Session ONE – Building Cyber Resilience across the Public Sector
- Building cyber security resilience, awareness, preparedness, capability and skills across the public sector
- Protecting vital interests and securing critical national infrastructure in a modern information economy
- Reforming government services through new delivery models and ways of working
- Operating securely and efficiently in the digital by default era
- Unlocking key savings in a bid to make the public sector lean, efficient and more personal
- Security as an enabler, rather than a barrier, for efficient lean government
The Conference Chair's Opening Remarks
John Thornton, Secretary, Digital Government Security Forum (DGSF)
Morning Keynote Address: Safeguarding the UK
National Cyber Security Centre (invited)
The National Cyber Security Strategy (NCSS) was launched over a year ago in response to the growing cyber security challenges and risks faced by the UK. As part of the strategy, the government invested £1.9bn in projects like the National Cyber Security Centre (NCSC) which has since responded to hundreds of cyber incidents.
In this opening keynote session we explore how the initiatives to date have supported public sector bodies and businesses, how skills are being harnessed to meet the need for cyber professionals, and how collaborative partnerships are countering cyber risks. We consider:
- The NCSC’s progress in building capability and mitigating risks across the public sector
- The important role of leadership in cyber risk management
- Risk-based approaches to detecting and defeating threats
- Working in partnership with the private sector with a view to increasing cyber situational awareness and sharing information
- Strengthening law enforcement to tackle threats and response mechanisms
- Security considerations for emerging technologies (cloud, big data, IoT)
Developing your Resilience against Cyber Attack
NHS England (invited)
A quarter of local councils – equating to 115 councils – say they fell victim to ransomware attacks last year. More than a third of NHS trusts were disrupted by the WannaCry ransomware attack in 2017, resulting in thousands of appointments and operations being cancelled.
- What can organisations do to minimise the risk of being affected by a ransomware attack?
- How can they build a robust business continuity plan?
We hear about the importance of a collaborative approach in improving situational awareness and national incident management. This session covers how organisations can develop – and test – their resiliency and act on lessons learned.
Securing Digital Services
Government Digital Service (invited)
Digital services are now expected and relied on by millions of end users. When digital services are compromised, the consequences can be both damaging and expensive. The NCSC says that ‘the worst outcomes can be avoided if services are designed, built and operated well.’
With digital transformation of public services a key priority for government, what essentials should those tasked with change be aware of to protect public services from cyber-attacks? How can security be embedded into enterprise IT and online services?
Join this session to find out key design considerations that make it difficult to compromise and disrupt digital services, configuration guidance, and how to continually improve and test your security.
National Crime Agency (invited)
As cyber threats continue to evolve, the government must increase its pace of change to meet its objectives to build capabilities, mitigate risks and take advantage of opportunities for economic growth.
While there is a good understanding of the threat within central government, this understanding diminishes the further away organisations are from the centre. The NAO has, in the past, posited that NHS and local government organisations have a more varied but limited understanding of the threat and do not understand what would represent an appropriate level of threat protection.
We look at how public sector organisations tasked with providing rapid response are deterring and preventing the most serious cyber security challenges, and how public sector organisations are developing partnerships to share intelligence and fortify defences.
Presenting Cyber Risk to Senior Leadership
Cabinet Office (invited)
Cyber risk is often poorly understood at senior leadership level, and the imperative to secure is all too often thought of as an IT issue rather than a strategic risk management issue. This session will walk you through how best to present on cyber security risk at the board level, giving you confidence that your requirements will be understood and acted upon.
The session will cover how to:
- Engage senior leadership in strategic decision-making and holistic security planning
- Drive consideration of cybersecurity implications across the business
- Ensure effective governance and reporting mechanisms are in place
- Deploy tools that allow you to get the cyber message embedded at senior leadership level
- Identity, assess and response to new vulnerabilities as your business evolves
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Training a New Generation of Cyber Security Experts
Department for Culture, Media and Sport (DCMS) (invited)
It is estimated that the global cyber security workforce shortage will widen to 1.5 million by 2020. The UK government is acutely aware of this shortfall and is working to address the skills gap through various short and long term initiatives.
