Programme:

08:30
Registration - Coffee - Networking
09:00
Chairs Opening Address

Cyber security in blue light services

  • Cyber attacks on the NHS and Police: Which blue light services are most at risk from cyber criminals and how prepared are they?
  • WannaCry: the importance of training and education
  • Government cyber security strategy and the National Cyber Security Centre
09:05
The accidental hero: The man who stopped WannaCry

In the end, it was a security researcher who stopped the now infamous WannaCry ransomware. Known as @MalwareTech on Twitter, 22 year old Marcus Hutchins has described how he was able to take down WannaCry in a detailed blog post titled: "How to Accidentally Stop a Global Cyber Attacks".

This session will feature an appearance and by Hutchins, who will explain and demo how he mitigated the potentially catastrophic NHS ransomware attack.

 

09:25
Ransomware: What is it and how much of a risk does it pose to emergency services?

The WannaCry ransomware brought the NHS to a stand-still. Could similar attacks be imminent?

This session will cover:

  • What is ransomware?
  • How does it infect systems?
  • Which blue light services are most at risk?
  • How spear phishing emails can target staff.
  • What do you do in the event of a ransomware attack? Should you pay the ransom?
  • How can future ransomware attacks be prevented: the importance of up to date systems, and education and training. 
09:50
The National Cyber Security Centre: what is it doing to protect blue light services?

The National Cyber Security Centre was opened in February this year to help businesses and the public sector stay secure.

This session will detail:

  • THE NCSC’s work with police and the NHS
  • What we can learn from the WannaCry attacks
  • NCSC’s advice on protecting blue light services from attack
  • The importance of training and education 
10:10
Who are the perpetrators of hacks to our emergency services and why do they do it?

Hacks to emergency services are a major risk. So, who are the people trying to attack these critical systems and what do they want? This presentation will outline:

  • Who are the perpetrators? Including nation states, hacktivists, terrorists, and criminals who want to steal data
  • What do they want?
  • Which attack vectors do they use? Eg Ransomware, DDoS.  
  • Examples of high profile attacks including the Islamist NHS hack
  • What emergency services can do to protect themselves
10:30
Coffee and networking
11:00
Panel discussion: Encryption, the IP Act and technology’s companies’ response to terrorism: Is the correct strategy in place?

This panel discussion will cover:

  • Does the government’s IP Act go far enough to identify terrorists before they commit an atrocity? Or does it go too far?
  • Is the government right to ask technology companies such as WhatsApp to remove encryption? If not, why not?
  • What are the dangers of removing encryption? Why do we need it?
  • Does the government have enough experts in place who understand encryption?
  • Who is responsible: the government and security services, the technology companies, or a mixture of both?
12:00
Lunch and Networking
13:00
Two one hour seminars will be available to choose from

Please visit the seminars page for more information

 

14:00
Chair's afternoon address
14:15
Hacking demo

This session will see young hackers show how easy it is to break into blue light services’ systems during a live demo. They will also talk about the risks and how they can be mitigated.

14:30
Case Study: The work of the NCA’s National Cyber Crime Unit

The NCCU leads the UK’s response to cyber crime, supports partners with specialist capabilities and coordinates the national response to the most serious threats.

This session will cover:

  • The work of the NCA’s cyber security unit
  • Blue light services and cyber crime
  • The threat of cyber terrorism: who is at risk?
14:45
IoT in the NHS: A disaster waiting to happen?

The health service is increasingly using ‘internet of things’ (IoT) connected devices to monitor health conditions. But these devices, including pacemakers, are an attractive target for adversaries. So what are the health service, device makers and policy makers doing to manage this risk?

This presentation will examine:

  • What kind of devices are being used by the health service?
  • What is the risk?
  • How could devices be taken over?
  • How is this being managed?
  • Is there anything else that needs to be done before these devices are considered safe?
15:00
Data protection in the Police and NHS

The NHS is in possession of huge amounts of patient data. Meanwhile, the police databases collect huge amounts of information about crime.

This session will cover:

  • What is ‘sensitive’ data?
  • Why would it impact patients or crime victims if leaked?
  • How can data be protected and anonymized?
  • What happens when patient data is leaked – real life examples
  • What information is exempt from data protection?
15:15
Data protection in action at the Police

This case study will see a Force talk about the data it holds, detailing how it shares this with others to help fight crime. It will explain how the nature of crime has changed over recent years, and how data is a huge asset to those trying to catch criminals across borders. It will also talk about new technology such as body warn cameras and the data collected by these. Taking this into account, the Force will explain how they apply data protection to keep sensitive information secure.

15:30
Coffee and networking
16:00
The risks to emergency services: Is terrorism moving online?

Cyber attacks on critical infrastructure such as the NHS are increasing. Islamists have already attacked the NHS, could this trend continue?

This session will cover:

  • What is critical infrastructure in the context of blue light services?
  • What could terrorist attackers/aggressive nation states do? Eg take over medical devices, take systems down, bring services to a stand-still?
  • What is being done to counter this threat?
  • How much does cyber security protect us?
16:15
Understanding DDoS: the threat to emergency services

As they increase in size and speed, distributed denial of service (DDoS) attacks are hitting the private sector hard. But with the ability to grind websites or phone systems to a halt, this type of attack also poses a risk to blue light services.

This session will cover:

  • Known DDoS attacks on emergency services – such as the US 911 hack
  • How the size and scale of DDoS is increasing
  • Live demo of how a DDoS attack can bring down a website
16:30
Chair's closing remarks

Supported by: