Cyber-security competition uncovers new talent to meet growing need for defence against threats

SINGAPORE - Almost invisible yet highly dangerous, a cyber attack is nightmare for computer scientists, let alone a 17-year-old boy.

Yet when NUS High School fifth-year student Chandrasekaran Akash was faced with one, he remained calm, worked out the problem and won a prize in a cyber-security competition designed to uncover talent and open new opportunities for them in the cyber-security profession.

Akash was one of 23 people fixated on computer screens with code in a room at the Ministry of National Development building at Maxwell Road on Saturday (July 22).

They were waging war on virtual foes in the first Cybersecurity Challenge Singapore, an initiative by the Cyber Security Agency of Singapore (CSA).

The Challenge was modelled after a similar initiative in the United Kingdom, and will be held annually for two more years under a memorandum of understanding (MOU) on Cyber Security Cooperation signed between Singapore and the United Kingdom in 2015.

The competitors on Saturday (July 22), who ranged from polytechnic students to mid-career executives aged 17 to 41, were selected from more than 770 players who, in March, had pitted their wits against one another in the first stage of the Challenge, which tested their skills in areas like analysing network traffic and identifying vulnerabilities in computer servers.

Yesterday's competition, dubbed Face-to-Face (F2F), was held in partnership with British multinational defence, security, and aerospace firm BAE Systems.

The F2F Competition further tested their skills in a seven-hour session in analysing threats, encrypting data and writing computer code to defend against simulated cyber attacks, among others.

Akash, whose interest in programming had started when he was 12, said: "I learnt a lot from the experience... for example, making sure not to make programming mistakes that make websites vulnerable to attack."

For example, he learnt in the course of the Challenge how hackers infiltrate badly designed websites by entering text in search boxes that are interpreted as commands.

Meanwhile, competitor Chua Tianxiang, 34, had worked for years as an IT infrastructure specialist, and got acquainted with cyber-security issues on the job.

He saw the event as an opportunity to look for fresh perspectives mid-career.

In the gruelling seven-hour session on Saturday (July 22), he and his teammates had to identify patterns in a string of numbers in order to reconstruct a file that had been split into multiple parts and mixed up.

Another competitor, Chang Hui Zhen, 19, was the only woman who made it to the finals on Saturday (July 22).

The Infocomm Security Management diploma course which she is enrolled in at Singapore Polytechnic as a third-year student has only about eight female students out of 80.

"It is quite cool when people ask you what you're doing," said Ms Chang. "It's a personal preference - if you like it, you do it."

She is already developing a career in the sector, having taken up an internship with the Centre for Strategic Infocomm Technologies here and hoping to study the subject at university.

On Saturday (July 22), six contestants with the highest scores were awarded an all-expenses paid trip to London to pit their skills against UK cyber enthusiasts in a competition there in November.

CSA Deputy Chief Executive (Development) Teo Chin Hock, who presented the prizes, said that cyber security is essential to Singapore's aspiration as a smart nation, and the skill demonstrated by the competitors augurs well for the industry.

The CSA said the cyber security sector is projected to grow to around $900 million by 2020. It has the potential to provide over 2,500 additional job openings by 2018, it added.

Mr Boye Vanell, Regional Director, Asia, BAE Systems Applied Intelligence, said a survey by his company found that only 14 per cent of senior managers of companies in Singapore are confident their company has the skills they need to deal with a cyber attack.

"Industry and Government must work together to develop Singapore's cyber-security capability and close this skills gap," he said.

Meanwhile, the Harvard Business Review reported in May this year that the global cyber-security workforce will have more than 1.5 million unfilled positions by 2020.

Singapore has experienced several cyber-security breaches in recent years, and the authorities are not letting up in efforts to shore up the country's defences.

In April 2015, the CSA was set up to oversee Singapore's cyber-security strategy.

And in March this year, the Ministry of Defence announced that it would be setting up its Defence Cyber Organisation to enhance its cyber-defence capabilities. Its manpower is expected to grow to a few thousand servicemen within a decade.

This came in the wake of a data breach the previous month, when the personal data of 850 personnel was stolen from an Internet-connected data system at Mindef.

In another bid to prevent cyber attacks on the Government, the work computers of public servants here were disconnected from the Internet by May.

It is not just the Government that has been the target of cyber attacks.

In April, servers at National University of Singapore and Nanyang Technological University were breached in separate attacks that were thought to be the first such incidents there.

And in May, several shopping malls and retail shops here fell prey to ransomware, which demands payment for restoring files deleted by the malware.

Cyber attacks could have worse consequences than what Singapore has seen.

In 2015 and again in 2016, hackers with suspected links to Russia took down part of Ukraine's power grid, leaving hundreds of thousands of people in its capital Kiev without electricity for several hours.