What investments are being made to train a new generation of cyber security experts to combat the ever growing threats posed by cybercrime?
How can public sector bodies harness in-house talent to build capabilities and resilience?
Securing Agile Delivery
Ministry of Justice (invited)
How can …
- Security and agile work together?
- Organisations design teams to achieve continuous assurance?
- Implement compliance while maintaining agility?
- Embed security into an open, transparent and collaborative environment?
- Include security into each development cycle?
- Reconcile the need for security with continuous development and iteration?
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO: Innovations and Best Practice
- Implementing and Sharing Best Practice
- Exploring Regulatory Frameworks and Guidance
The Conference Chair Opens the Afternoon Session
Cyber Responsiveness for Local Government
What can a local authority do when its online systems and digital channels become unavailable through technical fault or compromise? This walkthrough practical session covers cyber hygiene essentials like:
- Emergency preparedness and regular impact assessments
- Crisis communications, business continuity planning and disaster recovery
- Keeping abreast of evolving threats
- Utilising traditional channels during crises
- Engaging stakeholders
Securing your Cloud
Accredited and secure cloud services can deliver a more dynamic and agile way of working. But what does a secure ‘cloud-first’ policy look like? We explore how public sector bodies can:
- Understand business requirements and match these to security needs, being mindful of legal, regulatory and security implications
- Overcome scalability, performance and reliability challenges
- Securely manage suppliers
Engage with SME organisations
Obtaining Accredited Services
The Crown Commercial Services’ Cyber Security Services framework offers a central route to procure cyber services for public sector bodies.
- How has the framework simplified the bidding process?
- How have public sector organisations benefitted?
We look at key lessons learned from procurement initiatives in the cyber security domain with generalisable tips and metrics for all public sector bodies.
The problem with passwords
- How passwords are compromised
- How to help your users generate appropriate passwords and cope with password overload
- Understand limitations of passwords
- Protective monitoring and effective Identity and Access Management & Privileged User Control
- Management techniques to manage users and critical data assets
- Extending identity governance across your organisation
- Leveraging multi-factor authentication for a seamless ecosystem
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
GDPR – Beyond Compliance
Public sector organisations are endowed with a huge responsibility and growing challenges to keep critical infrastructure operating and public data safe. Join this session to explore:
- The importance of encryption in keeping information secure
- Privacy and security of citizen data held by public sector organisations
- Empowering employees to protect sensitive data
- Moving the dialogue on GDPR from awareness to capabilities
- Achieving good governance and a cyber-aware culture
Why users are the strongest link
As much as half of data loss is the result of user behaviour. Negligence and error pose serious risks to organisations. How do we empower users to work more effectively and securely? How can we overcome the problem of shadow IT?
In this session we discuss:
- The design and implementation of awareness training for staff
- How to listen to your users and identify user needs
- Utilising analytics to root our risk to prevent data loss
- Enhancing responses to data loss
The Essential Role of Academia in Cyber Research and Resilience
Research and innovation carried out by the UK’s academic sector underpins enhanced capabilities to develop new metrics and responses to evolving risks. Collaborative partnerships between academia and industry are vital for the cross-fertilisation of expertise, ideas and solutions.
What can academia do to enhance the quality and scale of cyber security research? How can the academic community develop a shared vision and aim with those inside and outside academia?
Keynote Closing Address: Closing Down Weaknesses In Public Sector Cyber Security By Opening Up To Innovation
Digital economies are built on a foundation of security and trust. Balancing the imperative to be innovative and cutting-edge with protecting critical systems and assets can be a tight-rope. This closing session looks at:
- Balancing convenience, security and innovation
- Ways in which public bodies can strengthen their security approach and posture to keep pace with disruptive technologies
- The potential of emerging technologies to combat cybercrime and prevent cyberattack – an assessment of risks and opportunities
Closing Remarks from the Conference Chair
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.