Plenaries - Day 1

Ciaran Martin, CEO, NCSC

  • Focus on outcomes, fighting back, not restating the threats
  • Themes:
    • Using data, getting it out to organisations

Interview with Robert Hannigan - director of GCHQ

  • RIPA = “The most transparent bit of legislation on intercept”
  • Criticised Silicon valley for not cooperating with intelligence services
  • Snowden poisoned relationship between gov and tech
  • Tech started with the idea that they are neutral conduits of content, now realising that they are responsible for content
  • NCSC location is significant: needs to feel like it’s partnered with industry
  • Putting experts at the heart of strategy is key
  • NCSC is an operational arm of GCHQ
  • Turing spent more time during secure telephony than doing codebreaking
  • We are going to have a massive skills shortage over the next decade
    • Won’t work if we ignore half of the population
  • Biggest challenge: getting a baseline understanding of cyber across government, across society
  • Split what can these do:
    • People
    • Gov
    • Companies

Conrad Prince - Cyber Security Ambassador - DIT

  • Lots of good infosec SMEs - need to see these grow
    • Identify companies and help them accelerate
  • Turn innovation into products
  • Need to export even more services
  • « His message is really about commercialising the cyber security sector »
  • CyberFirst
    • Mentoring
    • Summer schools
    • Apprenticeships - including with CNI
  • Investing in career changers

Jennifer Walsmith - VP Integrated National Systems - Northrop Grumman

  • Global theft $4.62Bn each year

Panel Discussion

  • Seatbelt analogy: what’s the “Clunk, Click” equivalent
    • Do the basics! Update your things. Won’t prevent all issues but prevents a lot
    • Need a trusted place where the public can go
    • Ian Levy - Cars and seatbelts were both designed for people: that’s why this worked. Technology needs to be designed in the same way
  • What are state actors looking for?
    • Advantage (Information)
    • Ian: let’s focus on the crime that actually affects individuals and leave the serious state actor-level stuff to specialists
  • How to communicate with Boards
    • Responsibility of cyber pros: communicate in a way that boards can understand.
    • Ian Levy We don’t give boards the tools to be able to cut through the crap
  • Procedures to handle conflicts between NCSC’s poacher and gamekeepers
    • different interestes between CT
    • Default is that security should win
    • Disclosures: some public. Some reasons for withholding them
  • Line between protection of public by gov vs protection by industry
    • T&Cs dump risks onto the consumer
    • Ransomware have much better customer service than real companies XD