Government IT Security Conference

9 May 2019

Victoria Park Plaza, London




Session ONE – Creating a Cyber Secure Government and Society

  • How the UK is meeting policy objectives and securing citizens and business
  • Improving collaboration across sectors, government, and public bodies
  • New advancements in Critical National Infrastructure security
  • Overcoming the skills gap and finding new talent in the security sphere
  • Improving resilience across the public sector
  • Combatting and understanding cyber crime and attack methods
The Conference Chair's Opening Remarks
Opening Keynote: Making Britain Secure and Resilient in Cyberspace

Senior Representative, NCSC {confirmed}

Government is the centrepiece of the whole National Cyber Security Strategy, responsible for the protection of citizens, the provision of essential public services, and the protection of its own sensitive and personal data.

Our opening keynote examines how government is meeting the cyber security objectives, and what more can be done to make the UK one of the world’s leading digital nations. We focus on how government is defending against evolving threats, deploying deterrence, and developing an innovative, growing cyber security industry.

Driving Digital throughout Government: A review of the Cloud First Policy

Research conducted by the Cloud Industry Forum found that “82% of public sector organisations have deployed at least one cloud service”. This presentation seeks to discover how cloud technology is still being fiercely championed within the public sector, with cloud adoption increasingly on the rise throughout 2019.

We explore:

  • Establishing a Change Culture – Sharing the fundamental elements of effective leadership when driving a full force cloud adoption and exploring a lack of understanding as a key barrier to implementation
  • Discovering the multiple benefits of cloud from a public service delivery perspective e.g Digitisation of information and migration to the cloud can reduce costs, therefore, freeing up budgets to invest in other areas such as public infrastructure and new public facilities
  • Utilising a Hybrid Approach
Improving Threat Intelligence Collaboration Across the Public Sector

Professor John Walker CFIP, Advisory Board, Research Centre in Cyber Security, University of Kent; Visiting Professor, School of Science and Technology, University of Nottingham

More often than not, cyber attacks do not distinguish between different government departments, siloes and responsibilities. Unfortunately, government cyber responses – even when effective, act like they do.

The result? A lack of shared knowledge which has made attacks more effective, and work overlap across hundreds of public sector bodies all working to mitigate the same attacks.

In this session, we make the argument for greater threat intelligence sharing across government to better overcome the growing cyber threat.

Scaling DevOps throughout Central Government and Beyond

DevOps aims at delivering software by breaking down the divides between development and operations teams allowing for quicker and more efficient delivery of software services. However, DevOps has not been picked up by the public sector as quickly as its private sector counterparts, with some estimates putting its adoption at a mere 40 per cent.

We look at:

  • Creating a Soundproof DevOps Strategy – Having clear objectives which will meet the fundamental needs of the public sector and adding these to the business target operating models to enable clear achievable aims
  • Identifying the barriers of DevOps implementation- Funding costs to implement DevOps and upgrading legacy systems to utilise newer software that is more conducive to a DevOps cultural environment
  • Slow and steady wins the race- Progressively introducing agile development and increasing automation and continuous integration
What Can Other Sectors Learn from Security Advancements in Critical National Infrastructure?

David Higgins CISO, High-Risk Programme Reviewer, Infrastructure & Projects Authority

Ahead of the implementation of the NIS directive, which placed stringent security requirements on organisations providing essential national services, there have been dramatic changes to the cybersecurity of providers of Critical National Infrastructures.

In this presentation, we explore the key changes to CNI and ask if they can be transposed into other areas of government.

Widening the Cyber Talent Pool to Address the Skills Gap

Dr Mils Hills, Associate Professor in Risk, Resilience and Corporate Security, University of Northampton Business School; Senior Subject Matter Expert, NATO

The public sector faces twice the challenge of finding and retaining a cybersecurity workforce – it is impacted by the worldwide skills shortage, but cannot compete with the competitive salaries that the private sector can provide.
To overcome this and to continue finding the necessary skills to protect vital public assets from cyber attack, the public sector will have to be creative and flexible in the ways it sources security talent.

