Celtic Manor Resort,
Newport, 29th April 2015
Welsh Industry Cyber Security Summit
Welsh Industry Cyber Security Summit 2015
@cemas_usw
www.cemas.mobi
fb.com/cemas.wales
Professor Khalid Al-BegainDirector of CEMAS
It is my great pleasure to introduce the inaugural Welsh Industry Cyber Security Summit. The summit comes as the fruit of close collaboration
between Airbus Defence and Security, TARIAN,
Regional Organised Crime Unit (ROCU) for Southern
Wales Region, the Welsh Government and CEMAS of the
University of South Wales.
Cyber Security is becoming a major concern for all
business around the world. It affects all businesses
regardless of their sector, size and geographical location.
Cyber-attacks can take many forms and can have varying
impacts from simple data theft to a wide-ranging attacks
such as Denial of Service attacks or essential IP theft
or digital ransom. Vulnerability to cyber-attacks whether
small or big can damage the confidence in any business
or the capability for any business to become part of the
supply chain for other major industries or businesses.
Wales has significant expertise in Cyber Security spread
among major industries such as Airbus Defence and Space
and General Dynamics, many SMEs, academics research
centres such the Information Security Research Group (ISRG)
and the Centre of Excellence in Mobile Applications and
Services (CEMAS) at the University of South Wales and the
Police’s Organised Crime Unit. Hence, it is believed that
Cyber Security can become an opportunity for Wales
rather than just a threat.
Introduction
The four organising parties of this inaugural Welsh Industry
Cyber Security Summit have recognised the importance
of raising the awareness of Welsh businesses so that Cyber
Security can be considered at Board level in each company
small or large.
I hope that this Summit will become a trigger to a wider
and more coordinated effort to capitalise on the expertise
and the opportunities in Wales. I also hope that the Summit
will facilitate the formation of the Welsh Regional Cyber
Security Information Sharing Partnership (CSIP) as a vehicle
to share information and advice on any Cyber Security matters.
Welsh Industry Cyber Security Summit 2015
9.30am
Registration and Coffee
10.00am
Welcome and Introductions –
Dr Rhobert Lewis, University of South Wales
10.05am
Chairmans Opening Remarks –
Dr Bob Nowill, UK Cyber Security Challenge
10.10am
Keynote – Mr Paul Kahn, President of Airbus Group UK
10.25am
Rise of Cyber Threats – Tim Hull, Head of Threat Desks,
National Crime Agency
10.55am
Examples of Recent Attacks –
Andrew Beckett, Airbus Defence and Space
11.25am
Cyber Crime – Unchartered Territory –
D/Supt Terry Wilson, NPCC Cyber Crime Programme Lead
11.45am – 12.00pm
Networking Coffee Break
12.00pm
Panel Discussion/Q&A Session –
National Crime Agency, Tarian, Airbus and
University of South Wales
12.30pm
Cyber Security and Cyber Essentials –
Dr Bob Nowill, UK Cyber Security Challenge
12.50pm
Introduction to Cyber Information Sharing Partnership –
Andrew Beckett, Airbus Defence and Space
1.00 – 2.00pm
Lunch
2.00pm
Technical and Practical Assistance –
Ioan Peter, Airbus Defence and Space
2.30pm
Panel Discussion/Q&A Session –
Terry Wilson, Ioan Peters and Tim Hull
3.00pm – 3.15pm
Networking Coffee Break
3.15pm
Cyber Innovation and Opportunities in Wales –
Professor Andrew Blyth and Dr Kevin Jones
4.00pm
Closing Keynote
4.15pm
Chairmans Closing Remarks – Dr Bob Nowill,
UK Cyber Security Challenge
4.30pm
Event Close
Programme
Welsh Industry Cyber Security Summit 2015
Dr Rhobert LewisDean of Computing, Engineering and
Science at the University of South Wales
Dr Rhobert Lewis was formerly Head of Science and
Director of the Centre for Police Sciences and now
Dean of the new faculty of Computing, Engineering and
Science at the University of South Wales.
