Government IT Security Conference

12 May 2020

Victoria Park Plaza, London




Session ONE –  Creating a Cyber Secure Government and Society

  • How the UK is meeting policy objectives and securing citizens and business
  • Improving collaboration across sectors, government, and public bodies
  • New advancements in Critical National Infrastructure security
  • Overcoming the skills gap and finding new talent in the security sphere
  • Improving resilience, incident planning and response
  • Combatting and understanding cybercrime and attack methods
  • Emerging technologies and controlling new risks
Conference Chair’s Opening Address
Keynote Address – Active Cyber Defence: Protecting, Defending, and Deterring Against Cyber Threats

The Active Cyber Defence (ACD) programme seeks to reduce the harm from commodity cyber-attacks against the UK through a range of services around protecting critical information assets and improved vulnerability handling. Designed to position the UK as a global “cyber power”, the ACD programme has set strategies about preventing attacks, achieving resilience, and enhancing capabilities to respond against incidents, and implement legal and regulatory regimes that build public trust.

The NCSC states that it has foiled 140,000 individual phishing attacks and pulled down 190,000 fraudulent sites in 2018.

We discuss the results form the last ACD report:

  • Exploring the milestones and progress of different services: Web Check, Mail Check, Vulnerability Disclosure Platform, Takedown Service, and more
  • The Roadmap of Adopting DMARC at scale and the PDNS service that has recently come online
  • A look at what the future holds – how we can continue to improve and scale ACD’s services both in the UK and
NHS Incident response: Key Milestones

Since the WannaCry attack in 2017, awareness of cyber-attack risks has significantly increased within the NHS. However, a recent paper, from researchers at the Imperial College of London presented to the house of lords, stated that despite improvements, the NHS is still at high risk. In this session, we explore:

  • What is CareCERT? Exploring the potential of a Cybersecurity Centre of Excellence for the NHS
  • How the NHS is tackling out-dated computer systems, lack of investment, and a deficit of skills and awareness in cybersecurity that is placing NHS hospitals at risk
  • The NHSX mandate for all organisations related to the NHS to ensure security protocols are deployed from inception
  • The DHSC code of conduct for data-driven health and care technology to avoid over-reliance on poorly connected EHR systems
  • Cloud computing implementation – how the NHS is navigating its fragmented structure while securing the cloud services
Partnering with the industry and abroad

Predictions claim that there will be a rapid increase in international tensions if efforts keep going uncoordinated between public and private forces to ensure cybersecurity. We address:

  • How to build mutual trust and create a community across the industry
  • Discuss approaches to foster collaboration: The Cyber Growth Partnership (CGP) in conjunction with ENISA, Industry 100 and more
  • Partnering with the EU – how Brexit will reshape the partnership agreement landscape
How local government is building cyber resilience

Head of Information Governance & Records Management, Coventry City Council (INVITED)

At least one in four UK councils have been hit by cybersecurity breaches over the past five years. While cyberattacks still pose a big threat to local authorities, councils are taking a range of measures to protect themselves against cyber threats. In this session we look at how one local authority is:

  • Implementing the governments’ cybersecurity guidance (Cyber Essentials, etc)
  • Training its workforce to build better awareness and responsiveness
  • Meeting compliance regimes which require good cyber hygiene
  • Working with partners through initiatives like Cyber Security Information Sharing Partnership (CiSP), Warning, Advice and Reporting Points (WARPs) and Local Resilience Forum (LRFs) to protect their systems from and put in place plans to respond to cyber-attacks
Considerations for Managing IoT, Cybersecurity and Privacy Risks

Deputy Challenge Director – Digital Security by Design, Innovate UK (INVITED)

IoT, for both consumers and business, has seen a 600% increase in attacks since 2016. As part of the UK Research and Innovation’s (UKRI), the Strategic Priorities Fund has increased its interest in protecting the R&D space where IoT, AI and cybersecurity meet. We discuss:

  • The results of the Privacy, Ethics Trust And Security (PETRAS) project. Analysing the results of the newly launched National Centre of Excellence for IoT systems cybersecurity
  • The Innovate UK fund of up to £6 million to invest in organisations with ideas that address industry-focused cybersecurity-related challenges with a particular focus on IoT cybersecurity
  • The UK Gov “world’s first” code of practise for IoT security combinedly published by DCMS and NCSC
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Why passwords are still a problem

Head of IT Security/ Cyber Security, UK Debt Management Office (INVITED)

Poor password selection introduces significant risks to organisations and individuals. Attackers are known to target commonly used passwords like ‘123456’ which has been found 23 million times in the breaches that Troy’s collected. There is no clear, safe list of passwords. How then can we mitigate their risks?

