CTO-CyberSecurityForum-2010-Anthony dyhouse

567 views
536 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
567
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Brief introduction to yourself and the KTNs, and what they do
  • We need to provide a UK-wide focus to address challenges holistically; identifying the gaps in the work already being undertaken across the community and planning how to bridge themWe achieve this by:collaboratively identify universal challenges and develop effective responsesinfluence UK investment strategy and government policyaccelerate innovation and educationharness and promote UK capability internationally help improve the UK security baseline
  • Three KTNs came together to form DS KTN, reflected converging issues and need for a more holistic approach
  • Programmes can deal with individual sectors e.g. CS specific issues, or whole KTN can cover broader issues.
  • Intelligent transport involves using information and communications technology to manage travel routes, loads and vehicles, in order to improve safety and reduce congestion, emissions, vehicle wear, transport time and fuel consumption.It is a complex area which seeks to bring together expertise in such diverse areas as distributed sensor networks, data-mining, new communications systems and modelling and simulation technology.ExampleA local council wants to implement a system of to help reduce pollution and congestion. It wants to help drivers drive more efficiently and apply charges, on a sliding scale, to those who contribute to the problem.Vehicles and drivers are increasingly equipped with sensing devices, which can interact with roadside technology to help drivers plan the most efficient route. Additionally, it creates potential for charging based on distance travelled, vehicle size, emissions, journey purpose and congestion levels.Implementation of such technology needs to be properly planned if it is to be successful. It must incorporate accurate location and timing technologies designed specifically to the task, alongside complex data analysis. Gathering of information on individuals and their movements must be handled securely and responsibly. In order to address cyber security concerns it should be done with the minimum data necessary and the appropriate confidentiality, integrity and availability provided. It must also be implemented in a way that is compatible with other systems across the world.The Digital Systems KTN is working to ensure that experts and investors in these areas are connected to their counterparts in other relevant areas, to ensure the technology is successfully developed and commercialised in a practical and scalable way. This will help meet the challenges of congestion, emissions and road safety, as well as allowing industry to operate more efficiently.
  • Modern life runs on digital systems and new technological innovations increasingly rely on the transfer of information and acquiring dataTransfer of information is commonplace is used to great effect in developing new technologies. Sensors monitor everything from traffic flow to natural disasters. Devices used to record and analyse information are increasingly mobile. We are soon to have a system in the UK where all homes are fitted with networked smart sensors to monitor and control energy usage.Organisations face data losses as a result of the same hacks, scams and errorsPeople still falling for phising attacks, downloading malware, etcOpportunities are being missed, work duplicated, and invaluable knowledge hidden because of a lack of collaborationTalking openly about shared problems is the most effective way to develop solutions. A huge amount of useful knowledge and experience exists within each sector. If companies can learn from the mistakes and successes of others then the whole of that industry can improve its security.Furthermore being more open about security draws attention to its importance with the knock on effect that people start to be more demanding about security.
  • Security is seen as a technical problem requiring a technical solution. But often technical solution already exists but the problem is not understood. Better understanding and shared knowledge means we are better able to use technology effectively to address threatsCompanies, governments and other organisations who keep personal or financial data need to share information and learn from each others experienceExampleIf one company detects a malware, they can block or remove the code from their system. If they share this knowledge, it can be removed from the millions of computers cit has infected.Security professionals can “reverse engineer” the attack to learn how it works, how it exploits the system, and how to identify variants. Weaknesses can be patched and appropriate security measures designed. In some cases, it may be possible to identify the source and prevent future attacks.Google and Adobe should be praised for coming clean over recent attacks. It only takes one organisation to break the silence, and a common response can be applied.This is a global problem and requires a collaborative solution which goes beyond individual IT departments.
  • New innovations rely on the transfer of information and acquisition of dataSecurity not considers sufficiently Security professionals need to be involved from the startThey need to meet the people designing these systems and the policy makers supporting the projects.Example: smart metersNetworked for monitoring and billingUK government committed to nationwide roll-outVery little thought given to security in this planIf not considered during the design we risk creating a national system that is completely unsecurable
  • Despite prevalence of technology People don’t know about and basic security practices and precautionsI am shocked by how often I still hear about people falling for phishing email requests to supply their passwords. We need to get people outside the CS community to understand the importance of taking security seriouslyTechnology is being developed with functionality, not security in mind If we don’t do something now, this will cause serious security problems down the line.Example: Mobile phones Ripe for exploitation as they converge to smart devicesand are used to run third party applications and remotely access data. We will be faced with complex security procedures because this wasn’t addressed in the first placeAnd no doubt various embarrassing and costly data loss stories
  • Give a brief overview of a couple of these eventse.g. Privacy AFB – a major event bringing together security experts, business decision makers and policymakers to discuss the latest security concerns within both a technological, business and ethical context. By providing forums to share knowledge, we can collaboratively identify routes forward that help industries across the world.
