3rd July 2013, Infolab21
The Council of Registered Ethical Security Testers (CREST), one of the UK's primary penetration testing certification bodies for individuals and organisations, is introducing CRESTx, a spin-off from their flagship conference CRESTcon. CRESTx was inspired by the success of TEDx, and brings short talks on big ideas to the domain of cyber security.
CRESTx Lancaster will provide a range of 5, 10 and 20 minute talks on cyber security challenges, assessment, and response. These talks will highlight cutting edge research and industry best practices, and will draw on the multi-disciplinary approaches of Security Lancster, Lancaster University's Centre of Excellence in Cyber Security.
- 09:00 - Registration and refreshments
- 09:15 - Mr William Knowles - Welcome: Security Lancaster
- William will open the event and set the scene for the days presentations.
- 09:30 - Session 1: Personal Security and Privacy
- Despite the enriching effect of the proliferation of technology into our everyday lives, it has come at the cost of the increased risk of personal security and privacy breaches. Personal data is no longer exposed only through devices on our person, but through the replication of this data across the internet. This session will highlight research that intends to address these challenges, including those arising from future research trends, such as home automation technologies.
- Dr Alistair Baron - Dealing with Fake Digital Personas: Security Lancaster
- One particular issue in policing online social networks is the ease in which users can create fake profiles (digital personas) and pretend to be somebody they are not. There are a variety of reasons why people choose to use fake profiles online, ranging from perfectly innocent motives such as identity exploration, to deception in order to commit serious crimes, e.g. adults masquerading as children for the purpose of grooming. Using Natural Language Processing and Machine Learning techniques, author profiling and authorship attribution tools have been developed which are able to compare the language use of different digital personas. It will be shown how, using these methods, it is possible to indicate when the same person may be behind multiple digital personas, and predict key demographic information about a user (such as age and gender) with high accuracy.
- Dr Jose Such - Challenges for next generation SNS Privacy controls: Security Lancaster
- The use of social networking services (SNSs) such as Facebook has explosively grown in the last decade. Despite their success, most users state being either “concerned” or very “concerned” about their privacy when using these services in surveys. In this talk, we will introduce the privacy problems that current SNSs have and the challenges for developing new generation privacy controls that can solve them.
- Dr James Brown - Home Jamming: Security Lancaster
- A plethora of communication protocols for home automation are currently in use. These protocols generally lack essential security features such as message authentication. Thus, smart homes are not protected against accidental or malicious message injection. This talk will discuss this topic and will describe how jamming can be used to prevent processing of unsolicited messages in smart homes.
- 10:25 - Break and refreshments
- 10:40 - Session 2: Critical Infrastructure Protection
- Incident reports of attacks on critical infrastructures have increased rapidly over the past decade. This session will explore current and future approaches to ensuring their security and resilience against cyber threats. Challenges and responses to the integration of emerging technologies into critical infrastructures (e.g., cloud computing) will also be examined.
- Dr Kevin Jones - Protecting the Critical National Infrastructure from Cyber Attack: The Requirements & Research Questions?: EADS Innovation Works UK, Homeland Security and CNI Protection
- Securing the Critical National Infrastructure (CNI) from Cyber Attacks is the focus of significant global research amongst a background of increased attack vectors and growing interest from governments worldwide. This talk provides an introduction to the Supervisory Control And Data Acquisition (SCADA) systems that form the basis for CNI, and discuss the background and requirements for current research within the area of CNI Cyber Security. The aim is to foster discussion and opportunities through; the use of real-world examples, an overview of the SCADA cyber security problem space, and current research directions including ongoing activities within EADS Innovation Works UK.
