Westminster eForum

We are continuing to organise full-scale virtual conferences which retain all the features of physical seminars, including full programmes, presentations with slides, panel discussions and live delegate questions and comments sessions, person-to-person and group networking, and a permanent record provided to all delegates afterwards. New events are coming on to our conference programme all the time, so there are plenty of opportunities to join us if you haven’t already, from wherever you are.
For booking-related queries or information on speaking please email us at info@forumsupport.co.uk, or contact us using one of the following numbers: +44 (0)7538736244 / +44 (0)7503591880 / +44 (0)7951044809.

If you’re already booked on, joining instructions can be accessed from five working days before your conference via the booking dashboard. Need help? Contact us at delegate.relations@forumsupport.co.uk

Next steps for UK cyber security - new government strategy, sector development, risk management priorities, and international collaboration

Morning, Monday, 13th September 2021

***Full-scale policy conference taking place online***

This conference will discuss priorities for the new cyber security strategy as it is prepared by the Government for planned publication later this year, following the Integrated Review of Security, Defence, Development and Foreign Policy.

The discussion also takes place as the Telecoms Security Bill continues its progress through Parliament. The Bill aims to improve the security of the UK’s telecommunications networks, and includes measures such as the introduction of Telecoms Security Requirements (TSRs) and a new general duty bestowed upon Ofcom to ensure telecoms providers comply with security duties.

We are pleased to be able to include a keynote addresses from Erika Lewis, Director, Cyber Security and Digital Identity, Department for Culture, Media and Sport, and Dr Claudia Natanson, Chair, UK Cyber Security Council.

The agenda will bring out latest thinking on:

  • priorities for cyber security across business, the public sector, critical systems and infrastructure, and government
  • what is needed from the Government’s new strategy
  • the future of the cyber security ecosystem and market in the UK
  • developing a coordinated approach to skills, R&D, and innovation
  • improving the security of smart personal and business devices
  • supporting the adoption of new and emerging technology
  • UK international competitiveness, developing partnerships, and supporting the UK’s offensive and defensive cyber security priorities
  • ensuring that regulatory, legal and policy frameworks are in place to support the sector’s continued growth

The discussion is bringing together stakeholders with key policy officials who are due to attend from the NCSC; BEIS; the DCMS; the Government Legal Department; the Home Office; the ICO; the Department for the Economy, NI; The Scottish Government; and the Welsh Government.

A scan of relevant developments:

