Programme @

CYBERGOV

National Cyber Security Strategy Confex

18 October 2022

Victoria Park Plaza Hotel, London

Programme @ CYBERGOV

Session One

defending the state, working with our allies, and ensuring the UK is safe and secure

Delivering the UK’s national cyber-security strategy

  • Measuring digital Britain’s defences in the cyber offensive age
  • Defending the UK government workforce – from the pandemic and beyond
  • Securing the UK’s critical national infrastructure
  • Strengthening the UK’s cyber resilience
  • Addressing the challenge of IAM in government
  • How to stop cyber criminals using ransomware to attack public services

09:00 (BST)

Conference Chair's Opening Address

Jessica Figueras, Founder, Hither Strategy

09:05 (BST)

Measuring digital Britain’s defences in the cyber offensive age

Marc Hocking
Chief Information Security Officer, Houses of Parliament Restoration & Renewal
view profile

Marc Hocking, Chief Information Security Officer, Houses of Parliament Restoration & Renewal

Cyber threats from foreign states and criminal groups are growing more frequent and sophisticated.

Cyber-attacks continue to feature in the news, including prominent incidents in the last year affecting WhatsApp and British Airways.

The use of online services and ‘smart’ consumer devices connected to the internet is also increasing. This means that cyber security is not just an issue for the security services or big business, but for society as a whole.

This Insight will cover the primary threats to UK national cyber security.

• Cybercriminals
• States and state-sponsored groups
• Non-state actors – terrorist groups, independent hackers etc

09:20 (BST)

Threat & response in a cloud-enabled frontline workforce

The growth of mobility in workforces, moving access to sensitive and critical systems out of offices and to the frontline, continues to dominate workforce planning.

In response to this, we are seeing a steady increase in mobile targeting threats to exploit these platforms, both for consumers and enterprise customers.

What are you doing to enable and protect your assets in an increasingly mobile world?

• Frontline mobility is a key trend
• Mobile targeted threats, trends and use cases
• Defensive measures & deployment considerations

09:35 (BST)

Developing a Cyber Security Strategy across the health and care sector - how to set a strategy that is meaningful for all.

Dr Bettina Mavrommatis
Cyber Security Strategy Lead, NHSX
view profile

Dr Bettina Mavrommatis, Cyber Security Strategy Lead, NHSX

The future of the NHS and social care relies on using digital technology to provide safer, more efficient, and more personalised care.

The opportunities are immense.

However, the more we digitise and connect the health and social care system, the larger the value of its data and the greater the opportunity for cyber-attacks.

Strong cyber security is integral to the digital transformation agenda and the two must go hand in hand.

213 NHS Trusts, 6559 GPs, 27,000 Adult Social Care providers and over 27,000 dentists, community pharmacies and opticians combined – the health and care sector is immense and complex with different requirements and operating in slightly different contexts.

How do we set a Cyber Security Strategy that is meaningful for all?

09:50 (BST)

Defence’s vision to build a stronger, cyber-resilient Defence

Hugh Tatton-Brown
Head of Cyber Strategy & Architecture, MoD
view profile

Hugh Tatton-Brown, Head of Cyber Strategy & Architecture, MoD

This presentation outlines the recently published Cyber Resilience Strategy for Defence, covering how we will achieve the vision “to build a stronger, cyber-resilient Defence”.

The strategy is about driving focus and coherence to address cyber defence and building cyber resilience over the next 5 years and is aligned with the National and government cyber strategies.

It sets out the imperative in clear terms and outlines the challenges and scale of the problem. Also highlighted are some of the critical successes to date, and a high-level look at how Defence intends to deliver the vision.

The audience will:

• gain a clear understanding of the urgency and scale facing Defence’s cyber resilience
• see how the problem spans all aspects of Defence from the back office to the front line
• be shown how input from across Defence’s business units is required in order to effect the change
• see that Defence’s people and culture will play a large role in achieving the vision, as well as fundamental technical challenges

10:05 (BST)

Strengthening the UK’s cyber resilience

Muslim Saadat
Deputy National Security Advisor, National Security Council, Government of Afghanistan (2021)
view profile

Muslim Saadat, Deputy National Security Advisor, National Security Council, Government of Afghanistan (2021)

Cyber security and resilience are foundational to the UK’s wider strategic aims as a cyber power: without them, the UK cannot hope to take full advantage of the transformational potential of digital technologies to protect the UK’s strategic advantage in and through cyberspace.

