Attending conferences is a crucial way our staff can keep up to date with cutting-edge research, be introduced to important new ideas and perspectives, and help inspire and support the next generation of cyber security professionals. Our ID Cyber Solutions Conference Report series aims to showcase some exciting and ground breaking ideas presented at these events.
Report by Alice, Cyber Essentials Assessor and Technical Editor
On Thursday 11th May, Ahmed, Steve, and I attended the 6th International Conference on Big Data, Cybersecurity and Critical Infrastructure, organised by Basil (Vassilis) Manoussos (Manager of The Cyber Academy, Edinburgh Napier University) and held at Edinburgh Napier University. Attendees largely consisted of industry professionals and academics, with a small number of students also in attendance.
After the official opening and a welcome from Cllr Robert Aldridge, Lord Provost and Lord Lieutenant of The City of Edinburgh, we heard from Prof. Nikos Antonopoulous, Deputy Vice Chancellor at Edinburgh Napier, who spoke about the current state of security research and where he saw future attention being focused.
We were then introduced to Becky Pinkard (MD of Global Cyber Operations, Barclays) who spoke about ‘The Evolution of Cybersecurity Operations’. After pointing out that ‘security is being brought to the boardroom’ in the US, with a predicted 40% of boards to have dedicated cyber security committees by 2025 according to Gartner, she spoke about the future security landscape and what she thinks will feature. Finally, she spoke about ways organisations can work to protect themselves — for example, knowing your technical estate, mapping defence capabilities and needs against business risk to inform priorities, and holding more technical expertise at leadership levels as technical complexity evolves (but not at the cost of organisational maturity). Last, but by no means least, Becky highlighted the importance of diversity in hiring and of creating, nurturing, and maintaining a great organisational culture.
Prof. Berk Canberk (Edinburgh Napier University) presented research on ‘Digital Twins: A New Frontier in Infrastructure and Digital Innovation’. He outlined potential future uses for this technology that included trialling changes to processes at offshore oil plants and personalising medical approaches, in all cases helping eliminate or reduce risk since the impacts of changes would be better understood.
Next, Don Smith (VP Threat Research, Counter Threat Unit, SecureWorks) spoke about ‘Big Data, Cybersecurity & CNI’. This talk largely presented confidential and heavily redacted stories, but I particularly enjoyed this quote: “Most incidents are like being called out to deal with a deer that’s been hit by a car, but it was hit 5 weeks ago, is a bit whiffy, and half of it’s been eaten by a badger.”
We then heard about ‘Realistic Cyber Security in 2023’ from Rory Alsop (Head of Information Security and Cyber Risk, Tesco Bank). Rory spoke about businesses’ competing priorities and how cyber security needs to be implemented realistically, supporting businesses to conduct operations in a way that balances risk alongside cost and opportunity. He highlighted the industry need for people who can communicate, understand risk, and are flexible, and for solutions that fit within businesses’ existing structures and aims.
Next, Mark Cunningham-Dickie (Senior Incident Responder, Quorum Cyber) spoke on big data and artificial intelligence in incident response and digital forensics. He pointed out that IR is constantly evolving, with detection and defence mechanisms becoming faster and more effective, but attacks are also evolving. He argued that incident responders will need artificial intelligence to help respond to incidents, and that incident response and digital forensics will need artificial intelligence and machine learning specialists. He finished by predicting that the next big global cyber event will contain at least an element of artificial intelligence or machine learning.
An Industry Experts Panel — comprising Tim McNulty (Barclays), Becky Pinkard (Barclays), Don Smith (SecureWorks), and Harry McLaren (SenseOn) — was next, chaired by Prof Bill Buchanan (Edinburgh Napier University). The panel answered questions posed by the audience, including whether artificial intelligence could replace humans and how to counteract deep fakes.
The next section of the event was devoted to Critical Infrastructure. First, Prof. Sokratis Katsikas (Norwegian Center for Cybersecurity in Critical Sectors (NORCICS), Norwegian University of Science and Technology (NTNU)) treated us to an overview of NORCICS and its focus as he presented on ‘Industry-research, public-private, and cross-sector partnerships for the secure digitalization of industry’, showing how NORCICS’ work is fully aligned with national strategy.
Next, Prof. Leandros Maglaras (Edinburgh Napier University) spoke about protecting critical infrastructure, including current challenges and solutions, and discussed such topics as how Android malware can bypass MFA on banking applications.
Last in this section, Elzbieta Momola (SGN) spoke from a gas perspective about the challenges in protecting critical national infrastructure, highlighting the need for different methods in IT and OT environments and the skills gap that affects the industry.
The final section of the event focused on Law, Data Protection, and Compliance. First we heard from Laura Irvine (Partner and Head of Regulatory Law, Davidson Chalmers Stewart LLP) who gave a really engaging talk focusing on the regulation of automated decision making. She presented a thorough rundown of the proposals for change to the regulation under the Data Protection and Digital Information (No 2) Bill, peppered with her own thoughts on effectiveness and motives.
Next, we heard from Alexandr Chernykh (Advocate, Official Representative of Ukrainian National Bar Association) who spoke on ‘Digital Reality in Ukraine – Practice, Theory, Law and Procedure’. Alexandr discussed the heavy reliance on smartphones and face ID in Ukraine and gave an overview of the state services portal – an application that stores a user’s official documentation (including ID card, driver’s license, and international passport) and in which they can carry out official procedures (e.g., registering as self-employed, controlling power of attorney, submitting tax declarations). He also shared information about the e-court and e-cabinet, which enable legal parties to perform a range of duties and tasks including viewing cases and conducting online hearings. He pointed out that such capabilities are useful because of the size of the country and the deficit of advocates in some regions.
The final talk of the event was delivered by Prof. Bill Buchanan (Edinburgh Napier University), who spoke on ‘AI, Privacy and Trust within Cybersecurity: Sinners or Saviours?’. Bill discussed the evolution of technology, remarking that we are now entrapped by our phones (in an interesting juxtaposition with Alexandr’s presentation), and the current abilities of machine learning. I particularly enjoyed the theatrical style of this talk, with Bill blending his content with both music and film.
Our thanks to the organisers and speakers! We look forward to next year’s event.