- Dr Andreas Mauthe - PReSET: A Toolset for the Evaluation of Network Resilience Strategies: Security Lancaster
- Computer networks support many of the services that our society relies on today; hence ensuring the that networks are resilient against faults and challenges is crucial. Due to the constantly changing nature of threats resilience strategies need to allow dynamic reconfiguration of networks, including resilience-specific functionality. However, this cannot be tested in live networks and thus it is important that resilience strategies are evaluated prior to their execution in order to ensure that new or adapted strategies will not exacerbate an on-going problem. To facilitate this activity, we have developed a toolset that supports the evaluation of resilience strategies that are specified as event-driven policies. The toolset couples the Ponder2 policy-based management framework and the OMNeT++ simulation environment. In the talk I will discuss the network resilience problem and motivate simulation as a suitable way to evaluate resilience strategies. Further, I will outline the developed toolset , including its architecture and the implementation of a number of resilience mechanisms, and will also present some initial results.
- 11:40 - Video Presentation
- 12:20 - Lunch
- 13:15 - Video Presentation
- 14:00 - Session 3: Governance, Risk Management and Compliance
- An old adage says that you can’t manage what you can’t measure, but measurement of risk is increasingly difficult in the age of big data, expanding infrastructures, and blurring network boundaries. This session will address approaches to tackling these challenges under the umbrella of governance, risk management and compliance.
- Stephen Robinson - Title: Xyone Cyber Security
- Claire Hargreaves - Cyber Criminal Activity and It's Measurement: Security Lancaster
- Our talk summaries the four key findings from our workshop held on the 18th April which explored the future of cyber criminal activity and addressed the actions required to tackle the perceived cybercrime wave.
- Understand technologies role in cybercrime: We need to focus on the impact of technology not on the technology itself if we are to move forward in our understanding of cybercrime.
- Standardise data to further our data sources: Cybercrime data is currently fragmented, requiring standardisation to build its reliability and validity.
- Utilise mechanisms to capture data: Utilising both new and old mechanisms of data capture will develop our information base.
- Broaden analysis on cyber criminals and their victims: Developing an understanding of who criminals and victims are in terms of their characteristics will help to deliver appropriate interventions.
- Tony Wilson - Using Google as a security tool: Indelible Data
- For the US National Security Agency (NSA) to release an internal document entitled "A Guide to Internet Research" tells us that protecting our data from Search Engine savvy hackers should be an important component of our security regime.
It is good security practice to know what information search engines, such as Google, have found about our business and made available to the entire world.
Google’s searching abilities are much more versatile than we may first think, allowing us to drill down into spreadsheets, word documents and a multitude of other file formats to find information that website owners never intended to make available.
- 15:00 - Break and refreshments
- 15:15 - Session 4: The Human Element of Cyber Security
- Although cyber security exists in a virtual space, both cyber threats and their potential solutions can be found with an entity in the physical space: the human. This session will highlight ongoing research on the human element of cyber security. Topics that will be addressed include the socio-political challenges for cyber security, and how to best train and equip the next generation of cyber security specialists.
- Hugh Boyes - Bridging the Cyber Security Skills Gap : The Institution of Engineering and Technology (IET)
- With the increasing connectivity of a wide range of systems, ranging from the Smart Grid to the Internet of Things, there is a clear need to improve the cyber security and trustworthiness of a wide range of software applications and complex cyber physical systems. Hugh has been leading a project to set up the Cyber Security Skills Alliance, a collaboration between the IET, BCS, IISP, IAAC and e-skills UK. The Alliance aims to develop a number of initiatives to address the skills gap, the first initiative is a cyber security MSc sponsorship scheme. Hugh will outline a number of initiatives that are being planned by Alliance members, including the accreditation of cyber security degree courses.
- David Ellis - Disrupting Online Groups: Security Lancaster
- There has been a major societal shift towards communications that are not conducted face-to-face, but are instead mediated by interfaces such as mobile phones and social networking websites. This online communication is able to bring out the best (and sometimes worst) in people. For example, Wikipedia is the result of a collective who have never met. However, this interaction can also work against society; exemplified by groups such as Anonymous, who are able to function as a very effective, co-ordinated team. In light of these recent developments, we are currently investigating how online groups develop over time and how they might be disrupted. I will discuss some preliminary findings and consider how this research could be extended.