He has considerable experience of consultancy, new business
and curriculum development in science and technology.
His faculty has a strong research profile in hydrogen energy,
anaerobic digestion, power generation, information security
and forensics, computer and communication systems
and optoelectronics.
Industrial connections include partnerships with British
Airways, General Dynamics, Tata steel, Renishaw and
EDF Energy. Rhobert sees universities as critical in
stimulating the Welsh economy by providing high-quality
graduates who are recognised by professional bodies
and by engaging in industrially-focussed knowledge transfer.
Speakers & Panel ExpertsDr Bob NowillChair of the Board at The UK Cyber
Security Challenge Ltd
Bob is Chair of the Board at The UK Cyber Security
Challenge Ltd, and an independent Security Consultant
and Advisor through Herne Hill Consulting Ltd.
He is also a non-Executive Director and Board Member
of Information Risk Management (IRM) plc, and the Chair
of the Institute of Information Security Professionals
(IISP) Accreditation Committee.
He was the Director for Cyber and Assurance at the
BT Security Enterprise until the end of 2013. Before joining
BT in 2005, Bob was the Director of Technology and
Engineering and Board Member at the UK’s Government
Communications Headquarters (GCHQ) and held a number
of other roles there before that. His career has also included
periods with UK MoD (Defence Procurement Agency and
Research Agencies), in The Netherlands with The SHAPE
Technical Centre, and research at Cambridge University
Engineering Department.
He graduated from Cambridge University (Trinity College),
and subsequently read for a PhD also at Cambridge.
He is a Chartered Engineer and Chartered IT Professional,
a Fellow of the IET and of the BCS, and a full Founder
Member of the Institute of Information Security Professionals.
Bob was named in the “Secure Computing (SC) Most Influential
2010” list in association with (ISC)2 as amongst the most
influential people in information security.
Bob is married to Dr Joanna Nowill, a Counselling
Psychologist who runs The Cheltenham Trauma and
Counselling Clinic, and they share three adult children
and a rescue Greyhound.
Welsh Industry Cyber Security Summit 2015
Paul KahnPresident of Airbus Group
Paul Kahn was appointed President of Airbus
Group UK on 1 October 2014 having worked
at Thales, latterly as President and Chief Executive
Officer of Thales, Canada.
Paul has extensive international management experience
in the aerospace, defence and transportation industries,
in both the private and public sectors.
A chartered engineer with a Masters in engineering and
management systems from Brunel University, he worked
for the Ford Motor Company in Europe and the United States,
before joining the public sector as a civil servant at the UK
Ministry of Defence. There, he led one of the major reviews
of procurement processes.
Moving from the MOD back to the private sector, his career
in Thales spanned a variety of increasingly senior operational
and corporate positions, heading various business units
and as Vice President, Group Business Development in the
Paris headquarters.
Mr Kahn is a Fellow of the Royal Aeronautical Society,
holds an MBA from London Business School, and attended
The Royal College of Defence Studies. An active outdoors
person, he lives in Surrey, and is married with three children.
He holds dual British and American nationality.
Tim HullHead of Threat Desks,
National Crime Agency
In a career of over 30 years, Tim Hull has worked in the
intelligence agencies, the Joint Terrorism Analysis Centre,
the Home Office and the National Crime Agency (NCA).
Over that time, his roles have been many and varied,
though all relating directly or indirectly to intelligence,
whether collection, analysis, technical investment or
programme management. He has worked on a range
of topics, including geo-politics, terrorism, military conflict,
serious crime and cyber. In 2011 he was awarded the OBE.
From 2012-14 Tim led the design of the NCA’s National
Intelligence Hub. The Hub sits at the heart of the agency,
producing a comprehensive picture of the serious and
organised crime threat to UK interests… A picture on which
the NCA relies to fulfil its core mission of leading and
co-ordinating the UK national response. Within the Hub,
Tim heads up the nine desks which are responsible for
building strategic and tactical intelligence on the serious
and organized crime threats set out in the related UK
National Strategic Assessment.
One of the highest-priority of those threats faced
is cybercrime, the national Law Enforcement response
to which is led by the NCA’s National Cybercrime Unit.
