Last week techUK held its inaugural techUK Cyber Innovation Den in partnership with Atos and HP. With keynote contributions from the National Cyber Security Centre (NCSC) and the Department for Digital, Culture, Media and Sport (DCMS), as well as a pitching competition for eleven innovative cyber security SMEs, the day was an opportunity to explore the cyber innovation landscape.
It is often difficult for innovative SME companies to gain the traction and customer base that their products deserve, and that is no different within the cyber security industry. At techUK’s Cyber Innovation Den, eleven cyber SMEs showcased their pioneering solutions to pressing problems for industry, and after much deliberation, Risk Ledger, a company that aims to improve the security maturity of the global supply chain ecosystem, was announced the Most Innovative SME Cyber 2019.
The event was interspersed by excellent keynote speeches from a Senior NCSC figure and Andrew Elliot, the Deputy Director for Cyber Security and Digital Identity at DCMS. There were also engaging panel discussions on the future of new Secure by Design protocols and the emerging threats and technologies within the cyber security sector. The event was rounded off with tips on how to grow a cyber security SME by Harry Metcalfe, Co-founder and CEO of DXW, and a discussion on the impact of Cyber 9/12: an international competition which challenges graduate and undergraduate students to explore the implications of a cyber-attack.
The key themes from each session can be found below:
Session 1 – The UK Government’s approach to stimulating innovation in the Cyber Security Sector
Andrew Elliot stated it was the UK Government’s aim, and particularly the aim of DCMS, to make the UK the best digital economy in the world and the best place globally for online businesses. To achieve this goal, government must make businesses aware of the required steps to be secure and resilient online.
In order to do this, Andrew highlighted that the creation of the NCSC had ushered in the development of a more open GCHQ and he outlined three steps that the NCSC was undertaking to mature the UK cyber security scene:
- Create skills initiatives which upscale the workforce and the cyber security profession, alongside school children in education.
- Move the burden for Cyber Security protection from consumers to suppliers, who must reach a minimum standard of protection.
- Help organisations have access to the security products and services they need.
Finally, Andrew noted that government is able to shape the cyber security market because they are a big customer and explained that the government had a role to play in solving the problems being raised by various cyber clusters; regional cyber communities that meet informally and network
Session 2 – The Importance of Innovation to the Cyber Security Ecosystem
Our second session was held with a senior figure at the NCSC who spoke about the important work that the agency is doing to keep citizens and businesses safe. The figure said the capabilities the NCSC wanted to be able to achieve were as follows:
- Defend UK cyberspace and help allies achieve online security
- Have the capability, in extremis, to attack
- Ensure these goals are achieved in ways compatible with the law
As the NCSC continues to develop its capabilities, it was also reviewing certain practices it had developed including:
- How it manages long term critical risks
- Processes to educate people about who is connected to their network
- Use of principle of least privilege and whether to create cross-domain solutions
- Promoting resilience to ensure cyber-attacks have minimal lasting impact
- Increasing usability by reducing the burden of security policies on ordinary people
- Providing incentives to change behaviours to ensure people cause the least amount of harm
They also wanted to explain that they understand SMEs want funding or a contract and though they can’t serve everyone, they want procurement from the NCSC to encourage innovation and that this priority was especially important given the need to ensure the NCSC does not fall behind its strategic competitors.
Finally, the NCSC wanted to emphasise that they were committed to protecting individuals with internet connected devices and were therefore positive towards the possible promotion of a code of best practice and the increased use of automation, to both allocate resources more effectively and reduce the impact of human fallibility on the integrity and security of personal networks.
Session 3 – How can the UK become secure by design?
The third session was a panel discussion between George Brasher, Managing Director of HP; Peter Stephens, Head of Secure by Design at DCMS; and John Cook, Head of Defence Information Assurance at MOD.
