CTO-CyberSecurityForum-2010-Anthony dyhouse
Upcoming SlideShare
Loading in...5
×
 

CTO-CyberSecurityForum-2010-Anthony dyhouse

on

  • 605 views

 

Statistics

Views

Total Views
605
Views on SlideShare
605
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Brief introduction to yourself and the KTNs, and what they do
  • We need to provide a UK-wide focus to address challenges holistically; identifying the gaps in the work already being undertaken across the community and planning how to bridge themWe achieve this by:collaboratively identify universal challenges and develop effective responsesinfluence UK investment strategy and government policyaccelerate innovation and educationharness and promote UK capability internationally help improve the UK security baseline
  • Three KTNs came together to form DS KTN, reflected converging issues and need for a more holistic approach
  • Programmes can deal with individual sectors e.g. CS specific issues, or whole KTN can cover broader issues.
  • Intelligent transport involves using information and communications technology to manage travel routes, loads and vehicles, in order to improve safety and reduce congestion, emissions, vehicle wear, transport time and fuel consumption.It is a complex area which seeks to bring together expertise in such diverse areas as distributed sensor networks, data-mining, new communications systems and modelling and simulation technology.ExampleA local council wants to implement a system of to help reduce pollution and congestion. It wants to help drivers drive more efficiently and apply charges, on a sliding scale, to those who contribute to the problem.Vehicles and drivers are increasingly equipped with sensing devices, which can interact with roadside technology to help drivers plan the most efficient route. Additionally, it creates potential for charging based on distance travelled, vehicle size, emissions, journey purpose and congestion levels.Implementation of such technology needs to be properly planned if it is to be successful. It must incorporate accurate location and timing technologies designed specifically to the task, alongside complex data analysis. Gathering of information on individuals and their movements must be handled securely and responsibly. In order to address cyber security concerns it should be done with the minimum data necessary and the appropriate confidentiality, integrity and availability provided. It must also be implemented in a way that is compatible with other systems across the world.The Digital Systems KTN is working to ensure that experts and investors in these areas are connected to their counterparts in other relevant areas, to ensure the technology is successfully developed and commercialised in a practical and scalable way. This will help meet the challenges of congestion, emissions and road safety, as well as allowing industry to operate more efficiently.
  • Modern life runs on digital systems and new technological innovations increasingly rely on the transfer of information and acquiring dataTransfer of information is commonplace is used to great effect in developing new technologies. Sensors monitor everything from traffic flow to natural disasters. Devices used to record and analyse information are increasingly mobile. We are soon to have a system in the UK where all homes are fitted with networked smart sensors to monitor and control energy usage.Organisations face data losses as a result of the same hacks, scams and errorsPeople still falling for phising attacks, downloading malware, etcOpportunities are being missed, work duplicated, and invaluable knowledge hidden because of a lack of collaborationTalking openly about shared problems is the most effective way to develop solutions. A huge amount of useful knowledge and experience exists within each sector. If companies can learn from the mistakes and successes of others then the whole of that industry can improve its security.Furthermore being more open about security draws attention to its importance with the knock on effect that people start to be more demanding about security.
  • Security is seen as a technical problem requiring a technical solution. But often technical solution already exists but the problem is not understood. Better understanding and shared knowledge means we are better able to use technology effectively to address threatsCompanies, governments and other organisations who keep personal or financial data need to share information and learn from each others experienceExampleIf one company detects a malware, they can block or remove the code from their system. If they share this knowledge, it can be removed from the millions of computers cit has infected.Security professionals can “reverse engineer” the attack to learn how it works, how it exploits the system, and how to identify variants. Weaknesses can be patched and appropriate security measures designed. In some cases, it may be possible to identify the source and prevent future attacks.Google and Adobe should be praised for coming clean over recent attacks. It only takes one organisation to break the silence, and a common response can be applied.This is a global problem and requires a collaborative solution which goes beyond individual IT departments.
  • New innovations rely on the transfer of information and acquisition of dataSecurity not considers sufficiently Security professionals need to be involved from the startThey need to meet the people designing these systems and the policy makers supporting the projects.Example: smart metersNetworked for monitoring and billingUK government committed to nationwide roll-outVery little thought given to security in this planIf not considered during the design we risk creating a national system that is completely unsecurable
  • Despite prevalence of technology People don’t know about and basic security practices and precautionsI am shocked by how often I still hear about people falling for phishing email requests to supply their passwords. We need to get people outside the CS community to understand the importance of taking security seriouslyTechnology is being developed with functionality, not security in mind If we don’t do something now, this will cause serious security problems down the line.Example: Mobile phones Ripe for exploitation as they converge to smart devicesand are used to run third party applications and remotely access data. We will be faced with complex security procedures because this wasn’t addressed in the first placeAnd no doubt various embarrassing and costly data loss stories
  • Give a brief overview of a couple of these eventse.g. Privacy AFB – a major event bringing together security experts, business decision makers and policymakers to discuss the latest security concerns within both a technological, business and ethical context. By providing forums to share knowledge, we can collaboratively identify routes forward that help industries across the world.
  • The Cyber Security programme was appointed in 2008 as an agent for EPSRC CASE Awards. It allocates two awards per year to universities that partner with SMEs to run business focused doctoral level projects.
  • Industry consultationMembership organisation – membership base of experts to draw on to identify issues of concern and solutionsForge links with key industry playersIdentify issues for SIGs, events and working groups through listening to industry concernsSharing KnowledgeMedia – KTN runs a successful media programme to share our experience of key issues with the community and encourage collaboration to address solutions (e.g. of Julie contacting you about CSC after seeing article in Computer Weekly)Guides - E-crime guide - What Your Business Needs to Know