Within the governance mechanisms by which this threat
is managed, Tim chairs a multi-agency body which,
in collaboration with industry and international partners,
focuses on the “cybercrime marketplace”, ie. the sophisticated
international marketplace in which criminals trade tools,
skills and a wide range of related criminal services.
Tim is married with two children. His free time (and money)
is spent restoring old cars and even older properties.
Welsh Industry Cyber Security Summit 2015
D/Supt Terry WilsonNPCC Cyber Crime
Programme Lead
Terry joined the Metropolitan Police Service in 1986.
He has spent the majority of his career a detective,
initially inner London postings at Clapham and Brixton.
Specialist postings have included the South East Regional
Crime Squad, MPS Anti – Corruption Command and
Serious and Organised Crime Group – Flying Squad –
where he specialised in Armed Robbery investigation
at ascending ranks from Detective Sergeant to Detective
Chief Inspector, in between performing more conventional
borough-based roles in those ranks.
From 2009 to 2013 Terry held the post of operational
lead for the Police Central e-Crime Unit (PCeU).
This Metropolitan Police led national remit involved
responsibility for improving the timely response to serious
incidents of Cyber Crime through a public/private partnership
initiative to maximise harm reduction and increase public
confidence by proactively targeting criminal networks
involved in Cyber Crime, specifically, the most serious
incidents of computer intrusion, distribution of malicious
code, denial of service attack and Internet-enabled fraud.
Terry is currently the national cyber crime programme lead
working directly to the national policing lead, DCC Peter
Goodman. His role is developing cyber capability at regional
and force level across England and Wales.
Andrew BeckettHead of Cyber Defence for Airbus
Defence and Space in the UK
A founder and Managing Director of Regency IT Consulting
since 2005, Andrew grew this successful specialist Cyber
and Information Assurance consultancy company until its
acquisition by Cassidian (part of the Airbus Group) in 2010.
Following the acquisition, Andrew has maintained his role
at Regency but also heads Cyber Defence for Airbus Defence
and Space in the UK.
Prior to moving into consultancy, Andrew spent two years
with the International Civil Service in The Hague where he
was Head of the Office of Confidentiality and Security for
the Organisation for the Prohibition of Chemical Weapons
recent recipients of the 2013 Nobel Peace Prize.
A fast stream graduate entrant into the Civil Service,
Andrew spent his early career at GCHQ where he
specialised in cyber defence heading the teams
responsible for InfoSec consultancy and Penetration
Testing; personally providing support to the main
Whitehall departments and Intelligence Agencies.
Welsh Industry Cyber Security Summit 2015
Ioan PeterHead of Technical Design
at Regency IT Consulting
Ioan joined Regency IT Consulting from the UK Intellectual
Property Office in April 2012, following a career that spanned
the UK Civil Service, Police Service and the Private Sector.
Since joining Regency, Ioan has completed numerous client
engagements working at all levels of the client organisations.
His favourite engagements include working with a Utility
Company to protect its extensive infrastructure against
cyber-attack and assisting the Home Office to search DNA
data more effectively to enable the processing of ‘cold cases’
in order to bring criminals to justice.
He is currently leading a programme of work for a very large
high tech multi-national, in order to test its cyber defences
through simulating sophisticated cyber-attacks and other
real-world threats. This work is seen as strategic, and reports
in at Group Chief Security Officer and Group CEO levels.
Ioan was employed by the Intellectual Property
Office in September 2008 as the Head of Technical
Design with responsibility for both technical architecture
and security.
Ioan was the Departmental Security Officer for
this Executive Agency, responsible for protecting the UK’s
largest collection of Intellectual Property and for information
up to the highest levels of classification.
He was also responsible for the IT Services which support
the granting of Patents for the UK and represented the UK
on technical matters within the European and UN communities.
Whilst at the UK IPO, Ioan led a security programme that
saw the organisation comply with Government security
standards, embed information risk management into the
business, achieve high scores against the Government
Information Assurance Maturity Model and certify its
information security management system against
ISO 27001.
