Programme @

CYBERGOV

National Cyber Security Strategy Confex

5 July 2022

Millennium Gloucester Conference Centre, London

Programme @ CYBERGOV

Session One

defending the state, working with our allies, and ensuring the UK is safe and secure

Delivering the UK’s national cyber-security strategy

  • Measuring digital Britain’s defences in the cyber offensive age
  • Defending the UK government workforce – from the pandemic and beyond
  • Securing the UK’s critical national infrastructure
  • Strengthening the UK’s cyber resilience
  • Addressing the challenge of IAM in government
  • How to stop cyber criminals using ransomware to attack public services

09:00 (BST)

Conference Chair's Opening Address

Jessica Figueras
Founder, Hither Strategy
view profile

Jessica Figueras, Founder, Hither Strategy

09:05 (BST)

Measuring digital Britain’s defences in the cyber offensive age

Marc Hocking
Chief Information Security Officer, Houses of Parliament Restoration & Renewal
view profile

Marc Hocking, Chief Information Security Officer, Houses of Parliament Restoration & Renewal

Cyber threats from foreign states and criminal groups are growing more frequent and sophisticated.

Cyber-attacks continue to feature in the news, including prominent incidents in the last year affecting WhatsApp and British Airways.

The use of online services and ‘smart’ consumer devices connected to the internet is also increasing. This means that cyber security is not just an issue for the security services or big business, but for society as a whole.

This Insight will cover the primary threats to UK national cyber security.

• Cybercriminals
• States and state-sponsored groups
• Non-state actors – terrorist groups, independent hackers etc

09:20 (BST)

Threat & response in a cloud-enabled frontline workforce

The growth of mobility in workforces, moving access to sensitive and critical systems out of offices and to the frontline, continues to dominate workforce planning.

In response to this, we are seeing a steady increase in mobile targeting threats to exploit these platforms, both for consumers and enterprise customers.

What are you doing to enable and protect your assets in an increasingly mobile world?

• Frontline mobility is a key trend
• Mobile targeted threats, trends and use cases
• Defensive measures & deployment considerations

09:35 (BST)

Defending the UK government workforce – from the pandemic and beyond

Alex Harris
Cyber Security Assurance Policy Lead, NHSX
view profile

Alex Harris, Head of NHS and Social Care Cyber Risk, NHSX

The disruption of the pandemic along with the anywhere workforce resulted in a surge of sophisticated cyberattacks and material breaches. 76% of global cybersecurity professionals said attacks increased due to employees working remotely.

Security teams now face the challenge of securing the anywhere workforce. The new workforce has created blind spots and a lack of visibility, highlighting the vulnerabilities in legacy security solutions and security strategies.

We provide –

• A clear picture of the global cyber threat landscape
• Identified trends in hacking and malicious attacks
• The financial and reputational impact breaches have had
• Examination of organizations’ plans for securing new technology and adopting a cloud-first security strategy

 

09:50 (BST)

Strengthening the UK’s cyber resilience

Hugh Tatton-Brown
Head of Cyber Strategy & Architecture, MoD
view profile

Hugh Tatton-Brown, Head of Cyber Strategy & Architecture, MoD

Cyber security and resilience are foundational to the UK’s wider strategic aims as a cyber power: without them, the UK cannot hope to take full advantage of the transformational potential of digital technologies to protect the UK’s strategic advantage in and through cyberspace.

The UK must continue building strong cyber defences, taking action to secure the UK’s digital networks, information and assets at a national, local and individual level and ensure they are resilient when incidents occur.

We address:

  • Understanding the nature of the risk
  • The action needed to secure systems to prevent and resist cyber-attacks
  • Being resilient to the reality of successful attacks and minimising their impact

10:05 (BST)

Strengthening the UK’s cyber resilience

Muslim Saadat
Deputy National Security Advisor, National Security Council, Government of Afghanistan (2021)
view profile

Muslim Saadat, Deputy National Security Advisor, National Security Council, Government of Afghanistan (2021)

Cyber security and resilience are foundational to the UK’s wider strategic aims as a cyber power: without them, the UK cannot hope to take full advantage of the transformational potential of digital technologies to protect the UK’s strategic advantage in and through cyberspace.

The UK must continue building strong cyber defences, taking action to secure the UK’s digital networks, information and assets at a national, local and individual level and ensure they are resilient when incidents occur.

We address:

• Understanding the nature of the risk
• The action needed to secure systems to prevent and resist cyber-attacks
• Being resilient to the reality of successful attacks and minimising their impact

 

10:20 (BST)

Questions to the Panel of Speakers

10:35 (BST)

Refreshment Break Served in the Exhibition Area

11:05 (BST)

Widening the cyber talent pool to address the skills gap

Purvi Kay
Head of Cyber Policy, Outreach & Business Operations Team, Home Office
view profile

Purvi Kay, Head of Cyber Policy, Outreach & Business Operations Team, Home Office

The public sector faces twice the challenge of finding and retaining a cybersecurity workforce – it is impacted by the worldwide skills shortage but cannot compete with the competitive salaries that the private sector can provide.

To overcome this and to continue finding the necessary skills to protect vital public assets from cyber-attack, the public sector will have to be creative and flexible in the ways it sources security talent.