  • The Cyber Security programme was appointed in 2008 as an agent for EPSRC CASE Awards. It allocates two awards per year to universities that partner with SMEs to run business focused doctoral level projects.
  • Industry consultationMembership organisation – membership base of experts to draw on to identify issues of concern and solutionsForge links with key industry playersIdentify issues for SIGs, events and working groups through listening to industry concernsSharing KnowledgeMedia – KTN runs a successful media programme to share our experience of key issues with the community and encourage collaboration to address solutions (e.g. of Julie contacting you about CSC after seeing article in Computer Weekly)Guides - E-crime guide - What Your Business Needs to Know
  • CTO-CyberSecurityForum-2010-Anthony dyhouse

    1. 1. 1<br />Fostering Collaboration in a Digital Society<br />Tony Dyhouse, Cyber Security Director, Digital Systems KTN<br />
    2. 2. The Knowledge Transfer Networks (KTNs) <br />Set up by the Technology Strategy Board to: <br /><ul><li> Provide focal point for UK expertise in important future industries
    3. 3. Facilitate knowledge sharing
    4. 4. Encourage collaboration and cross-sector working</li></ul>2<br />
    5. 5. <ul><li>Drives innovation and wealth creation in a digital society
    6. 6. Brings together business, government and academia to meet the challenges created by new technology
    7. 7. Cyber Security programme works to collaboratively develop responses to cyber security threats</li></ul>3<br /> The Digital Systems KTN <br />
    8. 8. The Digital Systems KTN<br /><ul><li>Digital Systems KTN comprised of:
    9. 9. Cyber Security Programme
    10. 10. Scalable Computing Programme
    11. 11. Location and Timing Programme</li></li></ul><li>The Digital Systems KTN<br /><ul><li>Programme brings together key players across the digital industries to holistically address challenges, e.g.
    12. 12. Cloud Computing
    13. 13. Smart Metering
    14. 14. Intelligent transport
    15. 15. Mobile data access</li></li></ul><li>Example: smart transport systems <br />Vehicles and drivers increasingly have devices that can interact with roadside technology<br /><ul><li> Helps drivers plan most efficient routes
    16. 16. Allows variable charging</li></ul>Implementation of this technology needs to be planned. This means:<br /><ul><li> Accurate location and timing technologies
    17. 17. Complex data analysis
    18. 18. Secure and responsible data handling
    19. 19. Compatibility with other systems across the world</li></li></ul><li>Collaboration is key to addressing challenges in a digital society<br />The experience of the KTNs can be built upon in other countries <br />to tackle national cyber security issues<br />and form international networks to address the problem globally<br /> The KTN as an international model<br />
    20. 20. Why do we need KTNs?<br />The silo mentality and the challenges of a digital society<br />
    21. 21. Challenges<br /><ul><li> Modern life runs on digital systems
    22. 22. Many innovations rely on transfer of information and acquisition of data
    23. 23. Protecting this data is often overlooked
    24. 24. Organisations face data loss due to the same hacks, scams and errors
    25. 25. They are not sharing their knowledge and experience
    26. 26. Opportunities are being missed, work duplicated, and knowledge hidden because of a lack of collaboration </li></li></ul><li>Challenge 1: Sharing knowledge<br /><ul><li>Often technical solutions already exists but the problem is not understood
    27. 27. Better understanding and shared knowledge means we are better able to use existing technology effectively to address threats</li></ul>Example: By sharing the discovery of malware:<br /><ul><li> Can be removed from the millions of computers
    28. 28. Can “reverse engineer” the attack
    29. 29. Weaknesses patched
    30. 30. Maybe even identify source
    31. 31. Google and Adobe</li></li></ul><li>Challenge 2: Sharing innovation<br /><ul><li>New innovations rely on the information transfer and data acquisition
    32. 32. Security not sufficiently considered
    33. 33. Security professionals need to be involved from the start</li></ul>Example: Smart meters<br /><ul><li> Networked for monitoring and billing
    34. 34. UK government committed to nationwide roll-out
    35. 35. Very little thought given to security
    36. 36. If not considered during the design we risk creating a national system that is completely unsecurable</li></li></ul><li>Challenge 3: Sharing understanding<br /><ul><li>People don’t know about and basic security practices
    37. 37. Technology is being developed with functionality, not security in mind
    38. 38. Example: Mobile phones