Prior to joining the Intellectual Property Office,
Ioan specialised in the design, implementation and
support of secure applications and infrastructure,
much of which was with one of the largest
police forces in the UK.
He has extensive experience of IT Security, designing secure
and highly available systems, running enterprise level IT
Operations, virtualisation and SAN technologies.
Welsh Industry Cyber Security Summit 2015
Dr Kevin JonesHead of Airbus Group Innovations
Cyber Operations Team
Dr Kevin Jones is the Head of Airbus Group Innovations
Cyber Operations team and is responsible for research
and state of the art Cyber Security solutions in support
of the Airbus Group (Airbus, Airbus Helicopters,
Airbus Defence and Space, and Airbus HQ).
He holds a BSc in Computer Science and MSc in
Distributed Systems Integration from De Montfort
University, Leicester where he also obtained his PhD:
A Trust Based Approach to Mobile Multi-Agent System
Security in 2010.
He is active in the Cyber Security research community
and holds a number of patents within the domain.
He has many years experience in consultancy to aid
organisations in achieving accreditation to ISO 27001
standard on Information Security Management and
currently acts as a senior consultant to the Airbus
Group on matters of cyber (information) security across
multiple domains and platforms.
Kevin’s current research activities include Risk
Assessments, Security Architectures, and Cyber
Operations in; ICS/SCADA systems and Critical
National Infrastructure (CNI), Security Operations
Centres, Mobile Security, and Cloud Security.
He currently chairs the International Symposium for
Industrial Control System Cyber Security Research and
is an elected expert to the Engineering and Physical
Sciences Research Council (EPSRC).
He has worked closely with Government agencies on
Cyber Security and on European funded programmes
such as the “European Control System Security Incident
Analysis Network”.
He is a Member of the BCS, IEEE, and ISC2 and accredited as
a Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), and ISO 27001
Lead Auditor.
Professor Andrew BlythHead of Computing Systems
Engineering, University of South Wales
Professor Andrew Blyth is a respected information
security academic.
He teaches information security and computer forensics
at the University of South Wales. Andrew is an expert
in computer forensics and vulnerability development.
Welsh Industry Cyber Security Summit 2015
Partners
Airbus Defence and SpaceAirbus Defence and Space is one of the three divisions
of the Airbus Group and Europe’s Number 1 defence and
space company.
It is the world’s second largest space company and one of the
top 10 defence companies globally, with revenues of around
€13 billion per year and approx. 38,600 employees. The Chief
Executive Officer of Airbus Defence and Space is Bernhard
Gerwert. Airbus Defence and Space puts a strong focus on core
businesses: Space, Military Aircraft, Missiles and related systems
and services.
Airbus Defence and Space develops and engineers cutting-edge
and peerlessly reliable products in the field of defence and space.
Its defence and space technologies enable governments and
institutions to protect natural resources, societies and individual
freedom. The aircraft, satellites and services help to monitor
climate and crops, and to secure borders. Airbus Defence and
Space solutions guarantee sovereignty in foreign affairs and
defence matters. It’s portfolio also ensures communication,
mobility, the expansion of knowledge and the safeguarding
of the environment.
Airbus Defence and Space is composed of four Business
Lines: Military Aircraft; Space Systems; Communications,
Intelligence and Security (CIS); and Electronics. It brings
together a wide portfolio to continue to meet the complex
needs of its customers across the world, contribute to Europe’s
defence and security, and secure Europe’s independent
access to and utilisation of space. Among its flagship products
are the transport aircraft A400M, the military jet Eurofighter
and, in the framework of the Airbus Safran Launcher joint
venture, the Ariane launcher.
.
Andrew BeckettA founder and Managing Director of Regency IT Consulting
since 2005, Andrew grew this successful specialist Cyber
and Information Assurance consultancy company until its
acquisition by Cassidian (part of the Airbus Group) in 2010.
Following the acquisition, Andrew has maintained his role
at Regency but also heads Cyber Defence for Airbus Defence
and Space in the UK.
