Concern about cyber-security is at the forefront of the minds of many company executives. The impact of cyber-crime, identity theft and the ever present threat of hackers intruding on their systems keeps many CEOs awake at night, well aware of the reputational and financial threat that this represents to their business.
Carnegie Mellon University is aiming to build a talent pipeline into the cyber-security workforce by introducing computer security skills to middle and high school students through picoCTF, a free, online hacking contest that starts on March 31, 2017. Now in its third year, the virtual game of capture the flag (CTF) has previously drawn nearly 30,000 people.
“Right now, we’re facing a tremendous shortfall in computer security experts,” says David Brumley, project lead for picoCTF and the director of CyLab and a professor of electrical and computer engineering, Carnegie Mellon’s Security and Privacy Institute. “The root of the problem is that most people don’t even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF.”
This year, players will be competing for over $30,000 in prizes, thanks to this year’s corporate sponsors. Registration is open to anyone, but only U.S. students in grades 6-12 are eligible to compete for prizes. Registration will remain open until the end of the competition, and there is no penalty for registering after the competition’s official start date, March 31.
For the two weeks of competition participants will learn to reverse engineer, break, hack, decrypt and do anything necessary to solve a series of challenges that are centered around a unique storyline. Challenges will start out easy and become increasingly difficult.
“To get started, you just need critical thinking skills,” Brumley says. “We lead you throughout the game to develop more and more sophisticated notions of computer security so that by the end, you’re solving real crypto problems and performing at a high level.”
Tim Becker, an undergraduate student studying computer security at Carnegie Mellon, played picoCTF in 2013 as a high school student and uncovered a talent he never knew he had.
“I competed with some friends for fun, but none of us expected to do that well,” Becker says. “But we ended up finishing in 3rd place, and that’s how I ended up getting into this field.”
Fast forward four years, and Becker is now a captain on Carnegie Mellon’s student hacking team, the Plaid Parliament of Pwning (PPP). The team has won DefCon’s Capture the Flag competition – informally known as the “Super Bowl of Hacking” – three times in the past four years.
The Carnegie Mellon team has open-sourced picoCTF, enabling teachers to run their own version of the competition themselves if they choose. Because of this, several high schools have made their own version of picoCTF that have introduced thousands more K-12 students to computer security, such as Phillips Academy CTF (PA-CTF), High School CTF (HS-CTF), and Thomas Jefferson CTF (TJ-CTF).