With CYBERUK 2018 nearly upon us, I thought I’d plug some of the highlights of Track 2, which is all about mitigations. The track is a showcase for security technologies which mitigate the risks from key threats that we worry about. In each session of the track, we’ll discuss a range of mitigations (both technical and non-technical) which are already being used now to improve the security of our systems.
Day one sessions (Tuesday April 10)
In Session 1 – ‘Secure Software Development: Where ‘Cyber Science’ Has Failed, Can Social Science Succeed?‘ – Helen L explores the benefits that social science can bring to secure software development. She’ll ask whether a ‘sweet spot’ might be found by combining the right mix of quality, cost and time for any particular project. The session will feature the research that won the 5th annual NSA ‘Best research paper’ award: ‘You Get Where You’re Looking For: The Impact of Information Sources on Code Security‘. The session wraps up with a talk from Secure Code Warrior (a start-up from the GCHQ Accelerator Programme) who are developing a suite of tools to support developers and their organisations to think and act with a security mindset.
Session 2 – Managing personal ‘Internet of Things’ devices – takes a look at home networks. We’ll consider various types of ‘smart’ devices that are rapidly becoming a large part of our home networks, and the security implications of this. Amy B will lead a discussion around the growing security risks from smart gadgets, home and even medical devices, and touch on some of the mitigations that are needed to counter the risks they present.
In Session 3 – Building mobile solutions for sensitive data – Stuart H will lead a discussion on the latest developments in ‘advanced mobility’. He’ll also explain how the NCSC are tackling some of the toughest challenges in government mobile security.
At the Industry Insight session, Northrop Grumman will provide the industry perspective. Defence and national security systems must withstand nation-state level attacks. This session will explore the relative context of federal/civilian versus defence-focused threats. There will also be a discussion on the role of military grade cyber resilience technologies and solutions versus consumer and commercial grade technologies. We’ll also learn about emerging systems with a view of potential new synergies between government and commercial industry partnerships.
Then finally in Session 4 – Modern IT Security Mythbusters – Andrew A will lead an interactive session that challenges a variety of preconceptions from across cyber security, including accessibility, malware defence, and risk managing the unknown.
Day two sessions (Wednesday April 11)
Day 2 kicks of with Session 5, in which participants from the 2018 Secure by Default Partnership Programme discuss their experiences with reducing their organisations’ reliance on passwords. We’ll also be making case studies from these organisations available for you to read afterwards.
In Session 6, Dr Robert N.M. Watson from the University of Cambridge Computer Laboratory will be presenting on his work on CHERI – Architectural Support for Memory Protection and Compartmentalisation. Robert will discuss the approach, current software research direction, and how its protections mitigate key threats we see today.
After lunch we return to Internet of Things. In Session 7, Emma Green from the DCMS looks at the Commodity IoT Report , which was published online in March. The report sets out the government’s work to help ensure the consumer Internet of Things is secure by design, with security built in from the start.
Last but not least, in Session 8 – Hardware Security and Side-channel Resistance in RISC-V architectures, Dr Dan Page from the University of Bristol revisits computer architectures. Dan will be discussing RISC-V, an open Instruction Set Architecture (ISA), with input from academia, industry, and the NCSC.
Hopefully there’s something in the above that whets your appetite! If you have any questions about the Track 2, pop them below. Otherwise we look forward to seeing you in Manchester.
Andy P
EUD Security Research Lead
Source: National Cyber Security Centre