OSCE CBM 14 Event on Cyber/ICT Security Confidence-Building Measures
Confidence and security-building measures (CBMs or CSBMs) — aimed at reducing the fear of attack among parties in a conflict situation — have been a fundamental part of arms control under the auspices of the Organization for Security and Cooperation in Europe (OSCE) since the early 1970s. Today, cybersecurity and resilience are key components of these measures, with the OSCE recognizing cooperation and information exchange between businesses, the scientific community, and public administrations as crucial factors. Austria, along with Belgium, Estonia, Italy, Sweden, and Finland, has co-adopted CBM 14 and initiated a series of events that highlight the pivotal role of public-private partnerships (PPP) in Austria’s national cyber strategy and ecosystem. Representatives from competent authorities and the private sector will share insights and discuss practical applications of these strategies. The inaugural event took place on November 4, 2024, in Vienna. Marco Squarcina delivered a key presentation on the challenges and ongoing activities conducted by him and other members of the Cybersecurity Center at TU Wien, along with our partners.
Marco Squarcina’s presentation offers a comprehensive overview of his extensive involvement in cybersecurity, highlighting his role as a Senior Scientist at TU Wien and his pivotal contributions to various cybersecurity initiatives and competitions. Marco co-organizes the Austria Cyber Security Challenge (ACSC), serves as a head coach for Team Austria, and actively supports the European Cybersecurity Challenge (ECSC). He also co-organizes the Shecurity initiative, aiming to foster inclusivity in cybersecurity.
In his presentation, Marco focuses on the ethical hacking landscape through the lens of Capture The Flag (CTF) competitions. He elaborates on these competitions where participants engage with vulnerable applications to uncover secret “flags,” simulating real-world cybersecurity threats across categories such as cryptography, web security, binary exploitation, and more.
Marco provides an in-depth look at the Austria Cyber Security Challenge, emphasizing its development as Austria’s foremost cybersecurity training initiative since its establishment in 2012. The ACSC has seen significant growth, attracting over 6,000 participants directly involved in the competitions, with more than 18,000 attempting the entry-level challenges. These challenges are designed to be accessible, providing a practical and engaging way to introduce cybersecurity to newcomers. Marco details the successes stemming from the ACSC, including the creation of six innovative startups by participants who were inspired and empowered through their engagement with the challenge. This entrepreneurial spirit is fostered by the realistic and immersive nature of the competition scenarios, which provide not only skills but also insights into potential cybersecurity business opportunities.
The media coverage of the ACSC has been substantial, with 681 reports highlighting the achievements and developments within the challenge, underscoring its importance as a national center of excellence in cybersecurity training. Marco points out that each year, the challenge culminates in the selection of new finalists who join the ranks of Team Austria, contributing fresh ideas and perspectives.
On the European stage, Marco speaks about the ECSC, spearheaded by Austria under ENISA’s guidance, designed to combat the shortage of skilled professionals in the field. He also introduces the openECSC, an inclusive event that extends beyond traditional constraints to invite global participation.
Internationally, Marco discusses the International Cyber Security Challenge (ICC), an ENISA initiative to broaden the reach of cybersecurity competitions worldwide. He proudly highlights Austria’s contributions to the ICC, including its role in training and mentoring upcoming cybersecurity talents through various international bootcamps.
Marco’s presentation not only underscores his leadership and expertise but also emphasizes the collaborative efforts across nations to strengthen global cybersecurity defenses.