CTO-CyberSecurityForum-2010-Anthony dyhouse CTO-CyberSecurityForum-2010-Anthony dyhouse Presentation Transcript

  • 1
    Fostering Collaboration in a Digital Society
    Tony Dyhouse, Cyber Security Director, Digital Systems KTN
  • The Knowledge Transfer Networks (KTNs)
    Set up by the Technology Strategy Board to:
    • Provide focal point for UK expertise in important future industries
    • Facilitate knowledge sharing
    • Encourage collaboration and cross-sector working
    2
    • Drives innovation and wealth creation in a digital society
    • Brings together business, government and academia to meet the challenges created by new technology
    • Cyber Security programme works to collaboratively develop responses to cyber security threats
    3
    The Digital Systems KTN
  • The Digital Systems KTN
    • Digital Systems KTN comprised of:
    • Cyber Security Programme
    • Scalable Computing Programme
    • Location and Timing Programme
  • The Digital Systems KTN
    • Programme brings together key players across the digital industries to holistically address challenges, e.g.
    • Cloud Computing
    • Smart Metering
    • Intelligent transport
    • Mobile data access
  • Example: smart transport systems
    Vehicles and drivers increasingly have devices that can interact with roadside technology
    • Helps drivers plan most efficient routes
    • Allows variable charging
    Implementation of this technology needs to be planned. This means:
    • Accurate location and timing technologies
    • Complex data analysis
    • Secure and responsible data handling
    • Compatibility with other systems across the world
  • Collaboration is key to addressing challenges in a digital society
    The experience of the KTNs can be built upon in other countries
    to tackle national cyber security issues
    and form international networks to address the problem globally
    The KTN as an international model
  • Why do we need KTNs?
    The silo mentality and the challenges of a digital society
  • Challenges
    • Modern life runs on digital systems
    • Many innovations rely on transfer of information and acquisition of data
    • Protecting this data is often overlooked
    • Organisations face data loss due to the same hacks, scams and errors
    • They are not sharing their knowledge and experience
    • Opportunities are being missed, work duplicated, and knowledge hidden because of a lack of collaboration
  • Challenge 1: Sharing knowledge
    • Often technical solutions already exists but the problem is not understood
    • Better understanding and shared knowledge means we are better able to use existing technology effectively to address threats
    Example: By sharing the discovery of malware:
    • Can be removed from the millions of computers
    • Can “reverse engineer” the attack
    • Weaknesses patched
    • Maybe even identify source
    • Google and Adobe
  • Challenge 2: Sharing innovation
    • New innovations rely on the information transfer and data acquisition
    • Security not sufficiently considered
    • Security professionals need to be involved from the start
    Example: Smart meters
    • Networked for monitoring and billing
    • UK government committed to nationwide roll-out
    • Very little thought given to security
    • If not considered during the design we risk creating a national system that is completely unsecurable
  • Challenge 3: Sharing understanding
    • People don’t know about and basic security practices
    • Technology is being developed with functionality, not security in mind
    • Example: Mobile phones
    • Ripe for exploitation as they converge to smart devices
    • We will be faced with complex security procedures because this wasn’t addressed in the first place
  • Overcoming challenges through collaboration
    The KTN was set up to foster collaboration. It achieves this by:
    • Running events
