Government IT Security Conference

12 May 2020

Victoria Park Plaza, London




Session ONE –  Creating a Cyber Secure Government and Society

  • How the UK is meeting policy objectives and securing citizens and business
  • Improving collaboration across sectors, government, and public bodies
  • New advancements in Critical National Infrastructure security
  • Overcoming the skills gap and finding new talent in the security sphere
  • Improving resilience, incident planning and response
  • Combatting and understanding cybercrime and attack methods
  • Emerging technologies and controlling new risks
Conference Chair’s Opening Address
Keynote Address – Active Cyber Defence: Protecting, Defending, and Deterring Against Cyber Threats

The Active Cyber Defence (ACD) programme seeks to reduce the harm from commodity cyber-attacks against the UK through a range of services around protecting critical information assets and improved vulnerability handling. Designed to position the UK as a global “cyber power”, the ACD programme has set strategies about preventing attacks, achieving resilience, and enhancing capabilities to respond against incidents, and implement legal and regulatory regimes that build public trust.

The NCSC states that it has foiled 140,000 individual phishing attacks and pulled down 190,000 fraudulent sites in 2018.

We discuss the results form the last ACD report:

  • Exploring the milestones and progress of different services: Web Check, Mail Check, Vulnerability Disclosure Platform, Takedown Service, and more
  • The Roadmap of Adopting DMARC at scale and the PDNS service that has recently come online
  • A look at what the future holds – how we can continue to improve and scale ACD’s services both in the UK and
NHS Incident response: Key Milestones

Since the WannaCry attack in 2017, awareness of cyber-attack risks has significantly increased within the NHS. However, a recent paper, from researchers at the Imperial College of London presented to the house of lords, stated that despite improvements, the NHS is still at high risk. In this session, we explore:

  • What is CareCERT? Exploring the potential of a Cybersecurity Centre of Excellence for the NHS
  • How the NHS is tackling out-dated computer systems, lack of investment, and a deficit of skills and awareness in cybersecurity that is placing NHS hospitals at risk
  • The NHSX mandate for all organisations related to the NHS to ensure security protocols are deployed from inception
  • The DHSC code of conduct for data-driven health and care technology to avoid over-reliance on poorly connected EHR systems
  • Cloud computing implementation – how the NHS is navigating its fragmented structure while securing the cloud services
Partnering with the industry and abroad

Predictions claim that there will be a rapid increase in international tensions if efforts keep going uncoordinated between public and private forces to ensure cybersecurity. We address:

  • How to build mutual trust and create a community across the industry
  • Discuss approaches to foster collaboration: The Cyber Growth Partnership (CGP) in conjunction with ENISA, Industry 100 and more
  • Partnering with the EU – how Brexit will reshape the partnership agreement landscape
How local government is building cyber resilience

At least one in four UK councils have been hit by cybersecurity breaches over the past five years. While cyberattacks still pose a big threat to local authorities, councils are taking a range of measures to protect themselves against cyber threats. In this session we look at how one local authority is:

  • Implementing the governments’ cybersecurity guidance (Cyber Essentials, etc)
  • Training its workforce to build better awareness and responsiveness
  • Meeting compliance regimes which require good cyber hygiene
  • Working with partners through initiatives like Cyber Security Information Sharing Partnership (CiSP), Warning, Advice and Reporting Points (WARPs) and Local Resilience Forum (LRFs) to protect their systems from and put in place plans to respond to cyber-attacks
A Leader’s Guide on How to Integrate Sustainability In IT

Mattie Yeta, Sustainability Lead – Service Strategy, Defra

  • Global sustainable development challenges, global trends and compliance
  • How can technology save the world?
  • Opportunities to collaborate nationally and globally, on sustainable ICT
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Why passwords are still a problem

Poor password selection introduces significant risks to organisations and individuals. Attackers are known to target commonly used passwords like ‘123456’ which has been found 23 million times in the breaches that Troy’s collected. There is no clear, safe list of passwords. How then can we mitigate their risks?

