Download to read offline
More Related Content
Similar to CTO-CyberSecurityForum-2010-Anthony dyhouse
![5G Explained! A High Level Overview [Introduction]](https://cdn.slidesharecdn.com/ss_thumbnails/5gexplainedahighleveloverview-260119165306-cc137a3e-thumbnail.jpg?width=640&height=640&fit=bounds)
CTO-CyberSecurityForum-2010-Anthony dyhouse
- 1. 1Fostering Collaboration ina Digital SocietyTony Dyhouse, Cyber Security Director, Digital Systems KTN
- 2. The Knowledge TransferNetworks (KTNs) Set up by the Technology Strategy Board to: Provide focal point for UK expertise in important future industries
- 3. Facilitate knowledgesharing
- 4. Encourage collaborationand cross-sector working2
- 5. Drives innovation andwealth creation in a digital society
- 6. Brings together business,government and academia to meet the challenges created by new technology
- 7. Cyber Security programmeworks to collaboratively develop responses to cyber security threats3 The Digital Systems KTN
- 8. The Digital SystemsKTNDigital Systems KTN comprised of:
- 9.
- 10.
- 11. Location and TimingProgrammeThe Digital Systems KTNProgramme brings together key players across the digital industries to holistically address challenges, e.g.
- 12.
- 13.
- 14.
- 15. Mobile data accessExample: smart transport systems Vehicles and drivers increasingly have devices that can interact with roadside technology Helps drivers plan most efficient routes
- 16. Allows variablechargingImplementation of this technology needs to be planned. This means: Accurate location and timing technologies
- 17. Complexdata analysis
- 18. Secureand responsible data handling
- 19. Compatibilitywith other systems across the worldCollaboration is key to addressing challenges in a digital societyThe experience of the KTNs can be built upon in other countries to tackle national cyber security issuesand form international networks to address the problem globally The KTN as an international model
- 20. Why do weneed KTNs?The silo mentality and the challenges of a digital society
- 21. Challenges Modernlife runs on digital systems
- 22. Manyinnovations rely on transfer of information and acquisition of data
- 23.
- 24. Organisationsface data loss due to the same hacks, scams and errors
- 25. Theyare not sharing their knowledge and experience
Editor's Notes
- #3 Brief introduction to yourself and the KTNs, and what they do
- #4 We need to provide a UK-wide focus to address challenges holistically; identifying the gaps in the work already being undertaken across the community and planning how to bridge themWe achieve this by:collaboratively identify universal challenges and develop effective responsesinfluence UK investment strategy and government policyaccelerate innovation and educationharness and promote UK capability internationally help improve the UK security baseline
- #5 Three KTNs came together to form DS KTN, reflected converging issues and need for a more holistic approach
- #6 Programmes can deal with individual sectors e.g. CS specific issues, or whole KTN can cover broader issues.
- #7 Intelligent transport involves using information and communications technology to manage travel routes, loads and vehicles, in order to improve safety and reduce congestion, emissions, vehicle wear, transport time and fuel consumption.It is a complex area which seeks to bring together expertise in such diverse areas as distributed sensor networks, data-mining, new communications systems and modelling and simulation technology.ExampleA local council wants to implement a system of to help reduce pollution and congestion. It wants to help drivers drive more efficiently and apply charges, on a sliding scale, to those who contribute to the problem.Vehicles and drivers are increasingly equipped with sensing devices, which can interact with roadside technology to help drivers plan the most efficient route. Additionally, it creates potential for charging based on distance travelled, vehicle size, emissions, journey purpose and congestion levels.Implementation of such technology needs to be properly planned if it is to be successful. It must incorporate accurate location and timing technologies designed specifically to the task, alongside complex data analysis. Gathering of information on individuals and their movements must be handled securely and responsibly. In order to address cyber security concerns it should be done with the minimum data necessary and the appropriate confidentiality, integrity and availability provided. It must also be implemented in a way that is compatible with other systems across the world.The Digital Systems KTN is working to ensure that experts and investors in these areas are connected to their counterparts in other relevant areas, to ensure the technology is successfully developed and commercialised in a practical and scalable way. This will help meet the challenges of congestion, emissions and road safety, as well as allowing industry to operate more efficiently.
- #10 Modern life runs on digital systems and new technological innovations increasingly rely on the transfer of information and acquiring dataTransfer of information is commonplace is used to great effect in developing new technologies. Sensors monitor everything from traffic flow to natural disasters. Devices used to record and analyse information are increasingly mobile. We are soon to have a system in the UK where all homes are fitted with networked smart sensors to monitor and control energy usage.Organisations face data losses as a result of the same hacks, scams and errorsPeople still falling for phising attacks, downloading malware, etcOpportunities are being missed, work duplicated, and invaluable knowledge hidden because of a lack of collaborationTalking openly about shared problems is the most effective way to develop solutions. A huge amount of useful knowledge and experience exists within each sector. If companies can learn from the mistakes and successes of others then the whole of that industry can improve its security.Furthermore being more open about security draws attention to its importance with the knock on effect that people start to be more demanding about security.
- #11 Security is seen as a technical problem requiring a technical solution. But often technical solution already exists but the problem is not understood. Better understanding and shared knowledge means we are better able to use technology effectively to address threatsCompanies, governments and other organisations who keep personal or financial data need to share information and learn from each others experienceExampleIf one company detects a malware, they can block or remove the code from their system. If they share this knowledge, it can be removed from the millions of computers cit has infected.Security professionals can “reverse engineer” the attack to learn how it works, how it exploits the system, and how to identify variants. Weaknesses can be patched and appropriate security measures designed. In some cases, it may be possible to identify the source and prevent future attacks.Google and Adobe should be praised for coming clean over recent attacks. It only takes one organisation to break the silence, and a common response can be applied.This is a global problem and requires a collaborative solution which goes beyond individual IT departments.
- #12 New innovations rely on the transfer of information and acquisition of dataSecurity not considers sufficiently Security professionals need to be involved from the startThey need to meet the people designing these systems and the policy makers supporting the projects.Example: smart metersNetworked for monitoring and billingUK government committed to nationwide roll-outVery little thought given to security in this planIf not considered during the design we risk creating a national system that is completely unsecurable
- #13 Despite prevalence of technology People don’t know about and basic security practices and precautionsI am shocked by how often I still hear about people falling for phishing email requests to supply their passwords. We need to get people outside the CS community to understand the importance of taking security seriouslyTechnology is being developed with functionality, not security in mind If we don’t do something now, this will cause serious security problems down the line.Example: Mobile phones Ripe for exploitation as they converge to smart devicesand are used to run third party applications and remotely access data. We will be faced with complex security procedures because this wasn’t addressed in the first placeAnd no doubt various embarrassing and costly data loss stories
- #15 Give a brief overview of a couple of these eventse.g. Privacy AFB – a major event bringing together security experts, business decision makers and policymakers to discuss the latest security concerns within both a technological, business and ethical context. By providing forums to share knowledge, we can collaboratively identify routes forward that help industries across the world.
- #16 The Cyber Security programme was appointed in 2008 as an agent for EPSRC CASE Awards. It allocates two awards per year to universities that partner with SMEs to run business focused doctoral level projects.
- #18 Industry consultationMembership organisation – membership base of experts to draw on to identify issues of concern and solutionsForge links with key industry playersIdentify issues for SIGs, events and working groups through listening to industry concernsSharing KnowledgeMedia – KTN runs a successful media programme to share our experience of key issues with the community and encourage collaboration to address solutions (e.g. of Julie contacting you about CSC after seeing article in Computer Weekly)Guides - E-crime guide - What Your Business Needs to Know