Hurrah for Denmark, Top Winner of the 2022 European Cybersecurity Challenge

Back to News

The 8th edition of the ECSC concludes successfully, especially for the top three winners of the competition with Denmark in first place, Germany in second place and France in third place. The European Union Agency for Cybersecurity (ENISA) warmly thanks Austria for hosting the event in Vienna.

After two days of intensive competition, the ECSC closed on Friday in Vienna. A total of 33 teams and over 600 participants competed representing EU Member States and European Free Trade Association (EFTA) countries, as well as the five non-EU guest teams from Canada, Israel, Serbia, the United Arab Emirates and the United States of America.

Juhan Lepassaar, EU Agency for Cybersecurity Executive Director said: "It is a great satisfaction to see how the European Cybersecurity Challenge is gaining so much traction with so many teams now joining not only from European countries but also beyond. This is where I see the true success of this event as we all gather with the same goal to empower the youngest generations worldwide as they will be tomorrow's workforce and will be acting as our digital shields."

The European Cybersecurity Challenge (ECSC) is an annual exercise, coordinated by the European Union Agency for cybersecurity, ENISA. This year’s version was organised by CyberSecurityAustria, CSA and the main sponsor A1 Telekom Group – and was supported by the Austrian Federal Chancellery, the Ministry of Defence, the Ministry of Finance, the Ministry of Education as well as the City of Vienna. The national cyber security coordinator from the Austrian Federal Chancellery, Dr. Bernd Pichlmayer, and A1 Group CEO Mag Thomas Arnoldner, presented the awards to the following winning teams:

  • 1st place: Denmark
  • 2nd place: Germany
  • 3rd place: France

ENISA is extremely grateful to Austria and for all the support and great cooperation in ensuring the smooth management and coordination of the event considering the growing number of participants over the years. ENISA also wishes to express its gratitude to all the community and experts who contributed to make the Challenge a growing success every year.

How were the competitors challenged?

Participants had to solve security-related challenges from domains such as web and mobile security, crypto puzzles, reverse engineering, forensics to test their abilities and challenge their different cybersecurity-related skills in escape rooms.

However, the path to becoming the champion of ECSC 2022 does not only require technical expertise, but also the capacity to work as a team in a complex environment. On the first day, teams were assigned over 18 challenges to be solved in Jeopardy format testing teams capacities in a wide range of skills.  Network and system knowledge are must-have skills in order to succeed. In addition to crypto and steganography, reverse engineering and exploitation know-how are just as essential as web and mobile/wireless security.  Hardware hacking and escape-the-box scenarios require efficient teamwork and related skills to effectively manage the complexity of the tasks and ensure success. The second day brought the "supreme discipline" of the attack & defense scenario. In this exercise, the teams had to secure their own networks but in the meantime they also had to hack the networks of the other teams. In opposition to the conventional jeopardy format, teams have significantly more challenges to overcome in the attack & defense exercise. Here each team receives an identical environment, and not only has to protect this environment, but also to attack that of the other teams  In the area of defense, it is important to detect attacks performed by other teams through analysis of network traffic, log files or other artefacts left behind by the attackers. In the meantime, it is also necessary to eliminate the vulnerabilities in the applications to be protected without impairing the functionality or availability. At the same time, the assets of the other teams must be attacked in order to steal secret data (known as flags).  With 33 teams competing against each other this year, the pressure on each team was very high. However, the adrenaline levels boosted the motivation and engagement of the teams to perform at their best and find smart ways to achieve the efficiency required. Those teams who were the most flexible and who could therefore respond the fastest to the evolving scenarios, and change strategies accordingly were the most successful ones.

Let’s meet again next year!

The 2023 edition of the European Cybersecurity Challenge will take place in Hamar, Norway from the 23 to 28 October - Stay tuned on the ECSC website.

Background

The European Cybersecurity Challenge (ECSC) is an annual exercise, coordinated by the European Union Agency for cybersecurity. The event offers a platform for young cyber talents across Europe to gather and engage in networking over a unique opportunity to experience cooperation in trying to resolve a cybersecurity problem.

The ECSC is intended to encourage young people to pursue a career in cybersecurity, by challenging and developing the participants’ skills needed in such extreme situations and connecting them with industry.

Supported by the European Commission and EU Member States, the ECSC falls within the skills chapter of the EU Cyber Security Strategy for the Digital Decade and the NIS Directive.

Further information

ECSC website - European Cybersecurity Challenge

ECSC 2022 dedicated website - ecsc202.eu

ENISA topic – European Cybersecurity Challenge (ECSC)

ENISA report - Cybersecurity Skills Development in the EU

Contacts:

For questions related to the press and interviews, please contact press(at)enisa.europa.eu