Representatives of VU Kaunas Faculty Reflect on CTF Competition in Estonia: Lithuania Is behind in Cybersecurity Education for the Youth

Having returned from the Telia Cyber Battle of Nordic-Baltics 2023, which brought together the best teams from the Nordic and Baltic countries in the city of Tartu on 11-12 November, the Vilnius University Kaunas Faculty team “CTF Team LTU” say they are surprised that Lithuania is still not represented in the European Union CTF standings. Simonas Švabas, Rytis Šertvytis and Karolis Petniūnas, second-year students of the bachelor's degree programme Information Systems and Cyber Security, who participated in the competition last year, and students Rokas Tiškus and Mantas Razbadauskas, who joined the team this year, came 9th. The team was accompanied by cyber security expert Assoc. Prof. Šarūnas Grigaliūnas and coach Lukas Misiukevičius.

Organised for the fourth time this year, the Cyber Battle of Nordic-Baltics is the largest youth ethical hacking event in the Nordic-Baltic region, which aims to improve the knowledge of young people and educational institutions about cyber security. The event is organised by CTF Tech, an Estonian cyber education start-up, and CybExer Technologies, a NATO-accredited Estonian cyber defence company. The competition is organised in cooperation with Telia, the city of Tartu, the University of Tartu and several private sector companies. The aim is to teach the basics of cybersecurity in a practical, realistic and ethical way in order to improve the region's cybersecurity skills and thus make it more stable and secure.

Testing ethical hacking skills for the second time

The team representing VU Kaunas Faculty competed against 20 of the strongest teams from Estonia, Latvia, the Nordic countries, Belgium, Italy and the United States. The first place went to Iceland, followed by Sweden and Denmark. These countries were in the top 3 last year as well. A special incentive prize was also awarded to the best female team. In addition, the best Estonian and WEB teams were also awarded.

The best youth teams from Lithuania, Denmark, Iceland, Latvia, Finland, Sweden, Norway and Iceland won tickets to the ethical hacking finals in a qualifying phase at a virtual bootcamp on 22-24 September. The competition was open to young people aged 15-24 from the Nordic and Baltic countries who want to learn the basics of cybersecurity and practical skills for working in the cyber market. Participants gained knowledge about Linux, port scanning, buffer overflows, RAM analysis, network traffic analysis, Metasploit, cybersecurity, steganography, cryptography, web and security vulnerabilities. Most welcome is the opportunity given to the participants to learn about the mindset of hackers. For the first time this year, all-girl teams were able to participate. As many as 3 of them appeared and competed only against other teams of the same composition.

Estonia has years of experience in promoting cybersecurity

When asked about the tasks given during the competition, the members of the Vilnius University Kaunas Faculty team stressed that knowledge alone is not enough in an international event of such a scale; personal qualities, experience and the ability to work in a team are important. They were pleased with the high level of the competition and the challenging tasks.

“In CTF competitions, it is not enough to have theoretical or practical knowledge in one area. You need a lot of experience with different tools, and you need to be skilled in areas such as digital forensics, red team, blue team approaches, cryptography. You also need to know a lot of programming languages, to be able to quickly discover a problem and solve it or be able to exploit it,” said Lukas Misiukevičius, who took part in last year's competition and is accompanying the team as a coach this year. “Time was limited, so the tasks had to be shared and solved separately. In the first round, our team was just a few minutes short. There were three unsolved problems which we would have been able to solve if we had not run out of time,” says the student. “We have a lot to learn, but this was a great opportunity to assess our abilities among the best teams in the world.”

“The hardest thing was to keep in mind that every minute is extremely precious and even the smallest mistakes can cost us points,” Karolis Petniūnas, a student of the Information Systems and Cyber Security bachelor's degree programme at VU KNF, agrees with Lukas. “The format of the tasks was also interesting. The three phases consisted of different thematic tasks (smart society, smart buildings, smart mobility). Although we already knew roughly what to expect, this year's tasks were more challenging than last year's and forced us to get out of our comfort zone,” he says. According to Charles, most of the tasks were in fact simulations of real-life situations faced by real organisations. Much of the content was created by the event's sponsors and partners.

