contest<br />
that high-net worth people not only<br />
want perimeter security, but want their<br />
cyber life protected.<br />
How many air bags?<br />
Hannigan saw cyber-security as<br />
developing, arguing that the internet<br />
has (relatively speaking) only just<br />
begun; it ‘hasn’t really settled down’,<br />
and ‘it wasn’t designed with security<br />
in mind’. He likened cyber - such as,<br />
the level of your anti-virus software<br />
- to car safety. You wouldn’t ask a<br />
driver how many air bags they want in<br />
their car. His point; we are expecting<br />
individuals to make too many choices<br />
in security and to do the right things;<br />
‘that’s just unfair really’. He hoped<br />
that in ten or 20 years people will take<br />
many such cyber things for granted,<br />
as security will be done by service<br />
providers, ‘because it’s just crazy to<br />
expect people to do all the right things<br />
and manage their [IT] security. He<br />
agreed with Professional Security that<br />
cyber and physical security are on a<br />
spectrum. “Most people’s lives are<br />
lived online now, so it’s as important<br />
for them to control their cyber,<br />
digital life as to have their garden<br />
protected, or whatever.” He hoped<br />
that technology was at an early stage<br />
Last month 42 UK amateur cyber enthusiasts competed<br />
in a two-day simulation, protecting a fictional shipping<br />
firm from live attacks. The contest was the end of a year<br />
of qualifying rounds in the Cyber Security Challenge<br />
UK Masterclass. A simulated Security Operating Centre<br />
(SOC) in the home of British shipping, Trinity House in<br />
London, was developed by telecoms firm BT, with Airbus,<br />
cyber firm Cisco and the Cyber Technology Institute at<br />
De Montfort University. The contestants took the role<br />
of security consultants, brought in against a suspected<br />
insider threat. They soon found a new COO was to blame<br />
for missing files and working with fictional group crime<br />
syndicate Scorpius extorting money. The challenges were<br />
to defend the company from cyber-attack, conduct forensic<br />
analysis and present a case against the corrupt COO. Nigel<br />
Harrison, the Challenge’s acting CEO, said: “This event<br />
is designed to mirror challenges faced by leading industry<br />
experts, to identify the UK’s best talent.” p<br />
and that security would develop. He<br />
returned to the comparison of cars;<br />
gradually, insurance companies and<br />
others drove up standards, ‘and I think<br />
that will happen in security; but they<br />
will take a while, because the criminal<br />
world is ahead of us’. That implied<br />
the onus is on those in authority,<br />
whether the state or industry, to fix<br />
cyber, for the mass of non-specialists,<br />
just as most non-professionals (to<br />
take an example Professional Security<br />
offered) do oral hygiene basics but<br />
leave dentistry to the dentists.<br />
Active defence<br />
Hannigan pointed to ‘active cyber<br />
defence’ by the UK Government,<br />
whereby for instance the official<br />
website gov.uk is having phishing<br />
emails that spoof its address blocked.<br />
Hannigan said that you can stop<br />
such phishing, at a national level, if<br />
companies buy into it; and BT and<br />
others are interested, he said, about<br />
stopping email ‘rubbish’ reaching<br />
users in the first place. He added that<br />
civil liberties concerns would have<br />
to be addressed - that people did not<br />
feel their communications were being<br />
interfered with, even if it were spam<br />
pretending to be from HMRC. p<br />
www.professionalsecurity.co.uk<br />
p62 NetworksImmers 27-<strong>12</strong>.indd 1 18/11/2017 <strong>12</strong>:07