ENISA, the European Union Agency for Cybersecurity, together with regional and international organisations, decided to design and host for the first time an International Cybersecurity Challenge (ICC). The aim of the challenge is to attract young talent and raise awareness in the community, globally, on the education and skills needed in the area of cybersecurity.
Building a digitally secure society globally is of paramount importance, as cyber attacks are not confined anymore within geographical limits and can potentially affect everyone. The skills required to protect our society against modern threats and to mitigate their harms can scarcely be found in the market. Therefore, it is critical to educate and train future generations to enhance our society's resilience and ensure a safe and secure cyberspace.
CTFs are a gamified way to enhance essential skills needed in cybersecurity related jobs. According to ENISA, people who participate in the European and International Challenges have the required skills and competences that match to more than 50% of all the skills and competences described in the European Cybersecurity Skills Framework. Yet, the skill that CTFs cover are required by more than 80% of cybersecurity related job descriptions.
The goal of the ICC is to place cybersecurity at the service of humankind, with a view to promoting a peaceful society concerned with the preservation of democratic values, freedom of expression, dignity and critical thinking. ICC also aims to increase participation on local, national and regional CTFs across the globe.
ICC is a three day physical event, hosted by a different country each year. At the moment there are seven regional teams that partake every year in the competition. Each regional team is responsible to form and train their candidates, who are usually selected after regional CTF qualifiers. Each team comprises 15 players and two substitutions.
The competition involves traditional Jeopardy challenges (cryptography, reverse engineering, forensic, web exploitation and binary exploitation) that are constantly modernised with contemporary software and technology challenges (Windows, cloud, AI, OT environments, mobile applications and IoT).
Examples of such competitions may be found in openECSC 2024. Teams also compete in Attack and Defence, where an identical network topology with vulnerable services is provided to them. Teams need to build defences by patching their services and at the same time attack other teams by exploiting vulnerabilities and steal flags.
Towards a transparent and fair competition, the Steering Committee of ICC, comprises government and regional institutions, universities and research centres from around the globe. The SC is responsible to design and apply the rules of ICC, as well as, to set the requirements for the challenges that teams compete in each ICC edition.
Please identify the region where your country belongs to and refer to the website of the relevant team on instructions for qualifying events