Operation Flag Day
Operation Flag Day: Members of the public must use their cyber security skills to protect an aerospace technology company and discover who the members of a fictional terrorist group are Cyber Security Challenge

British intelligence agency GCHQ has launched Astute Explorer, a new virtual game where the public is invited to pretend to be a spy and use GCHQ's software to protect a fictional global defence company from terrorist cyber attacks.

The Cyber Security Challenge was launched by GCHQ in 2011 and is an annual competition aimed at discovering cyber security talent and attracting people from all walks of life into the industry, whether they are university students or seasoned IT professionals.

Previous winners of the challenge have received funding for their studies and have gone on to work for GCHQ, security vendor Sophos, auditors KPMG and PricewaterhouseCoopers, and defence companies like Raytheon and QinetiQ.

The game was launched over the weekend at a competition held by Sophos, which challenged entrants to analyse a hard drive recovered from a fictitious terrorist hacker group called The Flag Day Associates.

The Flag Day Associates

By completing the Sophos competition, the entrants discovered the first clue – that the terrorist group next planned to attack Ebell Technologies, a fictional aerospace technology company specialising in producing military and civilian aircraft, as well as many other innovations.

In order to protect Ebell Technologies, members of the public are now invited to register to take part in Operation: Flag Day, where they will be set a variety of challenges from September onwards that involve using GCHQ's automated code scanning tool Astute Explorer to search for security vulnerabilities in Ebell Technologies, explain their significance and suggest ways to fix these problems.

Contestants that impress the GCHQ will be invited to attend hackathons held in secret locations around the UK, where they will work in teams to carry out investigations and gather clues in order to identify the members of the terrorist group (seen in the video teaser above).

The teams who manage to figure out who all the terrorists are will then compete in a final Masterclass competition next March.

Tier 1 national security risk

Cyber security is now one of the top priorities governments consider in national defence, and the UK government has invested £860 million over four years into the National Cyber Security Strategy.

In July, the GCHQ announced that cyber threats are treated as a "Tier 1 national security risk", particularly referencing the global takedown of the Gameover Zeus botnet by law enforcement agencies in 11 countries in June.

GCHQ's director general for cyber security Ciaran Martin said in a speech at the Financial Services Summit: "You can't just build a great big wall around your network to keep the baddies out. A wall – your external defences – needs to be erected high enough to give an adversary at least an acceptable level of difficulty to get on to the network. But don't make it so high that you can't deal with the outside world, also known as your customers.

"It's all about a holistic approach – networks need to be monitored actively. Good practice, by engineers designing the network, those operating it, and customers using it, needs to be promoted."