  • the Government’s new cyber security strategy:
    • the Integrated Review of Security, Defence, Development and Foreign Policy, outlining the Government’s plans for a new cyber security strategy, with overarching objectives to:
      • strengthen the UK’s cyber ecosystem
      • build a resilient and prosperous digital UK
      • take the lead in technologies vital to cyber power
      • promote a free, open, peaceful and secure cyberspace
      • detect, disrupt and deter the UK’s adversaries
    • the National Cyber Force - formed in 2020:
      • including representatives from GCHQ, the MoD, SIS, and the Defence Science and Technology Laboratory
      • working towards the Review’s objectives on defensive and offensive cybersecurity strategy
  • the CNI Hub - part of the NCSC’s ongoing commitment to support public and private sectors with an interest in the UK’s Critical National Infrastructure (CNI), through measures including:
    • guidance - providing technical and best practice advice for the unique challenges faced by the UK’s CNI organisations
    • facilitating trusted events - working alongside government, academic, and industry bodies to support and develop cyber security policy best practice
    • Official Assurance Schemes - ensuring that CNI organisations’ cyber security suppliers meet NCSC standards
    • minimum security standards - for new and emerging technologies, and providing advice to UK cyber regulators
  • the changing nature of Cyber Security threats - with,
    • increased risk as a result of the unanticipated shift in online working habits due to the COVID-19 pandemic, at least in the short-term
    • cyber cover being one of the fastest growing types of insurance markets, with businesses, particularly those involved in ecommerce, moving to protect themselves against the high financial costs of data breaches and ransomware attacks
  • the Telecoms Security Bill - proposed following the Telecoms Supply Chain Review report with the purpose of improving the security of the UK’s telecommunications networks, through:
    • introducing the Telecoms Security Requirements (TSRs) set by the NCSC, to be established through a Code of Practice issued by the Government
    • requiring telecoms providers to take appropriate and proportionate action after a security compromise has occurred, to limit, remedy, or mitigate the damage
    • a new general duty to be bestowed upon Ofcom to ensure that public telecoms providers comply with their telecoms security duties, with powers to enforce financial penalties in cases of non-compliance
  • Government outlining new cyber security laws - to protect smart devices, and committing to introduce legislation, including plans for requirements such as:
    • customer information - at the point of sale on the duration of time for which a smart device will receive security software updates
    • settings - a ban on manufacturers using universal default passwords out of the box, such as ‘password’ or ‘admin’, that are often pre-set in a device’s factory settings and are easily guessable
    • support - manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability
  • the UK Cyber Security Council - set up by the Government and designed to provide a single governing voice for the industry to establish the knowledge, skills and experience required for a range of cyber security jobs, bringing it in line with other professions such as law, medicine and engineering
  • new figures which estimate the sector’s worth at £8.9bn - with a record £800m of investment raised by firms in the last year, despite the pandemic
  • Call for views on cyber security in supply chains and managed service providers - from DCMS, following findings that show that only 12% of businesses review risks coming from immediate suppliers - while only one in twenty address risks coming from wider supply chains

Key areas for discussion:
Developing the UK’s Cyber Security Strategy
- progress and next steps:

  • consultation and collaboration - how to ensure comprehensive engagement with industry and other key stakeholders throughout the process of developing the strategy
  • stakeholder priorities - perspectives on key elements of the UK’s defensive and offensive cyber policy
  • regulatory, legal, and policy considerations:
    • what is needed to put in place robust frameworks to support the cyber sector’s growth
    • data security and accessibility - the Data Protection Act, GDPR and how to ensure that the cyber strategies of individual organisations both protect and facilitates access to data
  • implementation and support - meeting the needs of key stakeholders across society and business, including critical infrastructure and security sectors to facilitate the coherent implementation of the Strategy’s planned objectives
  • the Telecoms Security Bill:
    • how might the duties of the telecoms industry and other sectors need to evolve
    • what will Ofcom’s broad new enforcement powers mean for industry, and priorities for transparency and clarity on what will be required from the telecoms sector
  • building cyber resilience:
    • critical infrastructure - priorities for ensuring that national technology policy, standards, and regulation in existing and emerging technologies is informed by key NCI stakeholders
    • SMEs and households - what is needed to support and equip small and medium sized businesses to prepare against, and recover from, cyber threats in the current digital climate

UK cybersecurity on a world stage - strengthening international partnerships, and promoting a free, open, peaceful, and secure cyberspace:

  • growth and the UK’s relationships - maintaining competitiveness, developing partnerships, and supporting the UK’s global cyber security priorities
  • a progressive global cyberspace - strategies for co-ordinating with world partners to bolster the international institutions, laws, and norms that enable open societies and economies to flourish
  • the UK’s offensive posture:
    • dovetailing with the Integrated Review of Security, Defence, Development and Foreign Policy’s objective to detect, disrupt, and deter UK adversaries
    • implementing tools across diplomatic, military, intelligence, economic, legal, and strategic communications systems

Developing the market and a healthy cyber-secure ecosystem:

