Session ONE – Building Cyber Resilience across the Public Sector
- Building cyber security resilience, awareness, preparedness, capability and skills across the public sector
- Protecting vital interests and securing critical national infrastructure in a modern information economy
- Reforming government services through new delivery models and ways of working
- Operating securely and efficiently in the digital by default era
- Unlocking key savings in a bid to make the public sector lean, efficient and more personal
- Security as an enabler, rather than a barrier, for efficient lean government
The Conference Chair's Opening Remarks
John Thornton, Secretary, Digital Government Security Forum (DGSF)
Morning Keynote Address: Safeguarding the UK
National Cyber Security Centre (invited)
The National Cyber Security Strategy (NCSS) was launched over a year ago in response to the growing cyber security challenges and risks faced by the UK. As part of the strategy, the government invested £1.9bn in projects like the National Cyber Security Centre (NCSC) which has since responded to hundreds of cyber incidents.
In this opening keynote session we explore how the initiatives to date have supported public sector bodies and businesses, how skills are being harnessed to meet the need for cyber professionals, and how collaborative partnerships are countering cyber risks. We consider:
- The NCSC’s progress in building capability and mitigating risks across the public sector
- The important role of leadership in cyber risk management
- Risk-based approaches to detecting and defeating threats
- Working in partnership with the private sector with a view to increasing cyber situational awareness and sharing information
- Strengthening law enforcement to tackle threats and response mechanisms
- Security considerations for emerging technologies (cloud, big data, IoT)
Developing your Resilience against Cyber Attack
NHS England (invited)
A quarter of local councils – equating to 115 councils – say they fell victim to ransomware attacks last year. More than a third of NHS trusts were disrupted by the WannaCry ransomware attack in 2017, resulting in thousands of appointments and operations being cancelled.
- What can organisations do to minimise the risk of being affected by a rnsomware attack?
- How can they build a robust business continuity plan?
We hear about the importance of a collaborative approach in improving situational awareness and national incident management. This session covers how organisations can develop – and test – their resiliency and act on lessons learned.
Securing really big data – can it be done and still work for ‘the business’?
Andy Wall, Chief Security Officer, Office for National Statistics
The rapid development of business technology is facilitating the processing and analysis of more data, in richer and more complex forms, supported by appropriate methods and standards. Many Government departments are expanding their analytical capability to make better use of this to inform and improve their public services. At the Office for National Statistics this ability to exploit the power of data is a key ingredient for our success to enable official statistics to support the most important decisions facing the country. But, it also creates headaches for security. It pushes the boundaries of what can be secured without disrupting business operations. It creates tensions between business owners and security about access vs protection. How does security respond?
Gain insight into the challenges in managing security in fast-paced, evolving big data environments through our work to protect data within ONS. Learn about building a principles-driven security framework based on threat, an organisation-wide data handling approach, a consistent model to value the content data and how this flows through business decision-making on risk, supported by security.
Training a New Generation of Cyber Security Experts
Department for Culture, Media and Sport (DCMS) (invited)
It is estimated that the global cyber security workforce shortage will widen to 1.5 million by 2020. The UK government is acutely aware of this shortfall and is working to address the skills gap through various short and long term initiatives.
- What investments are being made to train a new generation of cyber security experts to combat the ever growing threats posed by cybercrime?
- How can public sector bodies harness in-house talent to build capabilities and resilience?
Security and Building a Dynamic Delivery Team
Mahbubul Islam, Head of Secure Design, Department for Work and Pensions
Mahbubul will present on how DWP embarked on Agile Security for some of the key projects with the focus being on the “how”. Additionally the session will provide a brief overview on building a dynamic security team and how DWP achieve agile security whilst maintaining the GRC requirements and avoid being a blocker.
Case Study - HMCTS
Damon Norville, Deputy Director Digital Change, HM Courts and Tribunals Service (HMCTS)
Michael Hanley, Head of Information Security and Deputy SIRO, HM Courts and Tribunal Service (HMCTS)
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Detective Superintendent Andrew Gould, National Cybercrime Programme Lead, National Police Chiefs’ Council
Rik Ferguson, VP Security Research, Trend Micro
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO: Innovations and Best Practice
- Implementing and Sharing Best Practice
- Exploring Regulatory Frameworks and Guidance
The Conference Chair Opens the Afternoon Session
How to implement an incident response plan
Paul Newman, Head of IT, Royal College of Nursing
This walkthrough practical session covers cyber hygiene essentials like:
- Emergency preparedness and regular impact assessments
- Crisis communications, business continuity planning and disaster recovery
- Keeping abreast of evolving threats
- Utilising traditional channels during crises
- Engaging stakeholders
Paul Edmunds, Head of Technology, National Cyber Crime Unit
The Human Factor in Information Security
Kieren Lovell, Head of Computer Emergency Response, University of Cambridge
The problem with passwords
- How passwords are compromised
- How to help your users generate appropriate passwords and cope with password overload
- Understand limitations of passwords
- Protective monitoring and effective Identity and Access Management & Privileged User Control
- Management techniques to manage users and critical data assets
- Extending identity governance across your organisation
- Leveraging multi-factor authentication for a seamless ecosystem
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The Changing Nature of Identity
Dr Victoria Baines, Visiting Associate at Oxford Internet Institute
GDPR – Beyond Compliance
Tim Rodgers, Compliance and Information Governance Manager, Imperial College London
Public sector organisations are endowed with a huge responsibility and growing challenges to keep critical infrastructure operating and public data safe. Join this session to explore:
- The importance of encryption in keeping information secure
- Privacy and security of citizen data held by public sector organisations
- Empowering employees to protect sensitive data
- Moving the dialogue on GDPR from awareness to capabilities
- Achieving good governance and a cyber-aware culture
Why users are the strongest link
As much as half of data loss is the result of user behaviour. Negligence and error pose serious risks to organisations. How do we empower users to work more effectively and securely? How can we overcome the problem of shadow IT?
In this session we discuss:
- The design and implementation of awareness training for staff
- How to listen to your users and identify user needs
- Utilising analytics to root our risk to prevent data loss
- Enhancing responses to data loss
The Essential Role of Academia in Cyber Research and Resilience
Research and innovation carried out by the UK’s academic sector underpins enhanced capabilities to develop new metrics and responses to evolving risks. Collaborative partnerships between academia and industry are vital for the cross-fertilisation of expertise, ideas and solutions.
What can academia do to enhance the quality and scale of cyber security research? How can the academic community develop a shared vision and aim with those inside and outside academia?
Keynote Closing Address: Closing Down Weaknesses In Public Sector Cyber Security By Opening Up To Innovation
Digital economies are built on a foundation of security and trust. Balancing the imperative to be innovative and cutting-edge with protecting critical systems and assets can be a tight-rope. This closing session looks at:
- Balancing convenience, security and innovation
- Ways in which public bodies can strengthen their security approach and posture to keep pace with disruptive technologies
- The potential of emerging technologies to combat cybercrime and prevent cyberattack – an assessment of risks and opportunities
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.