Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
1-2022
Abstract
This innovative practice full paper describes our experiences conducting cybersecurity capture the flag (CTF) competition for cybersecurity enthusiast participants (inclusive of both tertiary students and working professionals) local and abroad during the COVID-19 pandemic. Learning and appreciation of cybersecurity concepts for our participants with little to no technical background can be challenging. Gamification methods such as capture the flag competition style is a popular form of cybersecurity education to help participants overcome this challenge and identify talents. Participants get to apply theoretical concepts in a controlled environment, solve hands-on tasks in an informal, game-like setting and gain hands-on active learning experience. CTF competitions can be held at physical locations or virtually. However, the COVID-19 pandemic catalyses all major events that are traditionally held physicallyto go virtual (likewise for physical CTF events). The pandemic limits our physical interactions, changes the dynamics of our engagements with the participants and how participants learn. We have to adapt our CTF competition design and conduct it in a virtual format during the COVID-19 pandemic that is compliantwith local pandemic regulations as well.This paper describes these adaptations for a semi-international CTF competition conducted for our participants. We conduct the competition entirely virtual and adapt the cybersecurity exercises to be attempted without the participant’s physical presence. While we devise ways to validate participants’ involvement, it is still more challenging to limit cheating than in a physical environment. However, with appropriate mitigating controls in place (reducing risks to acceptable levels), we were able to achieve similar outcomes compared to a physical event despite the lack of physical interactions. Over 1400 participants registered for our competition, and with the help of over 40 staff, we successfully conducted this 48 hours virtual CTF competition. We further analyse the participants’ online activity during thecompetition, their survey responses after the competition and derive our lessons learnt.We hope that these experiences, analysis and findings are useful for educators or organisers who wish to adopt online CTF to improve the learning outcomes of teaching cybersecurity education.
Keywords
Computing skills, higher education, continuing education, cybersecurity, capture the flag
Discipline
Higher Education | Information Security
Research Areas
Software and Cyber-Physical Systems
Publication
2021 IEEE Frontiers in Education Conference (FIE)
Identifier
10.1109/FIE49875.2021.9637404
Publisher
IEEE
City or Country
Lincoln, Nebraska USA
Citation
TAN, Kee Hock and OUH, Eng Lieh.
Lessons learnt conducting Capture the Flag CyberSecurity Competition during COVID-19. (2022). 2021 IEEE Frontiers in Education Conference (FIE).
Available at: https://ink.library.smu.edu.sg/sis_research/6592
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/FIE49875.2021.9637404