Monday, 16 December 2013

Cyber Security - Working in Partnership to Deliver Social Value and Economic Prosperity

With joint working at its heart, 2013 has been a pivotal year for cyber security reform across Government; with directives including the setup of National Cyber Crime Unit, the Cyber Crime Reserve Unit, Oxford’s global cyber capacity centre and the Cyber Information Sharing Partnership.

The 2013 Annual Cyber Security Summit took place on the 26th November at the Queen Elizabeth II Conference and bought together over 400 senior security professionals, 15 high profiled speakers and a range of suppliers in the field to address these transformative reforms from both operational and strategic perspective.

The Summit took place on the 2 year anniversary of the Government Cyber Security Strategy and the day of the release of the UK cyber Security Standards Research Report by the Department for Business, Innovation and Skills. With these timely announcements, and a year of renovation, the day was greatly anticipated by those in attendance. The day’s proceedings were started by the annual Summit chair Andrew Miller MP, Chair of the Commons Science and Technology Committee.

The opening keynote address was delivered by Neil Kenward, Deputy Director, for Cyber Programme Management, Cabinet Office. Neil covered the full breadth of the Governmental reforms from the perspective of the four strategic objectives which he explained to be cyber safety; cyber resilience, influencing the international agenda and governance and finally improving research and skills, all within the banner of maximising economic and social value. Notably, £860million has been put forward for this long term project into cyber security and results according to Neil include an increased situational awareness by working more with GCHQ and improvements to cyber policing. Furthermore, he announced that a new public awareness campaign and roll out of the Computer Emergency Response Team will be going ahead in early in 2014, which paints for an exciting year ahead in UK cyber security.  Andy Archibald, Head of the newly created National Cyber Crime Unit with the National Crime Agency covered the law enforcement perspective and their capability, echoing sentiments raised by Neil Kenward, including the need for international collaboration and cooperation to create a model to de-conflict cybercrime. Furthermore, he went further to say a proactive global response to cybercrime its necessary to understand and react effectively to “footprints in the digital world”.

Mark Brown, Director – Risk (Information Security), EY who was also the headline sponsor for the day explored new approaches to new threats. What was particularly insightful about his presentation was his industry perspective, highlighting three crucial drivers for implementing cyber security. These were: protecting the bottom line, corporate and customer reputation. He further highlighted the universal problem now was that despite a universal understanding of the importance of cyber security the resource challenge in delivering this agenda was still a set back. Primarily, the skills gap in the UK. He shared that there has been a 20 year decline in computing and engineering graduates and this needed to increase to meet the demand for security professionals. This was developed by the Cyber Security Challenge session delivered by its CEO, Stephanie Daman who highlighted the current obstacles for entry. These included a lack of attractiveness of cyber security careers, gender differentiation, and the “disconnect” between university syllabus and industry jobs. She also covered potential talent pool investment methods, especially bearing that the cyber security market is set be worth £3.4 billion by 2017. Finally, Richard Cox, CIO of Spamhaus delivered an enlightening presentation into their recent DDoS attacks and covered from his perspective areas that require improvements including dealing with victimless crimes.  Following lunch, further networking and interactive, supplier led seminars into the latest trends, practice and innovation techniques, took place. In the networking sessions we were delighted to see contacts being renewed, ideas being developed and future partnerships forged.

The afternoon plenary commenced with Andrew Blyth, Professor of Information Security and Computer Forensics at the University of South Wales who covered Advanced Evasion Techniques and the motivational reasons behind cybercrime. He explored his recent study findings which showed that 50% of attacks were getting through the Intrusion Prevention System when testing systems, and highlighted the issues and problems that still needed to be addressed. Furthermore, he covered methods and ability to manipulate protocols of AETs being used in the wild which they logged across their machine, and accounted for 50,000 attacks per day. Andrew’s insightful session was followed by sponsor, James Sherlow from Palo Alto who continued on the theme of modern day malware and what today’s defences are looking like and what they can look like in the future. Finally, the informative summit closed with a keynote from Andrew Tyrer, Lead Specialist – Digital from the Technology Strategy Board, who covered off the numerous competitions, grant funding options available to the sector in network and digital security. He shared insight into the Severn Valley Cyber Launchpad funding competition which closes on the 8th January and the £4 million grant for remote workers and securing their devices whilst also exploring innovations across the marketplace. Finally, he shared insight into the £5,000 Innovation vouchers scheme for organisations to bid for to use as a method to go out to market to get advice around cyber security to secure both Government and businesses.

Thank you to all those involved with the Cyber Security Summit and we look forward to welcoming you to the 2014 Summit in the Autumn.

Merry Christmas and A Happy New Year!