Cyber attacks to be tackled by students
Working with the Department for Culture, Media and Sports (DCMS), the HEA has distributed a total development fund grant of £500,000 across eight higher education projects to boost cyber security teaching and learning, making sure that students have the skills to help protect the UK against cyber attacks.
The project is led by Dr Z Cliffe Schreuders at Leeds Beckett University with Dr Tom Chothia at the University of Birmingham and will see student intern developers work with the team of researchers to develop randomised capture the flag (CTF) hacking challenges for students to tackle.
Dr Schreuders explained: “The basic idea of CTF is that the students (or, more generally, competitors in a competition) have hacking challenges to progressively compromise the security of a network of computers. As they solve challenges (that is, hack into things) they discover (digital) ‘flags’, which they can claim to be rewarded with points (or marks in a module).
“For example, the student scans a system and detects that a vulnerable FTP service is present. The student hacks into the FTP service and ends up with remote access to the system. Exploring the system they find a flag. They claim the flag which proves they compromised the service. They continue to investigate and discover that they do not have administrator rights on the system, but find another vulnerability which they can use to escalate privileges to gain access to another user account, and another flag. From there they discover a web server, and so on.
“The uniqueness of our approach is that our hacking challenges will be randomised. That is, every student (or competitor) gets a unique set of challenges in a unique virtual machine.”
The Leeds Beckett and University of Birmingham team will work together with other universities, cyber security educators, and industry partners (including Imperial College London, Liverpool John Moores University, University of Abertay Dundee, and MWR InfoSecurity) to ensure that the framework will suit the needs of a diverse range of security courses. The project also benefits from input from the two universities’ hacking societies.
The project, which is set to be completed in February 2017, will culminate in an event to introduce UK students and security lecturers to the new framework.
Dr Schreuders added: “Learning hacking techniques is part of the security curriculum at Leeds Beckett University. These skills are used by security professionals to audit the security of computers and allow students to more fully understand what they are defending against and responding to. We aim to have our students put theory into practice in laboratory environments. CTF is a great way of further engaging students, and it is a framework that has the potential to have an impact on the way security training is designed and delivered: at Leeds Beckett and elsewhere.”
The HEA grant is funded from the Government’s five-year £860m National Cyber Security Programme to protect and promote the UK in cyber space.
The National Audit Office landscape review on the UK cyber security strategy, published in February 2013, identified a shortage of cyber security skills as a key challenge. The grants will be used to develop projects that will help improve the skills of graduates, address the shortage of cyber security skills and future-proof the country’s IT sector making it more resilient to cyber-attacks.
Professor Stephanie Marshall, Chief Executive of the HEA, said: “The Higher Education Academy is pleased to be able to offer support to these higher education providers to develop innovative projects that will improve cyber security teaching and learning. If the UK is to be equipped to respond to the increasing threat of cyber attacks, we must ensure that the next generation of cyber security specialists receive the best teaching and learning to furnish them with the skills needed. Each of the projects receiving the Development Grants has the potential to do this.”
Digital Economy Minister, Ed Vaizey, added: "Protecting the UK in cyber space is a top priority, which is why the Government recently announced £1.9 billion funding for cyber security and an ambitious new skills programme. The grants we're announcing today will enable universities to develop high quality, innovative teaching and learning, and ensure we have skilled people to address future cyber security challenges."
The BSc (Hons) Computer Forensics and Security degree programme at Leeds Beckett University is a hands-on course where students learn how to attack, defend, design, and manage the security of computer systems. The course received an overall satisfaction score of 100% in the latest National Student Survey (NSS) and benefits from an active ethical hacking society and a regular industry guest speaker programme.