Securing the Public Sector

Public sector security: a critical national emergency?

10th September 2024 • Online

How can critical national services be brought into line with private sector best practice?

 

“‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber”

A former civil servant turned whistleblower who used to work on cybersecurity while in Whitehall told the TaxPayers’ Alliance: “The ongoing use of legacy systems in government is a disgrace and completely inexcusable. We move at such a slow pace that it seems only to get worse."

 

"In secure bits of the private sector like banks, heads would roll until all legacy systems were patched or replaced …"


“The problem is so bad that some of these systems could be taken down by an enthusiastic child – the vulnerabilities are publicly known, and pre-made malware is readily available. It keeps me awake at night worrying that at any moment, a key HMRC system or a hospital might get taken down because we have not got the most basic protections in place."


This is a pretty dramatic description of the challenge the public sector faces in securing what are, after all, in many cases, systems providing critical services to our society, let alone those that protect our personal safety, our borders and our democracy. The recent situation with China is just one reminder.

 

Public sector organisations store and process vast amounts of sensitive data, from addresses, to tax and other payment details to our legal and health records. They also exchange this data across systems that are already creaking with the demands placed upon them.


How will these systems – and the people that run them – cope with the pressures of rapid, new digitalisation? The British Library, the Electoral Commission, NHS and our universities have already been hit hard.


Even foundational cyber-hygiene is hugely problematic in such complex environments. And if moving to Cloud environments is seen as a way around legacy issues, then how can the public sector solve the challenge of visibility across such a large estate as well as avoid the problems of misconfiguration that have dogged far smaller organisations?

 

Perhaps most important of all, how can these entities achieve their objectives on limited budgets in the full glare of the transparency that the public demands?


What does best practice look like in securing the public sector? How can vendors help?

 

Securing the Public Sector will look at how security should evolve from both a technology and a human perspective. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the country’s leading public sector organisations.

 

This event is for anyone in:

  • Local and national government
  • Healthcare
  • Education
  • Public safety and defence organisations
  • Public transportation
  • The civil service
View details of the previous event

  • Cybersecurity as a service: the pros and cons

    • MSSP, MDR, CSaaS – all of these offer varying degrees of outsourced cybersecurity services
    • So when does it make sense to outsource?
    • And what outsourcing arrangements make sense for which firms?

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?

  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?

  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?

  • From smart machines to smart cities - securing the IoT

    • How long will it be before every significant device and location is part of an ecosystem of sensors connected to public and private networks?
    • Driving apps tell insurers what premiums to charge. Packaging machines report their own breakdowns. 
    • But are these devices visible on your network and how are you securing them?

  • Keeping citizens safe

    • The COVID era demands unprecedented levels of citizen engagement. Compromises are inevitable to ensure the safety of all.
    • But the systems required to provide safety also create a huge data security and privacy challenge for both governments and employers alike.
    • Can solution providers help?

  • Insuring the uninsurable?

    • Cyber-insurers need to understand the risks they are insuring if they are to set premiums at a level that makes sense.
    • They also need to know that they are insuring risks that clients have taken steps to mitigate properly.
    • Why insure those who leave their digital doors open?
    • What can and can’t be insured?

  • Getting real about cyber risk management

    • Until cybersecurity is truly seen as risk management, hackers will continue to evade outmoded control frameworks.
    • Quantification is key, but so is how it is used.
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers.
    • The banks have done it. When will the rest of business catch up?

  • Making the most of next gen tech: automation, AI and the rest

    • The next 20 years will see an ecosystem of small single-issue vendors slim down to a far less complex set of larger platforms
    • These platforms will be able to invest in continuous development and offer to cover all or large chunks of organisations’ security needs
    • But will the winners in this evolution be those at today’s cutting edge?

  • Securing digital currencies and DLT

    • The move towards non-cash payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
    • And what about the blockchain?

  • Cybersecurity for SaaS/IaaS/PaaS

    • Most companies’ core reliance is now upon a small number of monolithic application suites and Cloud services
    • In addition, they are likely to be developing their own software in the Cloud
    • These and other changes fundamentally alter the IT landscape in which cybersecurity operates
    • So do CISOs need a new model for cybersecurity and are legacy solutions still valid?

  • Upskilling security teams

    • Organisations have limited budgets
    • The skills shortage in security staff growing
    • This dynamic affects the type of on prem security operation firms can employ
    • So how can CISOs continuously upskill their teams?