The UK must continue building strong cyber defences, taking action to secure the UK’s digital networks, information and assets at a national, local and individual level and ensure they are resilient when incidents occur.

We address:

• Understanding the nature of the risk
• The action needed to secure systems to prevent and resist cyber-attacks
• Being resilient to the reality of successful attacks and minimising their impact

 

10:20 (BST)

Questions to the Panel of Speakers

10:35 (BST)

Refreshment Break Served in the Exhibition Area

11:05 (BST)

Widening the cyber talent pool to address the skills gap

Purvi Kay
Head of Cyber Policy, Outreach & Business Operations Team, Home Office
view profile

Purvi Kay, Head of Cyber Policy, Outreach & Business Operations Team, Home Office

The public sector faces twice the challenge of finding and retaining a cybersecurity workforce – it is impacted by the worldwide skills shortage but cannot compete with the competitive salaries that the private sector can provide.

To overcome this and to continue finding the necessary skills to protect vital public assets from cyber-attack, the public sector will have to be creative and flexible in the ways it sources security talent.

This presentation looks at successful initiatives to plug the skills gap which address:

• Diversity of background and skills
• Making Government an attractive place to work for security professionals
• Improving pathways from other areas of government

11:20 (BST)

Effective secure by design into live security assurance

Andy Wall
Chief Security Officer, Office for National Statistics
view profile

Andy Wall, Chief Security Officer, Office for National Statistics

A canter through a live example of implementing secure by design into security assurance in live operations, providing confidence to internal and external stakeholders that good security is built in and it’s working well.

Key points of the end-to-end approach are:

  • What the business really wants
  • Governance and technical security
  • Threat informing security measures
  • Key design and assurance aims
  • Risk and mitigation choices

11:35 (BST)

Challenge and opportunity in the UK's Government Cyber Security Strategy

Callum Maxwell
Policy Fellow, Centre for Science and Policy, University of Cambridge
view profile

Callum Maxwell, Policy Fellow, University of Cambridge

i). Framing the UK Government’s strategic ambition and visions under the Integrated Review;

ii). How organisations in central Government and the wider public sector can posture themselves to build effective tools, procedures and cultures;

iii). How strategic delivery can be most effectively driven

11:50 (BST)

Questions to the Panel of Speakers & Delegates move to the Seminar Rooms

12:05 (BST)

Seminar Sessions

12:45 (BST)

Networking Lunch Served in the Exhibition Area

Session Two

detect, deter and defend against new and emerging threats

Sourcing, harnessing and managing the tools, technologies and processes needed to secure the UK

  • The role AI can play in safeguarding government data
  • A blockchain-based digital government – secure by design
  • Big data, dark data privacy, security, integrity, and survivability issues
  • Threat & response in a cloud-enabled frontline workforce
  • Improving data and cyber security across government
  • Improving threat intelligence collaboration across the public sector

13:30 (BST)

Conference Chair’s Afternoon Address

Jessica Figueras, Founder, Hither Strategy

13:35 (BST)

Defending the UK government workforce – from the pandemic and beyond

Michelle Nwakuba
Testing Incidents Response Management Lead, Department of Health and Social Care
view profile

Michelle Nwakuba, Testing Incidents Response Management Lead, Department of Health and Social Care

The disruption of the pandemic along with the anywhere workforce resulted in a surge of sophisticated cyberattacks and material breaches. 76% of global cybersecurity professionals said attacks increased due to employees working remotely.

Security teams now face the challenge of securing the anywhere workforce. The new workforce has created blind spots and a lack of visibility, highlighting the vulnerabilities in legacy security solutions and security strategies.