We discuss:

  • Ways to mitigate poor password selection and re-use
  • Whether using a secure, highly complex password is always the best solution
  • Encouraging the use of plans like Troy Hunt’s HIBP service to avoid ‘Pwned passwords’
  • Going passwordless? Smart cards authenticators and biometric authentication systems
Social Media – Implementing Cybersecurity Policies

Social Media has helped the world become a more connected place, but all those new connections also put at stake a significant amount of information. Scammers and hackers are often on the look-out for naïve human errors. We discuss how security policies and measures can help secure your organisation’s posture with respect to social media.

  • Setting up a social media policy: what to publish, who is in charge, implementing approval systems
  • Restraining who has access to the business’ social accounts and monitoring activity
  • Deploying automated monitoring tools for automatic alerts of security risks
  • Performing a regular audit of social network settings, publishing privileges
  • Reviewing recent social media threats and social media policies
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Boosting the Security of Your Organisation

  • How to respond to a data breach
  • Building a security culture that can respond to new threats
  • Tackling the most prescient threats
  • Ensuring the security of essential digital services
  • Assessing, understanding, and improving your security posture
Conference Chair’s Afternoon Address
The Mobility Pivot – Threat & Response in a Cloud-enabled front line workforce

Adam Gwinnett, Head of Strategy, Enterprise Architecture & Cyber Security, Metropolitan Police Service

The growth of mobility in workforce’s, moving access to sensitive and critical systems out of offices and to the front line, continues to dominate workforce planning and law enforcement is no different.

In response to this we are seeing a steady increase in mobile targeting threats to exploit these platforms, both for consumers and for enterprise customers.

What are you doing to enable and protect your assets in an increasingly mobile world?

  • Law enforcement front line mobility is a key trend
  • Mobile targeted threats, trends and use cases
  • Defensive measures & deployment considerations
Case Study – How to build Cloud security: moving from Iaas to Paas

Cloud services entail massive benefits from cost-savings to scalability benefits, but they are also seen as high-risk services. To control and ensure the safety of the system is critical and to select the right configuration is of paramount importance. Many opt to use IaaS given the possibility of utilising owned software and settings. However, PaaS can offer a good security standard easier to achieve.

Providers offer a wide range of tools that can speed up processes, help in deleting redundant, unnecessary code, provide significant cost savings and ease the burden of continuous maintenance.

Embracing PaaS cloud services comes with some challenges as reduced visibility, less control over factors like DNS, and having to train our developers to be familiarised with a different system. We walk through a real-life case study that demonstrates the benefits of PaaS.

The Balance Between Creativity and Control in Biomedical Research Info Security
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
How is the government developing the cybersecurity ecosystem through accelerators?

Only Israel and the USA are ahead of the UK in terms of cybersecurity investment spending, which has led Britain to produce top-notch cybersecurity start-ups. In this session, we dive into the ongoing and upcoming national programmes that aim to accelerate/incubate an excellent cybersecurity ecosystem. We examine:

  • The current national cybersecurity ecosystem, the main benefits of the government’s investment in the sector
  • Success stories of the NCSC Cyber Accelerator (e.g. iHackLabs, LuJam, barac)
  • The first national scaleup programme for the cybersecurity sector: Tech Nation Cyber
  • The impact of future national accelerators (e.g. LORCA)
How Talent and Skills Help Organisations to Achieve Cyber Resilience

With a global gap of nearly 3 million cybersecurity positions, there is a growing demand for talented and skilled cybersecurity professionals. The public sector is at a disadvantage when it looks to recruit and retain talented professionals when compared to peers in the private sector. In this session, we look at how the government is:

  • Sourcing talent flexibly and creatively
  • Transforming the public sector into an attractive place to work
  • Encouraging in-house training and being open to a variety of different backgrounds and experience levels
  • Implementing initiatives like the CyberFirst Initiative: collaborating with Universities to create a feasible and industry-driven course to boost student enrolment in computer science
  • Helping women access the profession
Inside the adversary’s mind: understanding the risk landscape

It is essential for security teams to have an in-depth knowledge of the evolving risk landscape. Who are the main adversaries? What are their motives and tactics? We conclude our event by looking at how public bodies can:

  • Use benchmarking: the benefits of utilising the 1-10-60 to measures your organisation’s cyber readiness
  • Identify the ‘threat actors’ relevant to their organisation
  • Considering their value not just as a standalone organisation, but also as a route into another
  • Keep up with the evolving landscape (e.g. spikes in DDoS attacks, supply chain threats)
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.