It’s a problem, we have to add. The state lacks cyber experts. That is why Prague hosted a European event
Last week, at the Vyšehrad metro station and the surrounding area, there are groups of young people in colorful T-shirts from various European countries. For the first time in history, the Czech Republic hosted the finals of the European Cyber Security Challenge (ECSC) competition organized by the European Union Agency for Cyber Security (ENISA) at the Congress Center. This is her key activity. The Czech Republic and Europe lack experts in cyber security, a fundamental field of the future. The competition aims to help solve this complex problem.
Less than two dozen national teams from the European Union, including Switzerland and Canada, arrived in the Czech capital. The composition of these teams was determined by previous national rounds. Elementary to university students from 15 to 25 years of age compete in them. Within the Czech Republic it is about Cyber competition, which is attended by three to five thousand students every year. Twenty people meet in the national final.
The Czech team has been participating in the international competition since 2017. This year, however, in the final, unlike for example from Slovakia or Poland, it was missing. The Czechs really believe that instead of the competition, they will take care of the organization of the event itself. They prepared tasks in which other states measured their strength. These tasks have been consulted and tested, for example, with Military Intelligence.
In 2017 and 2018, the Czechs placed by the end, in 2019 they had already improved and finished about halfway through the table. It is an improvement, but at the same time it is not as good a result as would probably be appropriate on the “land of Avast”. The general ideas are that the Czechia is strong in the field of cybersecurity, which brings not only some promising companies, but also a place in the Locked Shields competition organized by NATO.
Self-taught with cybersecurity as a hobby
Captain of today’s Czech team Eliška Kühnertová from the University of Economics, which, among other things, took care of the Networking Academy in Cisco, may be what the problem may be.
“We are self-taught. Young people in our country are interested in cybersecurity as a hobby, there is no extended formal education in this field, “he describes for Lupa. “Cybersecurity is gaining ground in schools, for example in secondary schools, but in general it can be said that when something is taught, it is the norm,” Kühner said, adding that the Scandinavian countries are ahead.
The lack of people is felt by both the private sector and the state. The National Office for Cyber and Information Security (NÚKIB) has been contributing to this problem for a long time, most recently in the annual report on cybersecurity. NÚKIB has approved the completion of six billion, and rapid deployment teams are to be established. By 2027, the office has enough for 417 people.
8 more photos
The employee must also obtain the Command of Cyber Forces and Information Operations of the Czech Army and Military Intelligence. This, among other things, thanks to the new law, must be able to conduct active operations.
All these organizations supported the ECSC, stating that the competition “positively affects the motivation of young people who are concerned with this issue and will increase the resilience and abilities of the Czech Republic in adulthood.”
“We have to add,” says the director of NÚKIB about the lack of people in cybersecurity Karel Řehka. “It’s a really big problem. Next year, I want to propose a strategy on how to deal with this insufficiently, “complements and monitors, among other things, education. According to Řehka, he will put this area among the priorities.
According to the head of NÚKIB, the state will have to produce the experts itself and get them better salary conditions. NÚKIB currently has around 270 table spaces open, which means that it will expand to 300 in the coming months, and again it does not have such problems with filling.
But it is worse with people in really professional positions, where deep technical and other knowledge is required. Although not everyone is motivated only by salary and the role is played, for example, by the service for state security, the mentioned problems, according to Řehka, “the state must solve”. Voices from the local market speak of the weaker technical equipment of some NÚKIB employees.
“Currently, the number of applicants is not a problem. There are enough of them so that we can choose for table places. We planned to hire fifteen or twenty people each year. We can get them for interesting work. They get to things where they don’t. Someone also wants to do safety and good, so he joins the army. Rather, we struggle with the fact that the process takes us an awful long time. If you wanted to come to work with us now, you would have to come next June. The problem is the rigid planning of funds, “he described his experience in an interview with Lupa Miroslav Feix, commander of cyber forces in the Czech Army.
The situation is to improve similar activities as at the University of Defense in Brno. The local Faculty of Military Technology has opened the field of Cyber Security for civilian AND military region. Now the first 25 selected candidates have started studying it.
A registered institute was also established Cyber Security Center. He started offering a lifelong learning program in cybersecurity, a student cyber accelerator and other activities. He is also behind a book of cyber fairy tales and rhymes. A shorter version is available for now brochures (PDF) a on the Donio.cz platform continue the collection to create a larger work. The book is intended to serve both children and, for example, grandparents, who can read themselves in the field of education while reading fairy tales. These are classic fairy tales with embedded elements of computers and the Internet.
For the Czechia, the organization of the ECSC 2021 final was a prestigious event, which in our opinion should draw attention to cybersecurity. The next years are held in Austria and Norway. This year’s round win a team from Germany followed by Poland, Italy, France and Denmark.
The ECSC competition principles are referred to as Capture The Flag (CTF). In the case of the ECSC, the individual teams met in one room of the Congress Center. Subsequently, they logged in to the competition portal (something to do with is on GitHub) and led attacks on servers. It was necessary to find information (flags) in them and record them. Based on this, the teams were awarded points. The tasks were divided into categories from easy to difficult. Areas such as OSINT, forensic analysis, cryptography and more were needed.