Socitm President's Conference 2018

In conversation with Professor Bill Buchanan

With the excitement around the Socitm President's Conference growing more and more by the day, we wanted to catch up with some of this year’s speakers to find out what they’re most looking forward to at the event and why you can’t afford to miss it! Read the full interview below which is the latest instalment of our Socitm President’s Conference Speaker Q&A.

This week we’re delighted to introduce one of the world’s leading experts on cybersecurity Professor Bill Buchanan. As well as being the head of Napier University’s Cyber Academy, Professor Buchanan is a fellow of the BCS and the IET. He was awarded an OBE in the 2017 Birthday Honours for services to cybersecurity.

Professor Buchanan’s presentation will examine the future prospects, threats and opportunities posed by cybersecurity for public services.

Q1. What are you most looking forward to sharing with your peers from your presentation? Can you give us any teaser stats, facts or insight?

A. I believe many of our systems are fit for the 20th century, and we need to start to build an infrastructure which is fit for the 21st century. Overall we can improve our provision of public services, but we need to create a more trusted infrastructure, and one which is citizen-focused. At the core of this is identity and trust, and we need to look to new ways to integrating consent, governance and ownership. Too often our systems are silio’ed across agencies, and we must redesign in order to effectively share information. I will thus outline how encryption can be used to protect data, and also outline key risks in the protection of our critical national infrastructure.

Q2. Do you think the response and attitude towards cybercrime from public services is still behind where it needs to be?

A. Yes. We need to train every person in the public sector to be aware of risks, and also in responding to threats. While risks exist, it should not hold us back building new citizen-focused services, and transform areas such as health and social care. I believe we need to do everything possible to promote innovation, and especially supporting our great SMEs.

Q3. Does the public sector, including councils, have the level of funding needed for cybersecurity?

A. No. They are a long way short of the investment that is required to properly protect citizen-data, and, especially in transforming their systems to focus on the requirements of citizens.

Q4. What are the best ways for public sector organisations to tackle the latest threats?

A. The public sector needs to transform their operations and integrate encryption and improve access control (such as with multi-factor authentication). With GDPR coming up, our public sector organisations need to understand how they capture, store and process data which has personally sensitive information. This, though, should not hold us back from increasingly using data to support the provision of public services.

Q5. Do you think the public sector should look at examples of best practice in the financial sector to improve security?

A. Yes. Many finance companies run 24/7 security operations centres and have a whole lot of analysts working on incoming alerts. Many finance companies now see themselves as technology agencies, and which their operation is built on a foundation of data. We need to transform our public services in the same way, and focus on “digital-by-default”.

Q6. Is there potential for public sector organisations to co-operate in tackling future problems?

A. Yes. The public sector has to transform their existing methods in order to improve the access for citizens. There should be an increase in sharing information, but in order to do this, we need to invest in ways which can anonymise and sanitise data.

Q7. Do you think centralised solutions and standards could help public sector organisations combat something like WannaCry?

A. Sometimes centralisation works, but we need to improve processes and support virtualised infrastructures, and where we improve the security of data. We got off lucky with WannaCry. The next time it could be serious. Increasingly we need to understand the elements of our infrastructure which could fail, and how systems interconnect. The next wave of the internet is just around the corner, and this time we will see an increase in the number of devices which will be connected to our networks, and each will bring new risks. If we fail to secure our core infrastructure, we will especially struggle to integrate these devices which connect at the edges of our network. One thing that is for sure is that we need to move into this information age, and make full use of the automation that cloud-based systems can bring.

The conference in Glasgow on 8-9 May promises to inspire the Socitm community through a phenomenal line-up of the industry’s finest speakers paired with a knock out agenda! You can find out more information about the event and read Professor Buchanan’s full profile here

Security level: Public