Close enough: when hacking infects our daily lives
Before I start about the fascinating European Cyber Security Challenge, imagine you wake up in middle of night:
You go to the children’s room and you hear your child speaking with a stranger; it’s your cheap Chinese baby phone with built-in microphone, speakers and camera. You attached it to the internet via Wi-Fi in order to use it easily. But somehow, someone hacked it and used it to speak with your child. You switch it off immediately and go back to your bed. In the next minutes you’re trying to sleep but it’s impossible. – You just constantly think about this stranger and what he wanted from your child.
In the morning you’re tired and worried. You think; let’s go swimming at the nearby indoor swimming pool and maybe it will help to forget the horrible experience from the previous night. So the next moment you’re in the pool, swimming. Suddenly, you start to smell chlorine. – Obvious, so you don’t think anything special. It’s normal to smell this in swimming pools, but it’s getting worse. And the smell get’s stronger and stronger. You start breathing in the chlorine vapors from the air. Suddenly, you feel your throat swelling. Breathing is hard now, pain is coming up and you feel burning in the nose, lips and tongue. You jump out of the water immediately while alarming everyone and open every window and door. Luckily, no one is seriously hurt, but everyone is frightened. You just simply can’t believe what is happening right now. Eventually, it turns out that the swimming pool chlorine controlling system (automated pool treatment), which is attached to internet, was hacked. Someone instructed the device to inject the full tank of chlorine into to swimming pool.
Again, you go home frustrated. At home you lean back in your sofa and switch on the TV; the news shows a prominent politician died this afternoon under inexplicable circumstances. Namely, he was a “diabetic” and someone hacked his insulin pump and instructed it to inject the full content of insulin into his blood. – He was dead for instance.
Scary? You probably think this is a storyline of just another horror movie. – But it isn’t. These ‘stories’ are real life examples which already happened in Europe. And these examples are also a part of the presentation Typical Security Issues with IoT and Industry 4.0, held by Stefan Strobel, CEO and Founder of Cirosec (see picture on the left). Stefan was one of the speakers during the Conference, which was one of the three parallel tracks that happened on 9th November in Areal Böhler, during the European Cyber Security Challenge 2016 event in Düsseldorf. This event is yearly held in a random EU-country, this year the honors to Düsseldorf, Germany. The event was compounded of three parallel tracks: the finals of Cyber Security Challenge, the Conference and the Recruiting Fair.
The Cyber Security Challenge
In the Cyber Security Challenge, one hundred young security talents had the chance to prove what they are worth. Here I quote the official news after the challenge:
“One hundred of the best young security talents from 10 different nations, fought for the title in the finale of the European Cyber Security Challenge in Düsseldorf, Germany. It was a thrilling contest until the very last moment, but in the end the team from Spain was able to secure the first place against Romania, who was awarded the second place. In an exciting pursuit against Austria, the team from Germany was able to claim the third place.
Every team had their own server with certain vulnerabilities placed by the Hacking-Lab staff. On the one hand everyone had to defend their own server and services against attacks from the opposing teams, and on the other hand the teams had to patch vulnerabilities, decipher hidden messages and solve difficult hacking challenges. The atmosphere at the event and the following award ceremony was excellent. After celebrating each others successes, the teams were able to meet and talk with representatives of business and research.
We want to thank all of the participants and everyone who helped to make this event possible. We are already looking forward to the European Cyber Security Challenge 2017 which will be held in Málaga, Spain.”
The Conference track was also very thrilling and interesting. It started 09:00 in the morning till 18:00 in the evening and was a well thought through mixture of theoretical and practical presentations. The speakers presented excellent with very current and interesting topics. The titles speak for themselves:
- Opening and Welcome Note: Norbert Pohlmann, Chairman/Director, TeleTrusT/if(is), Svenja Schulze, Minister for Innovation, Science and Research of North Rhine-Westphalia
- KEYNOTE – Big Data Study – Towards a Human-Centred Data Revolution | David Deißner, Director Strategy & Programmes, Vodafone Institute for Society and Communications
- Physical Attacks in the Networked World | Claudio Bozzato, Security Vulnerability Analyst, NXP
- Security Infrastructure in the Eye of the Attacker | Markus Linnemann, Lead of the Division Critical Infrastructures, Secunet
- How to Operate Penetration Tests Securely | Jan-Tilo Kirchhoff, Country Manager Germany, Compass Security
- Insights into the daily business of a governmental/National CSIRT | Thomas Hungenberg, Security Analyst, CERT-Bund/BSI
- The Future of Cybersecurity – 2025: Are We Done? | Peter Rost, Director Marketing, Rohde & Schwarz Cybersecurity
- Typical Security Issues with IoT and Industry 4.0 | Stefan Strobel, CEO and Founder, cirosec
- In Love with Industrial Control Systems – Testing ICS/SCADA in Industry 4.0 | Roland Ehlies, Jan Wagner, Senior Manager, PwC
- Implementation of a manufacturing execution system from cybersecurity perspective – a report | Hagen Rost, ICT Industrial Security Specialist, Airbus Group
- Engaging Small and Medium Companies in Cyber Security | Thomas Freund, Senior IT-Security Consultant, Bechtle
- 10 Hacks in 10 Minutes | Final Hacks – Part of the European Cyber Security Challenge
The Recruiting Fair
During the third track, the Recruiting Fair, 16 companies had the chance to present themselves while meeting young talents which they would like to hire. The setting was a usual event where every company had their own stand. Big names were presented:
- Airbus Group
- Audi Electronics Venture GmbH
- ESCRYPT – Embedded Security by ETAS
- Federal Office for Information Security (BSI) Germany
- HiSolutions AG
- NTT Security
- SEC Consult
- Siemens AG
- Vodafone Germany
- Cirosec GmbH
- Genua Germany
- iT-CUBE SYSTEMS
Why this event? Simple: because every day there are one million of new malware threats and the industry is crying out for new talents in security.
There are not enough security experts and the organizer of the European Cyber Security Challenge wanted to gather the very best young security talents. It’s important to popularize the topic much more at schools and universities and to give a chance to young people to deal with security topics. Secondly, this event gives security experts the chance to share knowledge and to hear and learn from new approaches and techniques.