“Teamwork is particularly important, in my opinion. The tasks forced us to work together quickly to analyse the problem at hand. There were also cases when two team members had to perform the same task in different attack vectors and to find a compromise, which allowed to understand the task and to figure out the solution”, Rytis Šertvytis, a student of the VU Kaunas Faculty bachelor's degree programme Information Systems and Cyber Security, shares his impressions. “I had to generate a list of variations consisting of 4 characters to solve the problem, which took me a long time to check, but I never got the right answer. Luckily, another member of the team noticed that the symbols were in fact coded numbers. I was then able to make a new list that was 100 times faster and gave the right answer,” he says.

Last year, Lithuania was represented in the ethical hacking competition “Cyber Battle of Nordic-Baltics 2022” by a team of students of the bachelor's degree programme Information Systems and Cyber Security (Vilnius University, Kaunas faculty) named “ITGuys N'Routers”. The team went on to take 7th place.

Experiences in IT and cybersecurity education shared at the Cybercation Forum

“It takes more than 3-4 years of study to develop a cyber security professional. The demand for them is growing rapidly, and their age is getting younger and younger”, says Assoc. Prof. Š. Grigaliūnas, Associate Professor of Information Systems and Cyber Security at VU Kaunas Faculty. On the day of the grand finale, he participated in the Cybercation - Nordic-Baltic Educators' Forum organized by the Nordic Council of Ministers’ Office, intended for educators, lecturers, policy makers and cyber-education enthusiasts to meet, network, collaborate and learn. IT teachers from schools in Iceland and Estonia shared their thoughts on the importance of IT and cyber security awareness and education. Stockholm University (Sweden) has been at the forefront in this field, teaching cyber security since 1985.

In the session “State of cybersecurity and cyber education in the Nordic-Baltic region” Assoc. Prof. Š. Grigaliūnas discussed the challenges and opportunities of cyber security education with lecturers from Estonian and Latvian universities. “What is particularly important now is that the tools for obtaining and processing information have changed dramatically over the last years. A pupil or student who has learned to work with older information tools may feel excluded from market innovations if he or she is not able to keep up with technological progress,” he stresses. The panellists also stressed the need for universities to update the way they present information to students. The dynamic market and the abundance of information sources make it necessary for lecturers to continuously develop their competences and creativity.

Plenary presentations on the state of IT and cyber security education, news, technological tools, expectations and needs were given by Anett Numa, Head of Government Relations at Accelerate Estonia, Maria Gratschew, Director of Nordic Council of Ministers' office in Estonia, David Olgart, Director of Cybercampus in Sweden, Lauri Tankler, Head of R&D Coordination, head of NCC-EE, Estonian Information System Authority (RIA), Mihkel Tikk, Deputy Commander at Estonian Defence Forces Cyber Command (Estonia), Peer Heldgaard Kristensen, Director of Security Tech Space (Denmark).

Competitions are a platform to bring focus on cybersecurity among young people

According to the main organiser of the competition Kätlin Koemets, CEO of CTF Tech, interest in the cyber battle format, which was developed in Estonia four years ago, is growing. “In today's digital world, there is a shortage of around 3 million cyber professionals, which is crucial to protect state and local governments, critical service providers, businesses, homes and billions of people from an ever-increasing number of cyber-attacks,” said K. Koemets. With more than 45 billion devices predicted to be connected to the internet by 2035, the need for ethical hackers is set to grow even further, he said. This is why youth competitions are seen as a platform to bring young people on the side of ethical attacks, allowing them to play their part in preventing them. The competition also helps to raise awareness of the importance of English language skills in cybernetics.

“Such competitions are a great way to develop practical cybersecurity skills of secondary and high school students,” agrees Assoc. Prof. Š. Grigaliūnas. In order to get young people interested in cyber challenges, VU Kaunas Faculty will invite them to take part in the CTF cyber battle “Capture the Flag” in February of next year. “There will be ten challenges, which students will solve in teams (one team can be made up of several classmates or the whole class) or individually,” says the teacher. According to him, CTF-type competitions help students to learn the basics of cyber security, promote critical thinking, develop problem-solving and teamwork skills, and provide meaningful practical experience. The winners will be awarded prizes as well. The competition will take place during school hours, so that fellow students can also come along to support the participants.