With joint working at its heart, 2013
has been a pivotal year for cyber security reform across Government; with directives
including the setup of National Cyber Crime Unit, the Cyber Crime Reserve Unit,
Oxford’s global cyber capacity centre and the Cyber Information Sharing
Partnership.
The 2013 Annual Cyber Security Summit took place on the 26th
November at the Queen Elizabeth II Conference and bought together over 400
senior security professionals, 15 high profiled speakers and a range of
suppliers in the field to address these transformative reforms from both operational
and strategic perspective.
The Summit took place on the 2 year
anniversary of the Government Cyber Security Strategy and the day of the
release of the UK cyber Security Standards Research Report by the Department
for Business, Innovation and Skills. With these timely announcements, and a
year of renovation, the day was greatly anticipated by those in attendance. The
day’s proceedings were started by the annual Summit chair Andrew Miller MP, Chair of the Commons Science and Technology
Committee.
The opening keynote address was
delivered by Neil Kenward, Deputy
Director, for Cyber Programme Management, Cabinet Office. Neil covered the full
breadth of the Governmental reforms from the perspective of the four strategic
objectives which he explained to be cyber safety; cyber resilience, influencing
the international agenda and governance and finally improving research and
skills, all within the banner of maximising economic and social value. Notably,
£860million has been put forward for this long term project into cyber security
and results according to Neil include an increased situational awareness by
working more with GCHQ and improvements to cyber policing. Furthermore, he
announced that a new public awareness campaign and roll out of the Computer
Emergency Response Team will be going ahead in early in 2014, which paints for
an exciting year ahead in UK cyber security. Andy
Archibald, Head of the newly created National Cyber Crime Unit with the National
Crime Agency covered the law enforcement perspective and their capability,
echoing sentiments raised by Neil Kenward, including the need for international
collaboration and cooperation to create a model to de-conflict cybercrime.
Furthermore, he went further to say a proactive global response to cybercrime
its necessary to understand and react effectively to “footprints in the digital
world”.
Mark Brown,
Director – Risk (Information Security), EY who was also the headline sponsor
for the day explored new approaches to new threats. What was particularly
insightful about his presentation was his industry perspective, highlighting
three crucial drivers for implementing cyber security. These were: protecting
the bottom line, corporate and customer reputation. He further highlighted the
universal problem now was that despite a universal understanding of the
importance of cyber security the resource challenge in delivering this agenda
was still a set back. Primarily, the skills gap in the UK. He shared that there
has been a 20 year decline in computing and engineering graduates and this
needed to increase to meet the demand for security professionals. This was developed
by the Cyber Security Challenge session delivered by its CEO, Stephanie Daman who highlighted the
current obstacles for entry. These included a lack of attractiveness of cyber
security careers, gender differentiation, and the “disconnect” between
university syllabus and industry jobs. She also covered potential talent pool
investment methods, especially bearing that the cyber security market is set be
worth £3.4 billion by 2017. Finally, Richard
Cox, CIO of Spamhaus delivered an enlightening presentation into their
recent DDoS attacks and covered from his perspective areas that require
improvements including dealing with victimless crimes. Following lunch, further networking and
interactive, supplier led seminars into the latest trends, practice and innovation
techniques, took place. In the networking sessions we were delighted to see
contacts being renewed, ideas being developed and future partnerships forged.
The afternoon plenary commenced with Andrew Blyth, Professor of Information Security and Computer
Forensics at the University of South Wales who covered Advanced Evasion
Techniques and the motivational reasons behind cybercrime. He explored his
recent study findings which showed that 50% of attacks were getting through the
Intrusion Prevention System when testing systems, and highlighted the issues
and problems that still needed to be addressed. Furthermore, he covered methods
and ability to manipulate protocols of AETs being used in the wild which they
logged across their machine, and accounted for 50,000 attacks per day. Andrew’s
insightful session was followed by sponsor, James Sherlow from Palo Alto who continued on the theme of modern
day malware and what today’s defences are looking like and what they can look
like in the future. Finally, the informative summit closed with a keynote from Andrew Tyrer, Lead Specialist – Digital
from the Technology Strategy Board, who covered off the numerous competitions,
grant funding options available to the sector in network and digital security. He
shared insight into the Severn Valley Cyber Launchpad funding competition which
closes on the 8th January and the £4 million grant for remote
workers and securing their devices whilst also exploring innovations across the
marketplace. Finally, he shared insight into the £5,000 Innovation vouchers
scheme for organisations to bid for to use as a method to go out to market to
get advice around cyber security to secure both Government and businesses.
Thank you to all those involved with the Cyber Security Summit and we look
forward to welcoming you to the 2014 Summit in the Autumn.
Merry Christmas and A Happy New Year!