This presentation looks at successful initiatives to plug the skills gap which address:

  • Diversity of background and skills
  • Making the public sector an attractive place to work for security professionals
  • Improving pathways from other areas of government
Questions to The Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Role of Cryptocurrencies in the Cybercrime Landscape

Although cryptocurrencies may eventually prove to bring real benefits to society, at present they are also an integral part of the cybercrime world. In this presentation we explore the current ways cryptocurrencies are being used in dark markets, current law enforcement efforts to stymie their use, and how the crypto ecosystem is evolving to benefit cybercrime.

Responding to Ransomware

Despite the growing awareness of the danger ransomware poses to IT systems, it remains a major threat to public sector IT infrastructure and data. Using the case study of a public body hit by ransomware, we look at the key areas of prevention and response, focusing on:

  • Putting in place effective back-up systems and improving resilience
  • Data loss prevention mechanisms
  • The legal and ethical consequences of paying ransom
  • Safeguarding your most sensitive data and assets
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Innovations and Best Practice

  • How to respond to a data breach
  • Building a security culture that can respond to new threats
  • The impact of new legislation on security
  • Tackling the most prescient threats
  • Ensuring the security of essential digital services
  • Assessing, understanding, and improving your security posture
The Conference Chair Opens the Afternoon Session
The Serious Incident Response Playbook

Lorraine Dryland, Deputy Director of Technology Security, Department for Work and Pensions

It is the call that every security team dreads – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data. But how prepared are you for this eventual scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few are prepared for the widespread disruption and compromise caused by a serious breach.

This presentation looks at how you can develop a key playbook for responding to serious incidents and implement it within your own organisation.

The Key Elements of Building a Strong Security Culture

How can you build a security culture where employees actively strengthen your defences, cooperate with security teams, and understand the responsibilities of holding sensitive data?

In this presentation we focus on the key elements of creating a strong security culture, from building communication and user engagement to finding security champions throughout your organisation.

GDPR and Cyber Security – How Will ‘Appropriate Action’ Evolve?

Will Davies, Head Of Information Security and Assurance, Cabinet Office

GDPR does not specifically mandate how organisations should process their data securely, instead of expecting organisations to take ‘appropriate action’ using technical and organisational measures to protect their systems. This ‘appropriate action’ is currently interpreted as taking reasonable steps to ensure data is kept and transferred securely and keeping up basic cyber hygiene.

As security threats change, this definition is unlikely to remain static. But how will this interpretation adapt in years to come? This presentation explores how future cybersecurity requirements of GDPR are set to evolve, and how the public sector needs to adapt to keep abreast of these changes.

Questions to The Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
NCSC Biometrics Guidance and identity assurance

Chris Allgrove, Identity Lead for National Cyber Security Centre, NCSC

The use of a biometric to verify an identity is becoming increasingly common and the National Cyber Security Centre has recently published new guidance on the use of biometrics. The presentation will provide an overview of the content. The principles behind the guidance will be introduced and the factors necessary to deliver an appropriate solution will be described.

• Biometrics are becoming ubiquitous and are standard on most mobile devices, leading to new opportunities for system developers
• They are an increasingly important component of many online services
• The guidance seeks to provide advice to those thinking of, or in the process of, deploying a biometric as part of a wider system
• It provides a combination of useful background information and more detailed advice

Securing Agile Digital Services

Digital services are one of the key drivers of innovation and the most successful way of breaking down complex governmental structures into easy to use platforms. Yet securing these services can be a security challenge, especially when they are being delivered continuously in an agile environment.

This session explores the ways digital services can be secured, even as they are frequently being released and updated, through:

  • Web app and infrastructure penetration testing
  • Selecting IT architecture that reduces security overhead
  • Creating a culture of secure by design across your organisation
Improving Asset Management in the Age of Shadow IT

IT asset management is a key way to manage vulnerabilities and track breaches across your organisation, but with the introduction of more and more user devices into the network, is it still possible and worthwhile to manage assets effectively?

This presentation argues that it can be done, as long as organisations change the way they think about shadow IT and embrace the new complexities it causes.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.