Hacking games can test the mettle of IT security techs
Back in the summer of 2001, when the internet was still relatively young, New York City’s Twin Towers were still standing and Hugh Jackman was still a fresh face in Hollywood, Warner Bros. released a cyber-thriller with the unlikely title of Swordfish. At a key juncture in the movie, Jackman’s character, ace hacker and ex-con Stanley Jobson, faces an informal audition where he is required to hack the Department of Defense database in less than 90 seconds. Stan makes the magic happen, which get him dragged into a string of cloak-and-dagger shenanigans masterminded by a furtive government agent (John Travolta).
In 2015, nobody routinely attempts to hack the Department of Defense (except for maybe the Chinese), but the idea of testing an IT security tech’s grasp of cyber-defense (and offense) by pitting him (or her) against an unlikely hack scenario is alive and well. National Cyber Security Awareness Month (NCSAM) — also known as October — is in full swing, and one of many organizations waving the flag for increased awareness of sound cyber security principles is cybersecurity and IT governance association ISACA, which curates some of the most respected and best compensated IT security certs in the industry.
In a post that appeared earlier this week at the ISACA Now Blog, Eric Lopez, senior director of the industry association EC-Council, makes the argument that “hacking games” can provide any organization with an invaluable glimpse of the actual level of ability possessed by IT security employees. (EC-Council, among its other functions, administers a portfolio of well-regarded security certs, including the popular Certified Ethical Hacker credential.) As Lopez sees it, an actual data breach is a far from ideal time to find out about the security team’s strengths and weaknesses. Organizations need to know whether or not their cyber-perimeter is in good hands before that unforeseen emergency hits.
That’s where participation in hacking games, which test the mettle of security techs using simulated disaster scenarios, can be an important asset. Most of the scenarios played out in hacking games, Lopez explains, are designed to mimic the parameters of documented cyber attacks. The games also feature a competitive elements, in which security teams compete against each other. Taking a page from the schoolyard game Capture the Flag, teams attempt to steal “flags” from their opponents, while simultaneously defending their own turf.
Lest you suppose that such battles are arranged informally, there’s actually a global competition, the CyberLimpics, that hosts competitors from around the world. EC-Council and ISACA are teaming up to host the championship round at ISACA’s inaugural CSX North America cybersecurity conference, to be held Oct. 19-21 in Washington D.C. Registration for the 2015 CyberLimpics is closed. If you suspect that your IT security techs might have the heart (and skills) of a champion, however, there’s always next year. Consider NCSAM 2015 a wake-up call, and start training your team now to compete in 2016.