- Lara Warmelink - Detecting Deception in Intentions: Security Lancaster
- Finding methods to prevent crimes is among security research's foremost aims. One area of research that can contribute to this is deception detection. Currently at Security Lancaster, we are investigating two methods to detect deception about intentions: short interviews and reaction time tasks. Our research into short interviews aims to use our knowledge of detecting deception in investigative situations and adapt this for situations where large numbers of people must be assessed with relatively few resources. The use of reaction time based tasks in detecting hidden intentions has been promising so far and we hope further research may clarify the most efficient ways to use it. Some plans for expanding our research to include more varied technologies to detect deception will also be discussed.
- Mr Oliver Fitton - The Syrian Electronic Army: Security Lancaster
- Emerging cyber threats are shaping human conflict in every corner of the globe. It is not only the developed cyber superpowers who are exploiting new methods to undermine their adversaries, today every conflict has a cyber dimension. My research focuses on the cyber aspects of the current Syrian conflict and how the conflict has spread beyond its borders and into the internet. This presentation will discuss the Syrian Electronic Army’s role in the conflict and what we can learn from their development.
- Ian Glover - Making Security a Profession: Council of Registered Ethical Security Testers
- The presentation will address the problem of what we need to do to make IT security a real profession. It will discuss the requirements to have a professional base entry to profession in line with other more mature industries, and describe what this base should include in terms of the subjects areas and the levels that need to be achieved. It will also describe how this can be used to encourage more people into the industry and provide structured development pathways to support career development.
- 16:20 - Mr William Knowles - Close: Security Lancaster
- William will close with a discussion of the days key highlights.
- 16:30 - Event Close
Please Register here
The data you submit as part of this registration will only be used by Lancaster University and will not be sent to any third parties. For more information on how we will use your data please see our Privacy Statement.
William Knowles: Master of Ceremonies
William Knowles received his Master's degree in Cyber Security at Lancaster University. He is currently involved in an EPSRC Industrial Case PhD that is supported by the European Aeronautic Defense and Space Company (EADS). The research area for this engagement is security metrics for SCADA systems.
Dr Alistair Baron is a Security Lancaster Research Fellow in the School of Computing and Communications at Lancaster University. His primary research involves applying natural language processing (NLP) and machine learning techniques to cyber security issues, particularly involving online communications (e.g. emails, social network content, SMS and chatroom logs). This includes developing deception and multiple personae detection techniques to assist in countering the use of fake profiles, e.g. adults masquerading as children for the purposes of grooming. A primary concern of his research is building robust NLP tools, which are able to cope with, and take advantage of, the abundance of irregular language and the multi-lingual nature of online text.
Dr Jose M. Such is Lecturer in Cybersecurity in the School of Computing and Communications at Lancaster University. He was awarded a BSc in Computer Science in 2005, a MSc n Artificial Intelligence, Pattern Recognition and Digital Image in 2008, and a PhD in Computer Science in 2011 by Universitat Politecnica de Valencia (Spain). Prior to joining Lancaster University as a lecturer, he worked as a research assistant and, later, as a research fellow at Universitat Politecnica de Valencia (Spain) for 7 years. His research focuses on intelligent approaches to cybersecurity, with a strong focus on privacy, identity management, and intelligent access control models.
Dr James Brown is a senior researcher in the School of Computing and Communications at Lancaster University, currently employed on the EU FP7 RELYonIT project. Since completing his undergraduate degree at Lancaster he has worked on a number of research projects, including the industrially funded IPV6 Testbed, EPSRC funded NEMO project, EU FP7 GINSENG project and now the EU FP7 RELYonIT project. He was awarded his PhD in 2011 on advanced systems support for sensor networks. His current research interests are wireless networking and hardware architectures for embedded devices.
Dr Kevin Jones CISSP, is the Research Team Lead for EADS Innovation Works Cyber Operations. He holds a BSc in Computer Science and MSc in Distributed Systems Integration from De Montfort University, Leicester where he also obtained his PhD: A Trust Based Approach to Mobile Multi-Agent System Security in 2010.
