THIS CONTENT IS BROUGHT TO YOU BY NTNU Norwegian University of Science and Technology - read more
Practice makes the hacker
The need for cyber security expertise is steadily increasing. Hacking in organised forms is the solution, researcher believes.
This summer’s cyber attacks against 12 Norwegian ministries and the supreme legislature of Norway (Storting) are a stark reminder of this.
Not all hackers are out to cause mischief. In fact, the cyber security experts of tomorrow are probably among the budding hackers of today.
And that is a good thing. According to the annual Cybersecurity Workforce Study, there was a global shortage of 3.4 million IT security employees in 2022. That is an increase of 26 per cent from the previous year.
Europe's largest cybersecurity competition
“The need for employees with cybersecurity expertise is increasing year by year. This means that we need to rethink the recruitment process,” Muhammad Mudassar Yamin says.
He is a researcher at the Department of Information Security and Communication Technology at NTNU.
Yamin has both conducted research on and participated as a trainer in Europe’s largest cybersecurity competition – the European Cybersecurity Challenge (ECSC).
“ECSC is a bit like cybersecurity’s answer to the Champions League,” he explains.
Each year, between 35 and 40 countries participate in the European tournament with a selection of young talents. They have qualified through national competitions. There, they get the opportunity to compete against each other in tasks ranging from decryption and online security to digital forensics.
This year, the competition will take place at Hamar Olympic Hall.
Cultivating stars is not enough
The researcher hopes that some of Europe's top talents in cybersecurity will get more out of the competition than just honour and glory.
“In the same way that Champions League footballers started off in local football clubs, competitions like this will spark the enthusiasm of many future students and staff in the cybersecurity field,” Yamin says.
He and his colleagues have studied how different countries recruit and train their participants for the competition.
The researchers have also investigated what the participating countries hope to get out of the competition and how they work towards their goals.
“There is broad agreement among the participating countries that identifying young cybersecurity talents and generating interest and awareness around the topic are among the most important objectives of the competition,” he says.
And it is about more than just cultivating stars:
“The research suggests that participants who do not make it all the way to the final may be just as interested – and in some cases more interested – in a career in cybersecurity as the finalists,” Yamin says.
He believes this should affect the way the competitions are organised.
“If the goal is to generate interest in and recruit for the cybersecurity industry, a huge opportunity would be missed if we only cultivate the stars. We need to focus more on the early phases of the competition and make sure we get as many people involved as possible,” he says.
“Basically, we need to train as many people as possible, for as long as possible. Our research also indicates that this will probably be of great importance regarding participant diversity,” he says.
A healthy tree has strong roots
Yamin’s research suggests that the way participants are recruited and trained for the competition also tells us something about how well-developed the cybersecurity environment is in the respective countries.
“The tree analogy summarises our main findings well. A healthy tree has strong roots. It is from these that the trunk gets the necessary nutrients to grow. Only when the trunk is strong enough will the tree be able to properly spread its branches and bear fruit,” Yamin says.
“The countries that invest at the root level, meaning in primary and lower secondary schools, generally do very well in ECSC. This also tends to result in a more developed national cybersecurity environment. A shallow root system, on the other hand, results in a weak trunk and a sparse crown.”
In other words, not the best conditions for a great crop.
A potential spectator sport?
With two scoreboards – one advanced and one simple – spectators do not need to know the rules or have in-depth knowledge about cybersecurity beforehand.
“The fact that chess has been brought into the mainstream shows that it is possible to make activities with relatively complicated rules and a high degree of technical difficulty engaging to an audience, even though there might not be that much physical action going on,” Yamin says.
Ethical hacking might not become the new national sport, but chances are good that this kind of competition will bring a steady stream of new students and workers to the cybersecurity field.
De Zan, T. & Yamin, M.M. Towards a Common ECSC Roadmap: Success factors for the implementation of national cyber security competitions, Research Gate, 2021. DOI: 10.2824/657311
Yamin et al. Selecting and Training Young Cyber Talent: A European Cybersecurity Challenge Case Study, In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2021. Lecture Notes in Computer Science, vol 12776. Springer, Cham., 2021. DOI: 10.1007/978-3-030-78114-9_32
Yamin et al. Selecting and Training Young Cyber Talent: A Recurrent European Cyber Security Challenge Case Study, In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2022. Lecture Notes in Computer Science(), vol 13310. Springer, Cham., 2022. DOI: 10.1007/978-3-031-05457-0_24
More content from NTNU:
Climate change is causing problems for reindeer
Rethinking recovery: How high-intensity interval training can aid heart attack patients
Early whaling eradicated species from local waters
Torrential rains put engineers under ethical pressure
1,100 Norwegian teachers refused to teach Nazi ideology to their students
Is it possible to avoid ship strikes by eavesdropping on whales?