    • Managing funding calls
    • Special Interest Groups
    • Industry consultation
    • Sharing knowledge
  • Events
    The KTN hosts events on key social and economic issues where IT is a key issue
    Examples:
    • A Fine Balance 2010: Privacy in the digital society
    • SMART technologies for health, energy and transport
    • IT Security for e-Health
    • GPS Jamming – a clear and present danger
    • Webcast on Cloud Computing Security
  • Funding calls
    CASE Awards
    Benefits
    • Businesses get doctoral level support
    • Expertise helps overcome CS business challenges
    • Links formed between universities and industry, knowledge is shared
    • Students gain valuable industry experience
    • Broader experience contributes to overall knowledge in society
  • Special Interest Groups
    SIGs are created to address specific challenges in cyber security where collaboration is required:
    • Created and supported by KTN
    • Membership open to KTN members
    • Focused on gaining insight, assessing responses and delivering strategies which help to address the challenge
    Examples:
    • Artificial Intelligence and Forensics
    • Secure Software Development
  • Industry consultation
    • Membership organisation
    • Forge links with key industry players
    • Identify issues for SIGs, events and working groups through listening to industry concerns
    Sharing Knowledge
    • Media
    • Producing best practice guides
  • Structure of the DSKTN
  • 19
    TSB
    TSB
    DC KTN
    Advisory
    Board
    INQ KTN
    AB
    DS KTN
    Cyber
    Security
    Location &
    Scalable
    Location &
    Scalable
    PSB
    PSB
    PSB
    PSG
    PSG
    PSG
    PSG
    DC KTN
    Security
    Timing
    Computing
    Timing
    Computing
    Cross
    -
    cutting Programme Delivery
    Shared Programme Delivery
    Cross
    -
    cutting Service Delivery
    Shared Service Delivery
    Governance Model
  • DS KTN Governance
    Advisory Board (AB)
    • Providing inputs on ICT potential and t timescales
    • Influencing the evolution of the programme
    • Chair, external appointment
    • 20 members
    • Chairman from programme steering groups, including DC KTN
    • Member appointments by Chair, TSB
    • Nominations by programme steering groups
    • DS KTN Director, Secretary
    • TSB Lead Technologist included
    Programme Steering Groups (PSG)
    • Responsible for guiding and supporting KTN programmes
    • Contribute to evolution of DS KTN strategy
    • Chair appointed by programme steering group with TSB input
    • No limit on membership
    • Members appointed from key stakeholder groups
    • Best practice provides clear leadership and guidance for Programme Director
    • Influential within the sphere of the Programme
    • Orchestrated by Programme Director
    • TSB Connector included
    20
  • How are KTNs measured?
    • Number of members
    • ‘Opportunities for interaction’ – Number of meetings and events run
    • The formation of partnerships and collaborations within the community
    • Money attracted from UK, Europe and private finance
    • Contribution to Government consultations, joint publications, etc.
    21
  • BUT... The KTN is UK focused
    and Cyber Security is a global problem
    We need an internationally coordinated approach
  • KTN as an international model
    It’s a model that can work anywhere
    Components for success:
    • Adequately funded
    • Managed by well connected industry player
    • Widely promoted within key sectors
    • Targets agreed at the start
    • Metrics developed for assessing impact
  • The future
    An international network to address a global problem
    The Global Digital Systems KTN?
  • Thank you!
    Tony Dyhouse
    Cyber Security Director
    Digital Systems KTN
    tony.dyhouse@digitalsystemsktn.org
    www.digitalsystemsktn.org
    25