He is active in the cyber security research community and holds a number of patents within the domain. He has many years experience in consultancy to aid organisations in achieving accreditation to ISO27001 standard on Information Security Management and lecturing in Cyber Security.
Kevin joined EADS in 2011 where he has worked on Risk Assessments and Cyber Operations in SCADA systems and Critical National Infrastructure (CNI). He is accredited as a Certified Information Systems Security Professional (CISSP) and ISO27001 Lead Auditor.
Dr. Andreas Mauthe is a Senior Lecturer at the Computing Department, Lancaster University. He has been working in the area of distributed and multimedia systems for more than 15 years. His particularly interests are in the area of content management systems and content networks. More recently his research has focused on Cyber Security aspects and network resilience. Prior to joining Lancaster University, Andreas headed a research group at the Multimedia Communications Lab (KOM), at the Technical University of Darmstadt. After completing his PhD at Lancaster in 1997, Andreas worked for more than four years in different positions in industry at BlueOrder AG (now part of the AVID group), a German based software house and system integrator working in the area of content management. Andreas is on the Editorial Board of the ACM Multimedia Systems Journal. Further, he has been participating in standardisation activities and served as expert advisor and evaluator for the European Commission.
Claire Hargreaves is completing a PhD in Applied Social Statistics at Lancaster University. Her primary research is in quantitative criminology which focuses on the criminal careers of offenders. During her PhD she has worked for the Home Office on a 6 month internship and undertaken collaborative work with Statistics Norway.
Claire completed her undergraduate studies in Criminology in 2009 and went on to complete her MRes in Applied Social Statistics in 2010.
Tony Wilson CISSP is the MD of Indelible Data, an information security consultancy based in Cumbria that helps SMEs identify and protect data in line with PCI and ISO 27001.
Hugh Boyes CEng FIET CISSP is an experienced project and programme manager, who has delivered complex IT and business change projects in government departments, retail, finance, utilities and not-for-profit sectors. As the Cyber Security Lead at the Institution of Engineering and Technology (IET) he is currently managing two cyber security related projects:
- developing initiatives to improve the cyber security skills of UK-based engineers and technologists, particularly those involved in the design, implementation and operation of embedded IT solutions for control, data acquisition and signal processing. The first initiative is a cyber security MSc sponsorship scheme developed in collaboration with BCS, IISP, IAAC and e-skills UK.
- developing guidance material related to cyber security in the built environment. This project has support from CPNI and industry and is of particular relevance in the protection of the Critical National Infrastructure.
David is a Research Associate in the Department of Psychology working with Dr Paul Taylor and Dr Stacey Conchie investigating factors that inhibit team performance. This involves identifying the individual and contextual factors that disrupt a group’s capacity to complete a known goal.
Broadly speaking, his research concerns social interaction, group behaviour and first impressions. However, he is involved in a number of projects that focus on mining and linking pre-existing data sets to identify new behavioural trends, which includes data generated on social media websites (e.g. Twitter).
Dr. Lara Warmelink is a Security Lancaster Research Fellow in the Department of Psychology at Lancaster University. She holds a BSc in psychology and an MPhil in cognitive neuroscience from Leiden University in The Netherlands. She obtained her PhD: "lying about intentions" in 2012 from the University of Portsmouth.
Her research focuses on detecting deception, particularly deception about intentions and future actions. She investigates a wide range of deception detection techniques, including interview techniques and reaction time based methods.
Oliver is studying an MA in International Relations in Lancaster University’s Politics, Philosophy and Religion Department. He focuses on cyber security in national security and conflict. Oliver is currently writing a dissertation studying the cyber dimension of the conflict in Syria. In addition to his academic work Oliver acts as a student ambassador for Security Lancaster, promoting the Research Centre and its projects to the student body.
Ian Glover has thirty six years’ experience in information technology and has specialised in professional services for the last twenty eight years.
