“Every individual user of information technology and digital capabilities is a potential cyber sensor and defender, or a potential vulnerability.”
Ministry of Defence Cyber Primer
A strategic vulnerability?
The Defence industry is a vital part of the UK economy and the backbone of Britain’s export market. But its size and maturity is also one of its biggest weaknesses. Given the scale, reach and complexity of many of the incumbent organisations, the sector has become a prime candidate for coordinated attacks and inadvertent data breaches.
The challenge of protecting the Defence supply chain from cyber incidents is growing, with more technology assets in circulation and a more widely dispersed workforce.
The MOD’s Cyber Resilience Strategy sets a requirement for Defence suppliers to:
1. Adopt an open mindset to resetting security relationship.
2. Actively support cyber resilience audits and drive forward remedial actions.
3. Improve the protection of Defence information and embrace the adoption of Secure by Design policy throughout the lifecycle of military capabilities.
4. Proactively develop Business Continuity and Disaster Recovery Plans, intentionally engage in creating exercising opportunities, and demonstrate operational resilience.
But with 90 percent of organisations unable to identify 20 percent of their endpoints, most organisations are simply not in a position to prevent a cyber incident, let alone rapidly make informed decisions about how to respond to one.
AGENDA
08:45 Welcome and Introductions
08:50 Air Commodore Mike Wilson, Head of Cyber Governance, Risk and Compliance, MOD
09:05 Virtual Roundtable Discussion
1. Establishing a single source of truth to identify and respond to a cyber incident
2. Pre-emptively identifying and resolving cyber vulnerabilities
3. Creating mitigation and response teams across security, infrastructure, ITOps, compliance and legal
10:00 Close
HEAR FROM
Air Commodore Mike Wilson, Head of Cyber Governance, Risk and Compliance, Ministry of Defence
Air Cdre Mike Wilson completed Initial Officer and Engineering Officer Training in 1991. Highlights of his career include deployment to Afghanistan to develop the Afghan Mission Network; a system designed to share information across the coalition.
He commanded No 1 Radio School where he was responsible for training the RAF’s cyber professionals. After promotion to Group Captain in 2013 he joined the NATO CIS Group at SHAPE where he focussed on providing digital services to NATO’s deployed operations and exercises.
Returning to Kabul in September 2015 he commanded NATO’s multinational team of service and civilian personnel delivering information services across Afghanistan.
In 2016 he joined the RAF’s CIS Branch and articulated the RAF’s future demand for information services, whilst also ensuring new aircraft and systems had the CIS and information needed to operate effectively. Following promotion to Air Cdre in November 2018 he became Deputy CDIO for the Royal Air Force.
In July 2023 he commenced his current post of Head of Governance, Risk and Compliance in Defence Digital’s Cyber Defence and Risk Directorate.
Zac Warren, Chief Security Advisor, EMEA, Tanium
Zac Warren is Chief Security Advisor, EMEA, at Tanium. Zac started his career in IT with a passion for cybersecurity and was a senior security analyst at a leading manufacturer of security platforms and later a cybersecurity architect and consultant for large system integrators.
Zac has spent most of his career helping government agencies and several Fortune100 companies reorganise their security architectures, controls, policies, and procedures.
Cheryl Martin, Vice President, Head Of Cyber - UK, Capgemini
As Lead for the UK cyber practice, Cheryl has teams working in both cyber projects and cyber-run portfolios, with over 350 people supporting clients across the globe. No day is alike for me, with such a varied delivery capability I might be discussing impacts from penetration testing in one meeting and then moving into the next with a strategic lead conversation around the business challenges of security impacts with automation and migration to the cloud.
