Charlie attended The Scottish Cyber Summit earlier this week and has summarised points made by different speakers and panellists.
Yesterday, I attended the Scottish Cyber Summit in Edinburgh! So for this week’s bulletin, I will be sharing what I learnt from the event. The summit was a gathering of the ‘great and good’ of Scottish Cyber, with a large number of the audience being from the Government, Government Organisations, and the Scottish Police. The event itself was organised and hosted by Scottish Business Resilience Centre (SBRC), they bill themselves as “a not-for-profit and a respected voice in business resilience, bringing together the Scottish Government, Police Scotland, and the Scottish business community”. One of their roles is to promote cyber security to Scottish businesses. Their model of Government and Police has been exported to England with nine resilience centres having been set up to promote cyber security to businesses across the whole country.
The following are the main points I picked up from the summit. They are memorable bits for me, rather than a synopsis of each person's speech!
Keith Brown MSP, Cabinet Secretary for Justice and Veterans. Scotland is a country where you can get things done. He described it as a ‘Goldilocks country’ - neither too big nor too small!
We need to be aware of the vulnerability of our infrastructure, as demonstrated by the loss of internet connectivity in the Shetland area. Where their internet cable to Faroes was under maintenance and the others were damaged by a trawler. They lost the use of mobiles, ATMs, electronic payment, and the internet for two days. If the incident had gone on much longer, life could have been very difficult for those who live there. Although it was not a cyber incident it highlighted our reliance on the internet for conducting day-to-day life.
The FBI spoke about the importance of collaboration in fighting cybercrime, the key nation-state actors were Iran, Russia and China, with no mention of North Korea and the need to share information, especially with the private sector.
There were lots of panel discussions on trying to get more diversity into cyber security, with a focus on neurodiversity and getting more women into the industry. Interestingly, there was no mention of getting ethnic minorities into the cyber industry so perhaps they are already well represented. The latest figures show that women make up 20% of the cyber workforce. There was a discussion on why women made up a small percentage of the workforce, and the discussion was based on the issues that women face in the workplace. What was interesting was that there was no discussion on whether there is an element or a perception which makes a career in cyber less attractive to women. There were also lots of chats on looking at different career pathways into the world of cyber rather than the traditional university route. The importance of getting taught about cyber security or at least getting children at the school level exposed to the possibility of a career in cyber.
The Department for International Trade spoke about the importance of the cyber sector to Britain’s economy. How the UK was a world leader and what help could they give organisations to increase sales of their products and services outside the UK.
The Estonian Ambassador, who looked extremely dapper! Spoke about how professionals in the cyber industry need to have friends and trusted allies to help protect themselves from bullies. Also, he talked about the need to engage with the public and be frank with them about cyber threats and the need to inform them, “what was happening, how it is happening, and how it affects them”. He said being honest and getting the trust of the public was very important when talking about cyber. The best bit was a question by the audience who asked him if Estonia engage in offensive cyber, to which he replied “I am pretending not to have heard that question” and looked the other way!
The main point that I took away from DCC Malcolm Graham’s was that cyber is a threat to our happiness as individuals and as a nation!
Lindy Cameron OBE CEO of the NCSC made a couple of good points in that ransomware was the most serious of the cyber-attacks and that 90% of ransomware attacks could have been avoided. She also talked about Abertay as a centre of cyber excellence and also how NCSC is pushing for more security to be built into products which operate online.
Claire EL Azebbi Head of the Cyber Resilience Unit talked about her fear of having to handle multiple cyber incidents simultaneously. SEPA was a major incident for them but they may have struggled if it was one of many incidents happening at the same time.
It was refreshing to go to a conference where you learned about strategy, what the government was doing, and where lots of vendors were not trying to sell you something. The Scottish Cyber Sector seems in a good place with lots going on!