After introducing themselves, Peter Stephens argued that the desire for consumers to be safe and for the industry to grow was shared across national governments. Consequently, DCMS would like the Secure by Design code to become a global leader of effective regulation and would therefore be constantly updated, with the next update due in October 2020. Peter argued that it was wrong to force consumers to be cyber security experts and that balance was required between transparency and overloading the consumer with information. Crucially, DCMS and government needed to ‘counter the narrative’ that they were unaware of what constitutes good practice. In order to do this, they need to embed good baselines to increase consumer confidence and ensure bad practice does not get through to market.
George Brasher agreed with these sentiments and argued that regulatory guidelines would be beneficial for private sector companies with strong security infrastructure. He also suggested that while government can have conversations about security with commercial customers, this becomes more complex with consumers. In order to relay information to consumers in a simplistic way, George argued the proposed badge in the code of practice was a good idea and could indicate a company takes cyber security seriously and has invested in the security of their devices. His final point mentioned that HP had gone from a protection mindset surrounding cyber security to a resilience mindset, and that detection was important and the bottom line for private companies was to protect their customers.
Finally, John Cook gave a MOD perspective and said the Code by Design needed constant attention to make cyber security protocol more uniform for organisations. He also said the MOD was going to put more effort into its supply chain to ensure cyber resilience throughout and that the Defence Cyber Protection Partnership (DCPP) was a useful collaboration between the MOD and key suppliers to ensure defence supply chains understand the cyber threat and are appropriately protected against attack. This cyber protection was particularly important for the defence industry, given the nature of foreign adversaries. Crucially, John said the MOD needed to ensure that people within defence supply chains value security and futureproofing products to ensure they remain secure in the future.
Session 4 – Emerging threats and technologies: the future of cyber security
The fourth session was also a panel discussion between Grace Cassy, Co-Founder of Cylon, Sandy Forrest, Client Executive of Atos UK&I and James Hodge, Chief Technical Adviser EMEA of Splunk, looking at the emerging technologies that will provide both opportunities and challenges to the cyber security sector
Grace was keen to highlight that there were many emerging trends within the sector but that the insider threat, both accidental and malicious, continues to be important. For example, an increasing number of start-ups are looking to deal with of the issue of human fallibility. Moreover, she argued there was a growing need for more automation within the industry to allow teams to focus on more strategic issues
Sandy picked up on this trend to argue that though cyber innovation continues to evolve, human motivation has remained the same. He went on to state that though some things were cyber enabled while others were cyber dependent, people exploit the cyber environment in the same way they would do in a non cyber environment.
James wanted to emphasise that technology is fun and that procurement strategies are often overlooked. He argued that to understand the future of the industry you should also talk to younger people, who have some excellent ideas surrounding the future utility of tech.
Afternoon Session – Cyber Innovation Den
In the afternoon we held our inaugural innovation den competition which saw some of the most innovative cyber SMEs come together to pitch their products and services to a panel of expert judges from across the private and public sectors.
The judging panel was made up as follows:
- Kulveer Ranger, Senior Vice President Strategy & Communications, Atos UK & Ireland
- Peter Jaco, Chairman, CyberOwl
- Andy Williams, CEO, Global Transatlantic and Advisor to DIT
- Sue Daley, Associate Director, Technology and Innovation, techUK
The competitors were:
- Cybersec Innovation Partners
- Crypta Labs
- Keepnet Labs
- Risk Ledger
- UM Labs
Risk Ledger won the competition with their product which aims to reduce data breaches worldwide by securing the global supply chain against cyber-attacks. The judges believed that Risk Ledger’s approach to supporting suppliers in implementing good cyber hygiene through a security management platform with a secure social network, was unique and meeting a need that is not met by current products on the market. techUK are delighted to support innovative SMEs such as Risk Ledger at the start of their journey into cyber security across UK sectors, and as part of the prize Risk Ledger will be named the techUK Cyber Innovator 2019 and will be given the opportunity to showcase their solutions at the upcoming International Security Expo 2019, where they will receive exposure to hundreds of potential clients. We at techUK are delighted to showcase some of the best British talent and look forward to providing opportunities for other SME Cyber companies soon.