Estonian startup CTF Tech is bringing young people to the field of cyber security through gamified training and competitions, to create new cyber security talents and to make sure their first hacking experiences would be positive and ethical.
All kinds of smart solutions are everywhere around us – electric scooters connected to our credit card or smart refrigerator that can detect the type of items stored in it and keep track of important details such as expiry and usage, to name a few. Although these systems are very user-friendly, they are also vulnerable and cyber security is an important aspect to note.
According to Marki Tihhonova-Kreek, the CEO of an Estonian startup CTF Tech, the massive lack of a cyber security workforce is a global problem. “Global statistics reveal that there will be 3.5 million unfilled vacancies in cyber security by the end of 2021. Employers admit that youth entering the labour market have a general interest in IT but minimal practical experience,” she explained.
For this reason, CTF Tech is bringing young people to cyber security through gamified training and competitions. “The process is, in a way, like generating new cyber talents. We engage youth from the early age (15-21) so that their first hacking experiences would be positive and ethical. I believe that in this age it is still possible to direct youngsters to be on the good side, to be so-called white hat hackers,” Tihhonova-Kreek said.
Best young talents gathered in Tartu
On 30 October, the grand finale of the Cyber Battle of Estonia 2021 took place in Tartu. Fifteen participating five-member teams grew out of five regional competitions and boot camps – held in Tallinn, Tartu, Narva, Pärnu and Paide – where 500 young people participated, 30 per cent of them girls.
These 15 teams had a final day like in a thriller movie – different cyber security tasks in a dark room with intensive musical background and stopwatch counting down the minutes and seconds.
First, they had one and a half hours for tasks about smart home. For example, they had to find a solution for the situation where the smart fridge is hacked and starts to order only soft drinks.
A team member of Red Racoons, 16-year-old Alex Petritch from Tallinn, was really excited after the first round. “The situation is quite nervous and intense, I must say, but also absolutely thrilling!” His team-mate, 16-year-old IT-student of the Tartu Vocational Education Centre, Kermo Nurmoja, was happy they did not use any hints and that should give better points in the competition.
Another Red Racoon, 17-year-old Markus Udam from Paide, said, “We all offer ideas and then try these out. It is a great exercise for teamwork as well – how to work successfully and effectively together as a team.” The Red Racoons members met each other during the boot camps, but the other teams were friends and teams already before the regional competitions.
The other members of Red Racoons, 20-year-old cyber security student of TalTech, Marion Martin, and 17-year-old Katre-Maris Veskimägi from Pärnu said they all learned something new with every step and every exercise. “It is like we get new layers of knowledge all the time,” Martin said. Veskimägi added that participating in the boot camps did not require any special level on cyber security, the most important thing was interest.
After smart home tasks, the teams had theme blocks about smart city and smart airspace. For example, one case was about smart city lights: if the city is overloaded with several cyber attacks and it is already dark outside, what you can do to help to switch on the streetlights?
All the tasks were prepared by Estonian best cyber security experts. The platform used for competition has been used for cyber security training by different governments, international organisations, and large enterprises.
Engaging the community
According to the collected points, the best team of Cyber Battle of Estonia was Forkbomb (Peeter Aleksander Randla, Siim Alas, Rainer Viikman, Karl Joosep Onoper, and Jan Hendrik Jõgi from Tallinn).
The president of Estonia, Alar Karis, congratulated the winners and said all the participators showed that Estonian youngsters can recognise and successfully counter cyber threats. “We are used to the fact that older people teach youth but now we can see that on some fields younger people are much smarter than elder people,” he said.
That is also what the experts’ panel brought out. “These young people here already understand what means DNS, encryption, reverse engineering, for example. They manage the tasks here at the competition well. As the world around us is full of different IT systems, it is absolutely important, even vital knowledge,” Aare Reintam, the chief operating officer of CybExer Technologies, noted.
“Why protect a home router? Why encrypt passwords? If already some young people know the answers, they can help their friends, their family, their schoolmates and so the whole community gets smarter on the field of cyber security,” Dmitri Stoljarov, cyber security expert of CybExer Technologies, pointed out.
A new platform helps educate
Not to keep the cyber security education only for the competitions and boot camps, CTF Tech launched a cyber education platform that is open and free for everybody interested. For example, teachers can use it in school. Tihhonova-Kreek said that to face a possible problem – teachers’ weak experiences on cyber – they plan to include teachers’ hands-on training in combination with the new platform.
“Basically, people have two possibilities: to ignore the changes or to adapt to the changing world. We have chosen to adapt and that is why our purpose is to help youth manage today’s challenges. And if they manage, they can protect themselves, their families and friends, their country,” she said.
Cover: Red Racoon team at the Cyber Battle of Estonia 2021. Photo by Gabriela Urm.