  • collaboration - developing a coordinated approach to skills, R&D and innovation across industry
  • enhancing public understanding - improving public knowledge of the potential cyber security capabilities of new and emerging technologies, such as quantum and artificial intelligence
  • innovation - priority areas, supporting commercialisation, and understanding emerging cyber threats and markets
  • skills gaps in the cyber sector - taking practical measures to address skills gaps, extending to both technical and non-technical skills, including:
    • threat assessment or information risk management
    • assurance, audits, compliance or testing
    • cyber security research
    • implementing secure systems
    • governance and management
  • diversity and inclusion - strategies for opening wider access to careers and broadening the cyber sector workforce, and for utilising the benefits of diversity in cyber design and development

Latest thinking on current and future cyber risk - key developments, and considerations for assessing and managing threats to the public and private sector:

  • communication - providing interested stakeholders with the latest guidance on understanding and responding effectively to the current cyber threat landscape
  • threat assessment - the key considerations when quantifying the cyber risk faced by organisations across industry
  • risk-based mitigation - latest thinking on strategies, particularly in negotiating supply chain arrangements in key digital markets

The agenda

  • Developing the UK’s Cyber Security Strategy - progress and next steps
  • Priorities for the Government’s new cyber security strategy
    • Taking forward the Telecoms Security Bill and the new cyber security strategy - and what they mean for the telecoms sector and network security going forward
    • Sector development - key legal, regulatory and policy considerations, and building robust frameworks for growth
    • Supporting small businesses as part of the UK’s cyber resilience
    • Sustaining a cyber-secure critical infrastructure
    • Linking the strategy with the UK’s wider defence policy
  • Strategies for cooperation on a world stage - strengthening international partnerships, and promoting a free, open, peaceful and secure cyberspace
  • Managing cyber risk and underpinning digital prosperity - key considerations for the public and private sector’
  • Facilitating a healthy cyber secure ecosystem in the UK - developing a coordinated approach to skills, supporting the development and adoption of emerging technology, and ensuring connected devices are secure by design
  • Next steps for cyber policy

Policy officials attending:

Our forums are known for attracting strong interest from policymakers and stakeholders. Places have been reserved by parliamentary pass-holders from BEIS; the Department for Digital, Culture, Media and Sport; the Government Legal Department; the Home Office; the Information Commissioner's Office; the National Cyber Security Centre; the Department for the Economy, NI; The Scottish Government.

Overall, we expect speakers and other delegates to be an informed group including Members of both Houses of Parliament, senior government officials involved in this area of public policy, together with cyber security, technology and telecoms professionals, and those from the wider business community and the security and defence sector, advisors and suppliers, academics and educational institutions, training providers, lawyers, analysts, industry bodies, organisations and individuals representing the views of consumers and citizens, and reporters from the national and specialist media.

This is a full-scale conference taking place online***

  • full, four-hour programme including comfort breaks - you’ll also get a full recording and transcript to refer back to
  • information-rich discussion involving key policymakers and stakeholders
  • conference materials provided in advance, including speaker biographies
  • speakers presenting via webcam, accompanied by slides if they wish, using the Cisco WebEx professional online conference platform (easy for delegates - we’ll provide full details)
  • opportunities for live delegate questions and comments with all speakers
  • a recording of the addresses, all slides cleared by speakers, and further materials, is made available to all delegates afterwards as a permanent record of the proceedings
  • delegates are able to add their own written comments and articles following the conference, to be distributed to all attendees and more widely
  • networking too - there will be opportunities for delegates to e-meet and interact - we’ll tell you how!

Full information and guidance on how to take part will be sent to delegates before the conference

Keynote Speaker

Dr Claudia Natanson

Chair, UK Cyber Security Council


Senior speaker confirmed from BT Group

Professor Deeph Chana

Co-Director, Institute for Security Science and Technology

Professor Sadie Creese

Professor of Cyber Security, Department of Computer Science, University of Oxford

Olu Odeniyi

Board Director, Federation of Small Businesses

Erika Lewis

Director, Cyber Security and Digital Identity, Department for Digital, Culture, Media and Sport

Carla Baker

Senior Director, Government Affairs UK & Ireland, Palo Alto Networks