    39. 39. Ripe for exploitation as they converge to smart devices
    40. 40. We will be faced with complex security procedures because this wasn’t addressed in the first place</li></li></ul><li>Overcoming challenges through collaboration<br />The KTN was set up to foster collaboration. It achieves this by:<br /><ul><li> Running events
    41. 41. Managing funding calls
    42. 42. Special Interest Groups
    43. 43. Industry consultation
    44. 44. Sharing knowledge</li></li></ul><li>Events<br />The KTN hosts events on key social and economic issues where IT is a key issue<br />Examples:<br /><ul><li> A Fine Balance 2010: Privacy in the digital society
    45. 45. SMART technologies for health, energy and transport
    46. 46. IT Security for e-Health
    47. 47. GPS Jamming – a clear and present danger
    48. 48. Webcast on Cloud Computing Security</li></li></ul><li>Funding calls<br />CASE Awards<br />Benefits<br /><ul><li> Businesses get doctoral level support
    49. 49. Expertise helps overcome CS business challenges
    50. 50. Links formed between universities and industry, knowledge is shared
    51. 51. Students gain valuable industry experience
    52. 52. Broader experience contributes to overall knowledge in society</li></li></ul><li>Special Interest Groups<br />SIGs are created to address specific challenges in cyber security where collaboration is required:<br /><ul><li> Created and supported by KTN
    53. 53. Membership open to KTN members
    54. 54. Focused on gaining insight, assessing responses and delivering strategies which help to address the challenge</li></ul>Examples:<br /><ul><li> Artificial Intelligence and Forensics
    55. 55. Secure Software Development</li></li></ul><li>Industry consultation<br /><ul><li> Membership organisation
    56. 56. Forge links with key industry players
    57. 57. Identify issues for SIGs, events and working groups through listening to industry concerns</li></ul>Sharing Knowledge<br /><ul><li> Media
    58. 58. Producing best practice guides</li></li></ul><li>Structure of the DSKTN<br />
    59. 59. 19<br />TSB<br />TSB<br />DC KTN<br />Advisory<br />Board<br />INQ KTN<br />AB<br />DS KTN<br />Cyber<br />Security<br />Location & <br />Scalable <br />Location & <br />Scalable <br />PSB<br />PSB<br />PSB<br />PSG<br />PSG<br />PSG<br />PSG<br />DC KTN<br />Security<br />Timing<br />Computing<br />Timing<br />Computing<br />Cross<br />-<br />cutting Programme Delivery<br />Shared Programme Delivery<br />Cross<br />-<br />cutting Service Delivery<br />Shared Service Delivery<br />Governance Model<br />
    60. 60. DS KTN Governance<br />Advisory Board (AB)<br /><ul><li> Providing inputs on ICT potential and t timescales
    61. 61. Influencing the evolution of the programme
    62. 62. Chair, external appointment
    63. 63. 20 members
    64. 64. Chairman from programme steering groups, including DC KTN
    65. 65. Member appointments by Chair, TSB
    66. 66. Nominations by programme steering groups
    67. 67. DS KTN Director, Secretary
    68. 68. TSB Lead Technologist included</li></ul>Programme Steering Groups (PSG)<br /><ul><li> Responsible for guiding and supporting KTN programmes
    69. 69. Contribute to evolution of DS KTN strategy
    70. 70. Chair appointed by programme steering group with TSB input
    71. 71. No limit on membership
    72. 72. Members appointed from key stakeholder groups
    73. 73. Best practice provides clear leadership and guidance for Programme Director
    74. 74. Influential within the sphere of the Programme
    75. 75. Orchestrated by Programme Director
    76. 76. TSB Connector included</li></ul>20<br />
    77. 77. How are KTNs measured?<br /><ul><li>Number of members
    78. 78. ‘Opportunities for interaction’ – Number of meetings and events run
    79. 79. The formation of partnerships and collaborations within the community
    80. 80. Money attracted from UK, Europe and private finance
    81. 81. Contribution to Government consultations, joint publications, etc.</li></ul>21<br />
    82. 82. BUT... The KTN is UK focused<br />and Cyber Security is a global problem<br />We need an internationally coordinated approach<br />
    83. 83. KTN as an international model<br />It’s a model that can work anywhere<br />Components for success:<br /><ul><li> Adequately funded
    84. 84. Managed by well connected industry player
    85. 85. Widely promoted within key sectors
    86. 86. Targets agreed at the start
    87. 87. Metrics developed for assessing impact</li></li></ul><li>The future<br />An international network to address a global problem<br />The Global Digital Systems KTN?<br />
    88. 88. Thank you!<br />Tony Dyhouse<br />Cyber Security Director<br />Digital Systems KTN<br />tony.dyhouse@digitalsystemsktn.org<br />www.digitalsystemsktn.org<br />25<br />

    ×