Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19

This innovative practice full paper describes our experiences conducting cybersecurity capture the flag (CTF) competition for cybersecurity enthusiast participants (inclusive of both tertiary students and working professionals) local and abroad during the COVID-19 pandemic. Learning and appreciation...

Full description

Saved in:
Bibliographic Details
Main Authors: TAN, Kee Hock, OUH, Eng Lieh
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2022
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/6592
https://ink.library.smu.edu.sg/context/sis_research/article/7595/viewcontent/34089.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-7595
record_format dspace
spelling sg-smu-ink.sis_research-75952022-01-13T08:23:11Z Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19 TAN, Kee Hock OUH, Eng Lieh This innovative practice full paper describes our experiences conducting cybersecurity capture the flag (CTF) competition for cybersecurity enthusiast participants (inclusive of both tertiary students and working professionals) local and abroad during the COVID-19 pandemic. Learning and appreciation of cybersecurity concepts for our participants with little to no technical background can be challenging. Gamification methods such as capture the flag competition style is a popular form of cybersecurity education to help participants overcome this challenge and identify talents. Participants get to apply theoretical concepts in a controlled environment, solve hands-on tasks in an informal, game-like setting and gain hands-on active learning experience. CTF competitions can be held at physical locations or virtually. However, the COVID-19 pandemic catalyses all major events that are traditionally held physicallyto go virtual (likewise for physical CTF events). The pandemic limits our physical interactions, changes the dynamics of our engagements with the participants and how participants learn. We have to adapt our CTF competition design and conduct it in a virtual format during the COVID-19 pandemic that is compliantwith local pandemic regulations as well.This paper describes these adaptations for a semi-international CTF competition conducted for our participants. We conduct the competition entirely virtual and adapt the cybersecurity exercises to be attempted without the participant’s physical presence. While we devise ways to validate participants’ involvement, it is still more challenging to limit cheating than in a physical environment. However, with appropriate mitigating controls in place (reducing risks to acceptable levels), we were able to achieve similar outcomes compared to a physical event despite the lack of physical interactions. Over 1400 participants registered for our competition, and with the help of over 40 staff, we successfully conducted this 48 hours virtual CTF competition. We further analyse the participants’ online activity during thecompetition, their survey responses after the competition and derive our lessons learnt.We hope that these experiences, analysis and findings are useful for educators or organisers who wish to adopt online CTF to improve the learning outcomes of teaching cybersecurity education. 2022-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6592 info:doi/10.1109/FIE49875.2021.9637404 https://ink.library.smu.edu.sg/context/sis_research/article/7595/viewcontent/34089.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Computing skills higher education continuing education cybersecurity capture the flag Higher Education Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Computing skills
higher education
continuing education
cybersecurity
capture the flag
Higher Education
Information Security
spellingShingle Computing skills
higher education
continuing education
cybersecurity
capture the flag
Higher Education
Information Security
TAN, Kee Hock
OUH, Eng Lieh
Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
description This innovative practice full paper describes our experiences conducting cybersecurity capture the flag (CTF) competition for cybersecurity enthusiast participants (inclusive of both tertiary students and working professionals) local and abroad during the COVID-19 pandemic. Learning and appreciation of cybersecurity concepts for our participants with little to no technical background can be challenging. Gamification methods such as capture the flag competition style is a popular form of cybersecurity education to help participants overcome this challenge and identify talents. Participants get to apply theoretical concepts in a controlled environment, solve hands-on tasks in an informal, game-like setting and gain hands-on active learning experience. CTF competitions can be held at physical locations or virtually. However, the COVID-19 pandemic catalyses all major events that are traditionally held physicallyto go virtual (likewise for physical CTF events). The pandemic limits our physical interactions, changes the dynamics of our engagements with the participants and how participants learn. We have to adapt our CTF competition design and conduct it in a virtual format during the COVID-19 pandemic that is compliantwith local pandemic regulations as well.This paper describes these adaptations for a semi-international CTF competition conducted for our participants. We conduct the competition entirely virtual and adapt the cybersecurity exercises to be attempted without the participant’s physical presence. While we devise ways to validate participants’ involvement, it is still more challenging to limit cheating than in a physical environment. However, with appropriate mitigating controls in place (reducing risks to acceptable levels), we were able to achieve similar outcomes compared to a physical event despite the lack of physical interactions. Over 1400 participants registered for our competition, and with the help of over 40 staff, we successfully conducted this 48 hours virtual CTF competition. We further analyse the participants’ online activity during thecompetition, their survey responses after the competition and derive our lessons learnt.We hope that these experiences, analysis and findings are useful for educators or organisers who wish to adopt online CTF to improve the learning outcomes of teaching cybersecurity education.
format text
author TAN, Kee Hock
OUH, Eng Lieh
author_facet TAN, Kee Hock
OUH, Eng Lieh
author_sort TAN, Kee Hock
title Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
title_short Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
title_full Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
title_fullStr Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
title_full_unstemmed Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19
title_sort lessons learnt conducting capture the flag cybersecurity competition during covid-19
publisher Institutional Knowledge at Singapore Management University
publishDate 2022
url https://ink.library.smu.edu.sg/sis_research/6592
https://ink.library.smu.edu.sg/context/sis_research/article/7595/viewcontent/34089.pdf
_version_ 1770575997787176960