Prior to moving into consultancy, Andrew spent two years
with the International Civil Service in The Hague where he
was Head of the Office of Confidentiality and Security for
the Organisation for the Prohibition of Chemical Weapons
recent recipients of the 2013 Nobel Peace Prize.
A fast stream graduate entrant into the Civil Service, Andrew spent
his early career at GCHQ where he specialised in cyber defence
heading the teams responsible for InfoSec consultancy and
Penetration Testing; personally providing support to the main
Whitehall departments and Intelligence Agencies.
Welsh Industry Cyber Security Summit 2015
Gary Phillips Gary joined Dyfed Powys Police in 1996 and was promoted
to Detective Chief Inspector at TARIAN, the Regional Organised
Crime Unit (ROCU) for Southern Wales in October 2013.
Aged 20, he was first posted to Carmarthen, where he
performed uniform patrol duties of both the town and
rural areas. However, since taking his next role at Ammanford
Criminal Investigation Department as Detective Constable
in 2001, he has stayed predominantly within a CID function.
Gary was promoted to the roles of Detective Sergeant
and Detective Inspector in 2002 and 2006 respectively –
the latter being Intelligence Manager on Carmarthenshire’s
Divisional Intelligence Unit.
After moving on and spending nearly five years as Detective
Inspector at Llanelli CID, where he was dealing with volume
and serious crime incidents, Gary transferred to Dyfed-Powys
Force Headquarters in 2013 on a six-month secondment
in uniform as Force Performance Manager.
Within this role he was responsible to Chief Officers for the
audit and review of Dyfed Powys Police’s overall performance.
Later that year Gary was promoted to his current role of
Detective Chief Inspector at TARIAN – and his responsibilities
include managing the Regional Task Force, the Regional Asset
Confiscation Team, the Regional Asset Recovery Team (RART),
Regional Fraud Team and Regional Cyber Crime Unit.
TARIANTARIAN is the Southern Wales Regional Organised Crime Unit
(ROCU), set up in 2002 to protect the communities of the
Southern Wales Region from the threats and risks of Serious
and Organised Crime; identifying, disrupting and dismantling
those organised crime groups who cause the most harm.
Organised crime is a serious problem that impacts upon
our communities every day. From the drug dealing on the
street corner, to gangs terrorising our communities, to the
trafficking of vulnerable young women into prostitution –
all are fundamentally driven by organised criminals.
TARIAN forms part of a National network; there are nine ROCU’s
across England and Wales, all intently focussed on tackling
organised crime.
With the launch of the National Crime Agency (NCA) on the
7th October 2013, TARIAN also has the role of facilitating the link
between the NCA and local forces.
Our Vision
Our vision is to protect communities of the Southern Wales
Region from the threats and risks of serious and organised crime.
Our Mission
Our mission is to identify, disrupt and dismantle organised
crime groups causing most harm to the Southern Wales Region.
Our Values
We are professional in tackling serious and organised Crime.
We are committed to collaboration and working with partners
and other law enforcement agencies.
Welsh Industry Cyber Security Summit 2015
Professor Khalid Al-BegainProfessor Khalid Al-Begain is the Director of the Centre of Excellence in Mobile Applications and Services (CEMAS) and is Professor of Mobile Computing and Networking at the University of South Wales.
With over 25 years experience in computing and mobile technology he has a vast and varied background in Mobile Development, Communication Engineering and Analytical Modelling and Simulation.
In 2013 Khalid was the winner of the IWA Inspire Wales Award for Science and Technology. Additionally, in 2006, he received Royal recognition as one of only 500 British scientists for his contributions to the British scientific community. Khalid is leading the University contributions to various national projects including playing a key role in the establishment of the National Cyber Security
Centre for Wales and the first Welsh Industry Cyber Security Summit.
University of South WalesFounded by industry and the professions, the University of South Wales is one of Britain’s most exciting new universities and a major player in higher education.
One of the top ten campus universities in the UK by student number,
it attracts a cosmopolitan mix of students from over 120 countries
and all backgrounds.
The University of South Wales is unusual in the UK in bringing
together the broadest range of provision and the widest access
to education. It offers a full range of qualifications from further
education level to degrees and PhD study.