Who attends

Job titles

Head of H4 Trust & Security
TCB(OOO for Lesley Addie)
Operational Security (IT)
Network and Telecom Consultant
Interim Head of Information Governance and Information Security
Information Governance Analyst
IT Security Manager
Head of Organised Crime Squad
National Cyber Crime Unit UKIC Coordinator
ICT Infrastructure Manager
Economic Crime
ICT Application Services / LANDESK System Developer / Administrator
Senior Information Governance and Security Assurance Manager
Cyber Security Engineer
Information Assurance & Security Officer
Detective
Information Security Specialist
Director of IT Services
Project Support Officer
TitleDeputy Head of IT Operations and Information Systems Manager
Information Security Officer
IT Services Manager
Access Control System Administrator
Infrastructure Specialist
Information Governance Officer
IT Auditor
MTO
Senior IT Officer
System Configuration & Architect
Chief Information Security Officer (CISO)
Senior Intelligence Officer
IT Service Delivery Manager
Systems Development Leader
Information Security Manager
Project Manager
Cyber Protect Coordinator
ICT Portfolio Lead for Schools
Head of ICT
Forensics and Hi Tech Crime Manager
Head of IT Services
Head of Information Security Assurance
Head of ICT
Senior IT Support Officer
Cyber Security Manager
Digital officer
Network Engineer
Application Support Specialist
Head of Core Technology
Senior Policy Adviser
Cyber Security Consultant
National eCrime Co-ordinator
Head of Risk & Information Governance
Infrastructure Architect
Head of IT
Information Technology Support Analyst
Head of Corporate Governance (also heads information governance)
Director, Infrastructure Services
Cyber Security Analyst
Audit Manager
Temporary Assistant Commissioner
Head of Cyber Security
Chief Information Security Officer
Information Security Manager
Systems Infrastructure Team Manager
Deputy Director Digital
Portfolio Manager - Regulatory Portfolio Office
Head of Digital Forensics Group
Senior IT Security Specialist
Senior IT Security Manager
IT Manager
Cyber Security Engineer a
IT Supplier Relationship Manager
CDIO | CHCIO
Information Technology Security Analyst
Programme Manager, Platform Engineering, CJS Common Platform Programme
Director of Forensics
Cyber Security | Information Security Assurance
Technical ICT Security Officer
IT Manager
CISO
Security Policy and Operations (Commander)
Chief Architect
Deputy Director - Infrastructure
Head of Risk and Assurance
Head of Information Technology Operations

Organisations

European Commission
Ministry of Justice
West Yorkshire Police
University of Hertfordshire
East and North Hertfordshire NHS Trust
Lancashire Teaching Hospitals NHS Foundation Trust
University of Bath
Police Service of Northern Ireland
National Crime Agency (NCA)
St George's University Hospitals NHS
Devon & Cornwall Constabulary
Cheshire West and Chester Council
NHS Fife
Public Health England
Ministry of Justice
Eastern Region Special Operations Unit (ERSOU)
Digital Dubai Authority
Loughborough University
University of South Wales
Ravensbourne University London
London Borough of Camden
University of West London
Great Ormond Street Hospital for Children NHS Foundation Trust
Hackney Council
University of Surrey
HM Prison Service
University College London Hospitals NHS Foundation Trust
Calderdale Council
Civil Aviation Authority
Nottingham Trent University
Serious Fraud Office
NHS
University of Cumbria
Financial Ombudsman Service
University of Bradford
Eastern Region Special Operations Unit (ERSOU)
Norfolk County Council
Bridgend County Borough Council
City of London Police
Exeter College
UK National Audit Office
University of Worcester
Trinity Laban Conservatoire of Music and Dance
NHS Tayside
The Scottish Government
Edinburgh Napier University
Northumbria Healthcare NHS Foundation Trust
University of South Wales
Cabinet Office
Royal Navy
National Trading Standards
Hampshire County Council
University of Dundee
Middlesex University
Buckinghamshire Healthcare NHS Trust
Canterbury City Council
Aberdeenshire Council
London North West Healthcare NHS Trust
London Borough of Camden
City of London Police
The Queen Elizabeth Hospital King's Lynn NHS Foundation Trust
University of Surrey
NHS
Loughborough University
Department of Business Energy and Industrial strategy
Information Commissioners Office
Hampshire Constabulary
University of York
Department for Transport (DfT)
Hampshire County Council
UK Health Security Agency (UKHSA)
Cardiff University
Surrey and Borders Partnership NHS Foundation Trust
University of the Arts London
Crown Prosecution Service (CPS)
South Wales Police
HM Land Registry
City of Wolverhampton Council
Blaenau Gwent County Borough Council
Newcastle University
UK Ministry of Defence
Cabinet Office
Bangor University
UK Atomic Energy Authority (UKAEA)
Buckinghamshire Council

Sector

Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public
Public