We provide –

• A clear picture of the global cyber threat landscape
• Identified trends in hacking and malicious attacks
• The financial and reputational impact breaches have had
• Examination of organizations’ plans for securing new technology and adopting a cloud-first security strategy

13:50 (BST)

Do Your KPIs Reflect Your Risk: Secure by Design and Zero Trust

Robert di Schiavi
Head of Cyber Security, Civil Service
view profile

Robert di Schiavi, Head of Cyber Security: Parliamentary & Health Service Ombudsman

The state of the external threat is now fully understood.

Hackers have learned to achieve greater disruption by exploiting even the basics of misconfigured controls.

However, a truly defined understanding of Secure by Design appears lost in translation, only used as a ‘would like’ strategy.

In this presentation, I will draw out a plan to show how existing projects can be brought into the Secure by Design strategy by identifying key performance indicators against key risk indicators.

• Introduction to the five Laws of Cyber Security
• The fallacy of yet another strategy
• Key Risks indicators and Indicators of Compromise
• Reporting against the true environmental predictors
• Zero Trust and Zero tolerance

14:05 (BST)

Moving to the Cloud Securely with DevSecOps

Vincent King
Head of DevSecOps, Bank of England
view profile

Vincent King, Head of DevSecOps, Bank of England

Cloud technologies can bring great advantages from cost savings to resilience, but these benefits can come at a cost if we aren’t careful.

With products, services, and projects being pushed to the Cloud, efforts must be made to use Cloud carefully and in the correct way.

From lifting-and-shifting to using Cloud-native resources, we’ll talk about:

• DevSecOps – how it is, and how it should be
• Go, Move, Shift – Dealing with project pressures
• Can we move at speed and stay secure?

14:20 (BST)

Questions to the Panel of Speakers

14:35 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:05 (BST)

Security Assurance in the DWP

Geoff Hodge
Lead Security Risk Assurance Manager, DWP
view profile

Geoff Hodge, Lead Security Risk Assurance Manager, DWP

We design security into all our systems and processes. We secure our data whether at rest, in transit or in use. We protect people and places. Or do we? We design security from the start but when deadlines approach, is security still a priority? Are those controls we put in place five years ago still working, or even appropriate anymore? The manual processes ensure security, but is anyone following it?

We address these challenges through a new 2nd line security assurance function:

• Alignment with principles of risks and corporate strategy
• Scoping it right
• Evidence is key
• What lies ahead

15:20 (BST)

Panel Discussion and Audience Q&A

15:35 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

16:05 (BST)

How to stop cyber criminals using ransomware to attack public services

Mohamed Hussein
Senior Cyber Security Analyst, Cabinet Office
view profile

Mohamed Hussein, Senior Cyber Security Analyst, Cabinet Office

Ransomware in the public sector has always been a target for cybercriminals intent on data theft and criminal damage, with local government being the biggest target for such attacks.

Ransomware-as-a-Service in the public sector, packaged like a consumer product, make the creation of ransomware campaigns much easier and at the disposal of anyone motivated to do so.

We address, how RaaS is fuelling the rise in ransomware attacks, those that are specifically designed to attack the public sector, and how best to mitigate such threats with a person-centred, technology-enabled approach.

16:20 (BST)

Improving data and cyber security across government

Storing and sharing information securely is central to the provision of good, secure government. From accessing highly sensitive health and care records in the NHS and DHSC to expertly calibrating and directing services using the private data of citizens in receipt of DWP services, data and cyber security is an issue for everyone.

But how do the multiple data and cyber security initiatives work together, and how do they support commissioners, regulators, software suppliers and policymakers – as well as care providers?

16:35 (BST)

The challenges facing law enforcement in cybercrime: how business can best support a judicial outcome

Chris P, Officer, National Cyber Crime Unit, NCA

The presentation will cover the key challenges facing law enforcement in cybercrime. Although there are plenty, this presentation will focus on the balancing of needs between the private sector and law enforcement and identify ways the private sector can support law enforcement.

• Case Study
• What are the key challenges facing law enforcement investigating cybercrime?
• What are the desired outcomes for law enforcement and for the victims (focusing on UK businesses)?
• How can UK businesses support law enforcement activity?

16:50 (BST)

Questions to the Panel of Speakers

17:00 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras, Founder, Hither Strategy

17:05 (BST)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.