As a major university it delivers the full range of STEM subjects,
from engineering and mathematics to computing and surveying
as well as being an experienced provider of teacher training courses.
The University is a powerhouse in applied research used
to shape major decisions. As a major public policy think-tank,
it offers independent advice to government, industry and
employers across the UK on health, education, economic growth,
social policy, and governance. It provides a partnership platform
for ideas and debate with major think tanks such as the Joseph
Rowntree Foundation and NESTA.
Wayne JamesWayne James, Cyber Security Lead in the Department
for Economy, Science and Transport’s ICT Sector team.
Wayne’s involvement with the public sector dates back to 1987,
when he held roles as a management advisor and then a regional
manager with the international division of the Welsh Development
Agency. Prior to this, he held financial and commercial management
positions within the private sector, with roles at magazine and
multimedia publisher IPC, global manufacturing and engineering
business Gallagher and City traders Stemcor.
In 2012 he led a collaboration of 9 European Regions and was the
publisher of an EU Best Practice Guide on creating new types of
digital business networks across Europe. Previous collaborations
include working with the DTI, Devolved Administrations and
industry aiding the delivery of regional economic strategies.
Currently he is Cyber Security Lead in the Department for Economy,
Science and Transport’s ICT Sector team at the Welsh Government.
Welsh GovernmentThe Department for Economy, Science and Transport aim to create a strong economy to enable businesses to create jobs and sustainable economic growth.
Welsh Industry Cyber Security Summit 2015
Stakeholders
With the backing of founding sponsors like the SANS Institute,
the Challenge started out in 2010 to create a series of virtual
and face-to-face competitions that would identify talented
people for the cyber security industry.
Now entering its 6th year the Challenge is backed by over
50 of the UK’s most prestigious public, private and academic
organisations, and hosts a wide programme of activities designed
to spread the word about why cyber security is such a fulfilling
and varied career and help talented people get their first cyber
security jobs. Working from school level right through to helping
career changers making the transition across, the Challenge is
making a notable difference to the career prospects of those with
the talents and aptitude to become cyber security professionals.
The 2015 Masterclass was recently held on board HMS Belfast
in London from which Adam Tonks, a computing student,
was named this year’s Cyber Security Champion. For more
information on Cyber Security Challenge UK please use the
following link: www.cybersecuritychallenge.org.uk
Action Fraud is the UK’s national reporting centre for fraud
and financially motivated cyber crime.
Victims can report fraud by calling 0300 123 2040 or by
using the online reporting tool at www.actionfraud.police.uk
The service also enables people to get help, advice and support.
The South Wales Cyber Security Cluster is a business networking
group formed under the umbrella of the UK Cyber Security Forum
to proactively support both the UK Government’s National Cyber
Security Strategy and Welsh Government’s stated aim for South
Wales to be a hub for Cyber Security in the UK.
It was formed and is led by Welsh businesses who meet monthly
to communicate cyber initiatives, develop cyber skills in Wales
and help to grow each other’s businesses.
The group is free to join for anyone with an interest in Cyber
Security and meetings are held every 3rd Tuesday of the month
between 2.00pm and 4.00pm in Cardiff. More information can
be found at www.southwalescyber.net
Tigerscheme is a certification scheme for technical security
specialists, backed by University standards.
Tigerscheme was founded in 2007, on the principle that
a certification scheme run on independent lines would give
buyers of security testing services confidence that they were
hiring a recognised and reputable company. Tigerscheme is
approved by CESG, the Information Security arm of GCHQ,
to carry out assessments for penetration testers which are
equivalent to CHECK standards.
Tigerscheme provides career progression through certification
and formal recognition of an individual’s skills, and is awarded
on the basis of a rigorous independent assessment against
published and widely-accepted standards.
Tigerscheme is run and managed by the University of South
Wales Commercial Services Ltd, a wholly owned subsidiary
of the University of South Wales. The Industry Advisory Committee
includes representatives from Government and various sectors
of industry, including telecoms, utilities and academia.