Challenge context
The UK is the third most targeted country in the world for cyber-attacks, after the US and Ukraine. In recent years, the UK has seen the use of offensive cyber capabilities by state and non-state actors proliferate, exacerbated by Russia’s full-scale invasion of Ukraine. The UK Government’s National Cyber Strategy 2022 and the Government Cyber Security Strategy 2022-2030 recognised cyber threats to UK Critical National Infrastructure (CNI) – infrastructure whose disruption would have significant national impact – as an area of particular concern.
In order to counter these threats, the Alan Turing Institute has been tasked to explore attack simulations across elements of the UK’s Critical National Infrastructure (CNI), including Energy (power grids), water systems, and transportation, which are primary sectors of interest but not exclusively. The applicants may consider other CNI sectors, but all the scenarios must be grounded in reality in that they must represent a threat observed in the real world or production of CNI-relevant systems.
Challenge scope
We seek solutions to address gaps in understanding cybersecurity threats and developing defenses in CNI systems, enhancing research capabilities and real-world resilience. Success would be the delivery of a modular, scalable simulator toolkit validated against specific CNI attacks.
The solution should provide a clear path for scaling from simulations and initial tests (e.g., on single components PLCs) to a complete CNI testbed, which will be the final deliverable. We are not interested in studying the security of individual products (e.g., PLC fuzzing), and thus, the initial tests will be judged only on their ability to iterate defence solutions quickly.
Testbed solutions and simulations must be fully functional by Q4 2025.
Real threats must be fully functional in the testbed. As such, the threats must be specified first (e.g., a list of OT malware, OT scanning and exploitation tools) and then shown working as designed in the simulation and testbed. The applicants do not need to provide any solutions to the security problems.
Solutions should be: Adaptable, scalable, and validated within testbeds simulating real-world conditions.
Collaboration: Early-stage promising solutions may receive mid-competition feedback and access to Turing’s facilities for further development.
Out of scope
Purely theoretical models without real-world relevance or approaches that do not model at least one CNI attack observed in the real-world.
IP and potential commercial route
IP generated during the project will be shared between the participants and the Turing Institute.
Eligibility
The challenge holder is keen to hear from a range of sole traders, small and medium-size businesses (start-ups, SMEs) and academia.
Assessment
- A selected panel of assessors will review and score your application.
- The panel of assessors will meet and agree on a consensus score.
- The Challenge holder will select successful solutions.
- Success will be based upon total consensus scores, a portfolio approach and the capacity within the challenge holders to carry out the projects.
Key dates
- Launch of competition: 21 February 2025
- Deadline for applications: 19 May 2025
- Pitch day: 10 June 2025