Ian is the President of the Council of Registered Ethical Security Testers (CREST) (GB). CREST is a not for profit organisation that promotes research and development in standards for professional technical Information Assurance practices. CREST serves the needs of an information security marketplace that requires the services of regulated and professional security professionals.
Ian was the elected Chairman of the CLAS Forum. CLAS is a partnership linking the Information Assurance knowledge of the UK Government with the expertise and resources of the private sector. It provides a pool of more than 800 high quality consultants approved by CESG to provide Information Assurance advice to UK Government departments. The Forum was established to promote the interests of the CLAS community.
Infolab21, Room C74
Lancaster University is set in 360 acres of beautiful parkland and lies approximately three miles south of the City of Lancaster. The campus is easily accessible via road, rail and bicycle and is within 70 miles of Manchester's International Airport.
Leave the M6 motorway at Junction 33 and take the A6 north towards Lancaster.
For Lancaster University main campus - turn right at the third set of traffic lights on the A6 into the University main drive.
Take the first exit left from the roundabout at the top of the main drive, then the first avenue on your right. This brings you to the Reception Lodge where security staff will direct you to your destination on campus.
For Alexandra Park (south end of campus) - turn right at the second set of traffic lights on the A6 into Barkers Drive and turn left at the roundabout into Alexandra Park Drive.
If using an online route planner or satnav, please note that the university postcode is LA1 4YW.
There are direct rail links between Lancaster and many of the UK's major cities and airports. For train times, visit National Rail Enquiries. The X1 bus service runs every 20 minutes between the University and the Railway Station (hourly on Sunday afternoons and evenings). Taxis are available at the station, which is a five minute walk from the city centre.
Local taxi services can be contacted on: +44 (0)1524 32090; +44 (0)1524 35666 and +44 (0)1524 848848.
For bus information call 'Traveline' on 0871 200 22 33. Alternatively, visit the Stagecoach website for current timetables and further information.
In the City: The bus station is situated on Damside Street in the City Centre. Buses (services 2, 2A, 3, 4) leave for the University every five minutes on weekdays and most services also stop at Common Garden Street. Additionally, the X1 bus service runs every 20 minutes between the Railway Station and the University (hourly on Sunday afternoons and evenings) - this service does not route via the main bus station but does have various pick-up points through the city centre.
On Campus: All buses drop off and collect passengers in the Underpass, situated underneath Alexandra Square. Additionally, services 3 and 4 serve the southern perimeter road around Alexandra Park and service X1 serve the northern perimeter road. There is also a bus stop directly outside the Sports Centre on the main drive.
Local taxi services can be contacted on: +44 (0)1524 32090; +44 (0)1524 35666 and +44 (0)1524 848848.
There is also a daily National Express service from the campus to Birmingham and London.
From Manchester International Airport take the M56 motorway at Junction 5 and join the M6 motorway at Junction 20 (north), then follow the 'By Car' directions as above.
Alternatively, take the train - an hourly rail link runs directly between Manchester airport and Lancaster. For train times, visit National Rail Enquiries.
A free daily parking permit can be collected from the Conference Centre Reception area. Visitor parking is available in Visitor Parking Zone A on North West Drive and Bowland Avenue. To access this zone, take the first exit at the main roundabout and then continue forward for a hundred yards – the parking spaces are then located on each side of the road. Continue along the ring road to access other parking areas across campus.
If overnight accomodation is required the following locations are recommended:
- Lancaster House Hotel:
- The Ashton:
- The Holiday Inn:
- Travel Lodge - Lancaster Central:
Wiliam Knowles: Event Coordinator
For any general event queries, please contact William:
Daniel Prince: Associate Director for Business Partnerships and Enterprise Security Lancaster
For further information on the specialist academic research and industry collaboration with Security Lancaster please contact Dan:
Tel: +44(0) 1524 510432, Email: firstname.lastname@example.org
Elaine Luck: CREST
If you are interested in engaging with CREST or in finding out more about how the CREST can help you please get in contact with Elaine.