This presentation looks at successful initiatives to plug the skills gap which address:

• Diversity of background and skills
• Making Government an attractive place to work for security professionals
• Improving pathways from other areas of government

11:20 (BST)

Challenge and opportunity in the UK's Government Cyber Security Strategy

Callum Maxwell
Policy Fellow, Centre for Science and Policy, University of Cambridge
view profile

Callum Maxwell, Policy Fellow, University of Cambridge

i). Framing the UK Government’s strategic ambition and visions under the Integrated Review;

ii). How organisations in central Government and the wider public sector can posture themselves to build effective tools, procedures and cultures;

iii). How strategic delivery can be most effectively driven

11:35 (BST)

Questions to the Panel of Speakers & Delegates move to the Seminar Rooms

11:50 (BST)

Seminar Sessions

12:30 (BST)

Networking Lunch Served in the Exhibition Area

Session Two

detect, deter and defend against new and emerging threats

Sourcing, harnessing and managing the tools, technologies and processes needed to secure the UK

  • The role AI can play in safeguarding government data
  • A blockchain-based digital government – secure by design
  • Big data, dark data privacy, security, integrity, and survivability issues
  • Threat & response in a cloud-enabled frontline workforce
  • Improving data and cyber security across government
  • Improving threat intelligence collaboration across the public sector

13:30 (BST)

Conference Chair’s Afternoon Address

Jessica Figueras, Founder, Hither Strategy

13:35 (BST)

Defending the UK government workforce – from the pandemic and beyond

Michelle Nwakuba
Testing Incidents Response Management Lead, Department of Health and Social Care
view profile

Michelle Nwakuba, Testing Incidents Response Management Lead, Department of Health and Social Care

The disruption of the pandemic along with the anywhere workforce resulted in a surge of sophisticated cyberattacks and material breaches. 76% of global cybersecurity professionals said attacks increased due to employees working remotely.

Security teams now face the challenge of securing the anywhere workforce. The new workforce has created blind spots and a lack of visibility, highlighting the vulnerabilities in legacy security solutions and security strategies.

We provide –

• A clear picture of the global cyber threat landscape
• Identified trends in hacking and malicious attacks
• The financial and reputational impact breaches have had
• Examination of organizations’ plans for securing new technology and adopting a cloud-first security strategy

13:50 (BST)

A blockchain-based digital government – secure by design

Governments and public sector organizations can better protect the robustness of their cybersecurity architectures and supporting infrastructure by leveraging blockchain to move away from siloed and inefficient centralised systems.

Current systems are inherently insecure and costly, while blockchain networks offer more secure, agile, and cost-effective structures.

We address:

  • Secure storage of government, citizen, and business data
  • Reduction of labour-intensive processes
  • Reduction of excessive costs associated with managing accountability
  • Reduced potential for corruption and abuse
  • Increased trust in government and online civil systems

14:05 (BST)

Moving to the Cloud Securely with DevSecOps

Vincent King
Head of DevSecOps, Bank of England
view profile

Vincent King, Head of DevSecOps, Bank of England

Cloud technologies can bring great advantages from cost savings to resilience, but these benefits can come at a cost if we aren’t careful.

With products, services, and projects being pushed to the Cloud, efforts must be made to use Cloud carefully and in the correct way.

From lifting-and-shifting to using Cloud-native resources, we’ll talk about:

• DevSecOps – how it is, and how it should be
• Go, Move, Shift – Dealing with project pressures
• Can we move at speed and stay secure?

14:20 (BST)

Questions to the Panel of Speakers

14:35 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:05 (BST)

Security Assurance in the DWP

Geoff Hodge
Lead Security Risk Assurance Manager, DWP
view profile

Geoff Hodge, Lead Security Risk Assurance Manager, DWP

We design security into all our systems and processes. We secure our data whether at rest, in transit or in use. We protect people and places. Or do we? We design security from the start but when deadlines approach, is security still a priority? Are those controls we put in place five years ago still working, or even appropriate anymore? The manual processes ensure security, but is anyone following it?

We address these challenges through a new 2nd line security assurance function:

• Alignment with principles of risks and corporate strategy
• Scoping it right
• Evidence is key
• What lies ahead

15:35 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

16:05 (BST)

How to stop cyber criminals using ransomware to attack public services

Mohamed Hussein
Senior Cyber Security Analyst, Cabinet Office
view profile

Mohamed Hussein, Senior Cyber Security Analyst, Cabinet Office

Ransomware in the public sector has always been a target for cybercriminals intent on data theft and criminal damage, with local government being the biggest target for such attacks.

Ransomware-as-a-Service in the public sector, packaged like a consumer product, make the creation of ransomware campaigns much easier and at the disposal of anyone motivated to do so.

We address, how RaaS is fuelling the rise in ransomware attacks, those that are specifically designed to attack the public sector, and how best to mitigate such threats with a person-centred, technology-enabled approach.

16:20 (BST)

Improving data and cyber security across government

Storing and sharing information securely is central to the provision of good, secure government. From accessing highly sensitive health and care records in the NHS and DHSC to expertly calibrating and directing services using the private data of citizens in receipt of DWP services, data and cyber security is an issue for everyone.

But how do the multiple data and cyber security initiatives work together, and how do they support commissioners, regulators, software suppliers and policymakers – as well as care providers?

16:35 (BST)

Improving threat intelligence collaboration across the public sector

More often than not, cyber-attacks do not distinguish between different government departments, siloes and responsibilities. Unfortunately, government cyber responses – even when effective, act as they do.

The result? A lack of shared knowledge has made attacks more effective, and work overlaps across hundreds of public sector bodies all working to mitigate the same attacks.

In this session, we make the argument for greater threat intelligence sharing across government to better address the growing cyber threat.

16:50 (BST)

Questions to the Panel of Speakers

17:00 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras, Founder, Hither Strategy

17:05 (BST)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.