The European Cybersecurity Challenge (ECSC) is an initiative by the European Union Agency for Cybersecurity (ENISA) which aims to enhance cybersecurity talent across Europe and connect high potentials with industry leading organisations. In this event, national cybersecurity teams made up of 10 best talents, aged between 14 and 25, are challenged to solve problems related to computer security, in the form of Capture The Flag (CFT) competitions.

This event is held annually in a European country - which this year was Italy, in the city of Turin, and was organised by the Italian National Cybersecurity Agency and the CINI Cybersecurity National Lab.

Over the course of two days, 37 teams (31 official European teams and 6 guest teams) competed for to be the best in two different types of CTFs: Jeopardy and Attack-defence.

The jeopardy style CTF is a set of challenges created explicitly for the event, distributed over 6 categories: crypto, hardware, misc, pwn, rev, and web, covering different areas of knowledge.

• Crypto (cryptography): The focus is to break or solve these types of challenges by using complex mathematical algorithms related to secure data or communications.
• Forensics: Players have to investigate an unknown piece of data, and then find or build a tool capable of reading the information (to extract the flag).
• Hardware: Challenges supported by real-world hardware or equipment, which the players have to interact with.
• Pwn: Binary exploitation and memory corruption: players have to analyse an executable to try and find a vulnerability so they can write an exploit.
• Rev (reverse): The aim is to apply methodologies and techniques to reverse applications and discover faults or malfunctions in the code.
• Web: Challenges centred around web security.

In this type of CTF, the players tackle each challenge individually or as a team, aiming to solve them as fast as they can. The goal is to find the flag (one for each challenge) and submit it to the organisers.

In the attack-defence style CTF, the teams are granted access to a set of target hosts, and the objective is to seize and uphold control over as many of the target hosts as possible. In this competition, the organisers deploy a range of vulnerable services, ensuring that each target contains one or more vulnerabilities. The teams must balance the need to attack other hosts and accumulate more points, with the need to patch vulnerable services on hosts they already control, while preventing other teams from compromising those hosts instead. In this type of CTF, it is more imperative that the players distribute tasks and work as a whole team.

Since 2019, Portugal participates in the ECSC with a team of 5 seniors (aged 21 to 25) and 5 juniors (aged 16 to 20), and this year was no exception. To find these 10 best Portuguese talents, the Cybersecurity Challenge Portugal (CSCPT) is held online. This year the CSCPT was held on 1 June and was coordinated by the National Cybersecurity Centre (CNCS), the Instituto Superior Técnico (IST), the University of Porto (UP) and the Portuguese Association for the Promotion of Information Security (AP2SI), with the help of the Portuguese Safer Internet Centre (CIS). The goal of this event is to promote education, training, and skills enhancement, while also identifying young talents to join Team Portugal for the ECSC and encouraging more students to join the world of cybersecurity.

In this year’s event, Team Portugal ranked at 25, with at total score of 1275.16 points.

Portugal in Team Europe

Portugal’s representation does not end with the ECSC. This year, we also have one female player integrating Team Europe, as well as a Portuguese trainer. This team is made of the 15 best European talents and will compete in the International Cybersecurity Challenge (ICC). This is a global CTF event, organised by ENISA and several international and regional organisations, representing more than 80 countries in total. Its aim is to attract young talent and raise awareness in the global community on the education and skills needed in cybersecurity. This year’s event was held from 28 October to 1 November, in the city of Santiago in Chile and Team Europe came out as champions of the competition.

It's important to emphasise that, although Portugal has some of the best talent in Europe and the world, efforts must continue to be made and training opportunities in cybersecurity must continue to be supported.

Initiatives like these not only help to attract new talent, but also to develop skills such as resilience, problem-solving and the ability to work under pressure and as part of a team, as well as putting participants' technical knowledge to the test.

In short, the community of CTF players is increasingly emerging as a solution to the labour market problem of a lack of qualified cybersecurity professionals.

Find more information about the work of the Portuguese Safer Internet Centre, including its awareness raising, helpline, hotline, and youth participation services, or find similar information for other Safer Internet Centres throughout Europe.