Government IT Security Conference

9 May 2019

Victoria Park Plaza, London




Session ONE – Creating a Cyber Secure Government and Society

  • How the UK is meeting policy objectives and securing citizens and business
  • Improving collaboration across sectors, government, and public bodies
  • New advancements in Critical National Infrastructure security
  • Overcoming the skills gap and finding new talent in the security sphere
  • Improving resilience across the public sector
  • Combatting and understanding cyber crime and attack methods
The Conference Chair's Opening Remarks
Opening Keynote: Making Britain Secure and Resilient in Cyberspace

Government is the centrepiece of the whole National Cyber Security Strategy, responsible for the protection of citizens, the provision of essential public services, and the protection of its own sensitive and personal data.

Our opening keynote examines how government is meeting the cyber security objectives, and what more can be done to make the UK one of the world’s leading digital nations. We focus on how government is defending against evolving threats, deploying deterrence, and developing an innovative, growing cyber security industry.

Improving Threat Intelligence Collaboration Across the Public Sector

Professor John Walker CFIP, Advisory Board, Research Centre in Cyber Security, University of Kent; Visiting Professor, School of Science and Technology, University of Nottingham

More often than not, cyber attacks do not distinguish between different government departments, siloes and responsibilities. Unfortunately, government cyber responses – even when effective, act like they do.

The result? A lack of shared knowledge which has made attacks more effective, and work overlap across hundreds of public sector bodies all working to mitigate the same attacks.

In this session, we make the argument for greater threat intelligence sharing across government to better overcome the growing cyber threat.

What Can Other Sectors Learn from Security Advancements in Critical National Infrastructure?

David Higgins CISO, High Risk Programme Reviewer, Infrastructure & Projects Authority 

Ahead of the implementation of the NIS directive, which placed stringent security requirements on organisations providing essential national services, there have been dramatic changes to the cyber security of providers of Critical National Infrastructures.

In this presentation we explore the key changes to CNI and ask if they can be transposed into other areas of government.

Widening the Cyber Talent Pool to Address the Skills Gap

Dr Mils Hills, Associate Professor in Risk, Resilience and Corporate Security, University of Northampton Business School; Senior Subject Matter Expert, NATO

The public sector faces twice the challenge of finding and retaining a cyber security workforce – it is impacted by the worldwide skills shortage, but cannot compete with the competitive salaries that the private sector can provide.

To overcome this and to continue finding the necessary skills to protect vital public assets from cyber attack, the public sector will have to be creative and flexible in the ways it sources security talent. This presentation looks at successful initiatives to plug the skills gap which address:

  • Diversity of background and skills
  • Making the public sector an attractive place to work for security professionals
  • Improving pathways from other areas of government
Boosting Cyber Resilience in Local Government

Local authorities are key targets for nefarious attackers aiming to steal sensitive information, money, or simply cause disruption to government services.

This presentation tackles the way local authorities can do more to improve the resilience of their systems, exploring:

  • Improved collaboration and shared cyber services across local government
  • Security controls and information risk management
  • Overcoming the unique challenges local government faces
Questions to The Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Role of Cryptocurrencies in the Cybercrime Landscape

Although cryptocurrencies may eventually prove to bring real benefits to society, at present they are also an integral part of the cybercrime world. In this presentation we explore the current ways cryptocurrencies are being used in dark markets, current law enforcement efforts to stymie their use, and how the crypto ecosystem is evolving to benefit cybercrime.

Responding to Ransomware

Despite the growing awareness of the danger ransomware poses to IT systems, it remains a major threat to public sector IT infrastructure and data. Using the case study of a public body hit by ransomware, we look at the key areas of prevention and response, focusing on:

  • Putting in place effective back-up systems and improving resilience
  • Data loss prevention mechanisms
  • The legal and ethical consequences of paying ransom
  • Safeguarding your most sensitive data and assets
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Innovations and Best Practice

  • How to respond to a data breach
  • Building a security culture that can respond to new threats
  • The impact of new legislation on security
  • Tackling the most prescient threats
  • Ensuring the security of essential digital services
  • Assessing, understanding, and improving your security posture
The Conference Chair Opens the Afternoon Session
The Serious Incident Response Playbook

Lorraine Dryland, Head of Technology Security, Department for Work and Pensions

It is the call that every security team dreads – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data. But how prepared are you for this eventual scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few are prepared for the widespread disruption and compromise caused by a serious breach.

This presentation looks at how you can develop a key playbook for responding to serious incidents and implement it within your own organisation.

The Key Elements of Building a Strong Security Culture

How can you build a security culture where employees actively strengthen your defences, cooperate with security teams, and understand the responsibilities of holding sensitive data?

In this presentation we focus on the key elements of creating a strong security culture, from building communication and user engagement to finding security champions throughout your organisation.

GDPR and Cyber Security – How Will ‘Appropriate Action’ Evolve?

GDPR does not specifically mandate how organisations should process their data securely, instead expecting organisations to take ‘appropriate action’ using technical and organisational measures to protect their systems. This ‘appropriate action’ is currently interpreted as taking reasonable steps to ensure data is kept and transferred securely and keeping up basic cyber hygiene.

As security threats change, this definition is unlikely to remain static. But how will this interpretation adapt in years to come? This presentation explores how future cyber security requirements of GDPR are set to evolve, and how the public sector needs to adapt to keep abreast of these changes.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Beating the Phishing Threat in Government

Phishing, and the use of email to launch attacks is currently the most prevalent type of threat government faces. But how do you overcome attacks which are not particularly sophisticated, but rely on the momentary distraction of thousands of busy individuals?

Join this presentation for a look at the ways the public sector can improve its responses to phishing via:

  • Phishing and spear-phishing tests
  • DMARC and other email authentication tools
  • Building a security culture that can better respond to phishing attacks
Securing Agile Digital Services

Digital services are one of the key drivers of innovation and the most successful way of breaking down complex governmental structures into easy to use platforms. Yet securing these services can be a security challenge, especially when they are being delivered continuously in an agile environment.

This session explores the ways digital services can be secured, even as they are frequently being released and updated, through:

  • Web app and infrastructure penetration testing
  • Selecting IT architecture that reduces security overhead
  • Creating a culture of secure by design across your organisation
Assessing and Improving the Security of Third Party Suppliers

It is essential for public bodies to be able to understand and appraise the security risks and vulnerabilities of third party suppliers to ensure the security and resilience of their own systems. In this presentation we look at the ways you can vet third parties through:

  • Understanding, quantifying and managing third party risk
  • Highlighting bridge points where supplier’s systems cross over into yours
  • Protecting key data assets
  • Ensuring continuous management of security systems
Improving Asset Management in the Age of Shadow IT

IT asset management is a key way to manage vulnerabilities and track breaches across your organisation, but with the introduction of more and more user devices into the network, is it still possible and worthwhile to manage assets effectively?

This presentation argues that it can be done, as long as organisations change the way they think about shadow IT and embrace the new complexities it causes.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.