We discuss:

  • Ways to mitigate poor password selection and re-use
  • Whether using a secure, highly complex password is always the best solution
  • Encouraging the use of plans like Troy Hunt’s HIBP service to avoid ‘Pwned passwords’
  • Going passwordless? Smart cards authenticators and biometric authentication systems
Social Media – Implementing Cybersecurity Policies

Social Media has helped the world become a more connected place, but all those new connections also put at stake a significant amount of information. Scammers and hackers are often on the look-out for naïve human errors. We discuss how security policies and measures can help secure your organisation’s posture with respect to social media.

  • Setting up a social media policy: what to publish, who is in charge, implementing approval systems
  • Restraining who has access to the business’ social accounts and monitoring activity
  • Deploying automated monitoring tools for automatic alerts of security risks
  • Performing a regular audit of social network settings, publishing privileges
  • Reviewing recent social media threats and social media policies
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Boosting the Security of Your Organisation

  • How to respond to a data breach
  • Building a security culture that can respond to new threats
  • Tackling the most prescient threats
  • Ensuring the security of essential digital services
  • Assessing, understanding, and improving your security posture
Conference Chair’s Afternoon Address
AI, machine learning, and data-driven technologies. Science fiction or reality?

AI systems can be trained to detect malware and perform pattern recognition to help in identifying malicious behaviour. They can also improve security systems staying updated autonomously, harvesting data and making predictions. We explore:

  • Overcoming challenges around implementation, finding trained experienced cybersecurity professionals with niche skills to feed AI systems with accurate instructions
  • Whether AI is always the solution or not. How to use it and when to avoid it
  • What tools and technologies should you use for cybersecurity? Looking into common design solutions and
Case Study – How to build Cloud security: moving from Iaas to Paas

Cloud services entail massive benefits from cost-savings to scalability benefits, but they are also seen as high-risk services. To control and ensure the safety of the system is critical and to select the right configuration is of paramount importance. Many opt to use IaaS given the possibility of utilising owned software and settings. However, PaaS can offer a good security standard easier to achieve.

Providers offer a wide range of tools that can speed up processes, help in deleting redundant, unnecessary code, provide significant cost savings and ease the burden of continuous maintenance.

Embracing PaaS cloud services comes with some challenges as reduced visibility, less control over factors like DNS, and having to train our developers to be familiarised with a different system. We walk through a real-life case study that demonstrates the benefits of PaaS.

End-point security – NCSC Cross Domain Industry Pilot

Remote working has numerous benefits for organisations, but it also comes with added risks. The NCSC has been conducting a pilot scheme aimed at finding ways to gain confidence that the cyber threats in these essential business functions are understood and pragmatically managed. We discuss:

  • The industry pilot results from stage 1 and 2
  • The implemented security principles for end-to-end cross-domain solutions alongside the Import and Export patterns
  • Next steps after Stage 2: turning a purely technical activity into a repeatable, viable and accepted approach to testing the security properties of cross-domain solutions
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
How is the government developing the cybersecurity ecosystem through accelerators?

Only Israel and the USA are ahead of the UK in terms of cybersecurity investment spending, which has led Britain to produce top-notch cybersecurity start-ups. In this session, we dive into the ongoing and upcoming national programmes that aim to accelerate/incubate an excellent cybersecurity ecosystem. We examine:

  • The current national cybersecurity ecosystem, the main benefits of the government’s investment in the sector
  • Success stories of the NCSC Cyber Accelerator (e.g. iHackLabs, LuJam, barac)
  • The first national scaleup programme for the cybersecurity sector: Tech Nation Cyber
  • The impact of future national accelerators (e.g. LORCA)
How Talent and Skills Help Organisations to Achieve Cyber Resilience

With a global gap of nearly 3 million cybersecurity positions, there is a growing demand for talented and skilled cybersecurity professionals. The public sector is at a disadvantage when it looks to recruit and retain talented professionals when compared to peers in the private sector. In this session, we look at how the government is:

  • Sourcing talent flexibly and creatively
  • Transforming the public sector into an attractive place to work
  • Encouraging in-house training and being open to a variety of different backgrounds and experience levels
  • Implementing initiatives like the CyberFirst Initiative: collaborating with Universities to create a feasible and industry-driven course to boost student enrolment in computer science
  • Helping women access the profession
Inside the adversary’s mind: understanding the risk landscape

It is essential for security teams to have an in-depth knowledge of the evolving risk landscape. Who are the main adversaries? What are their motives and tactics? We conclude our event by looking at how public bodies can:

  • Use benchmarking: the benefits of utilising the 1-10-60 to measures your organisation’s cyber readiness
  • Identify the ‘threat actors’ relevant to their organisation
  • Considering their value not just as a standalone organisation, but also as a route into another
  • Keep up with the evolving landscape (e.g. spikes in DDoS attacks, supply chain threats)
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.