Risks, Governance and Crisis Response
The last year has witnessed major hacks on high profile corporations that inflicted massive damage to business confidence and compromised the data of millions of consumers. Attacks such as WannaCry and Not-Petya demonstrated the capability of state-sponsored actors to cause major disruption and highlighted a range of international cyber security vulnerabilities.
As businesses and citizens attempt to understand and protect themselves against these threats, the cyber landscape is experiencing a period of rapid change driven by growth in internet of things (IoT) technologies and the design and deployment of artificial intelligence (AI). Without consideration of the emerging security challenges these technological developments present, a range of potential new risks even more catastrophic than recent attacks could emerge.
While governments attempt to keep up with the pace of change, cyber attacks continue to grow in scale and complexity, putting them under pressure to respond with protectionist policies and in some countries creep towards ever increasing ‘cyber sovereignty’. The risk of an increasingly fragmented cyberspace is now very real.
In this context, Chatham House Cyber 2018 will take stock of the current situation and:
- Explore the dynamics of state-sponsored cyber threats and assess the main reasons behind the targeting of specific businesses and sectors by cyber attackers
- Evaluate where government cyber policy frameworks are keeping up and where they are not
- Explore how the risks posed by the IoT and AI can be managed and how responsibilities for security can be shared
- Assess how the regulatory landscape around data protection and privacy is changing the way businesses are operating
- Consider strategic approaches to quantify and control cyber risks and improve cyber crisis management practices when things go wrong
The Chatham House Rule
To enable as open a debate as possible, this conference will be held under the Chatham House Rule.
Thursday 28 June
Session One | New and Continuing Risks to Business and the Critical Infrastructure
In the context of increasing cyber attacks on major companies and critical national infrastructure around the world, this opening session will address the latest developments and ask what has been attacked, what is still being attacked and why. It will both explore state-to-state threats and assess the main reasons behind the targeting of specific businesses and sectors.
Session Two | Government Policy and Approaches to Cyber Challenges
There is a growing consensus that major cyber-attacks are now a question of ‘when’ rather than ‘if’. As cyber-attacks continue to evolve in scale and complexity, governments are facing increasing pressure to protect their economies and national security. This session will explore where policy frameworks are keeping up, where they are not and what the consequences are for the future.
- How prepared are governments to respond to the fallout of major cyber-attacks?
- How is pressure on governments to act forcefully on domestic security issues shaping the cyber policy landscape?
- What progress is being made in terms of international cooperation and harmonization of regulatory and legal frameworks?
- How successfully are governments and international organisations engaging with technology companies to find solutions to key issues?
- Will moves towards ‘cyber sovereignty’ in some countries intensify? What consequences could increasingly protectionist policies towards data localization and encryption have for the future of the internet?
- What real progress is being made in the fight against cyber crime? Who is leading this?
Session Three | Increased Connectivity, Standardization and Security
With the number of connected devices projected to more than double by 2020 to more than 20 billion, there is significant potential for new vulnerabilities to be exploited, for example by malware used carry out distributed denial-of-service (DDoS) attacks. As the development and deployment of IoT and AI technologies continues, the internet will be used to control not only objects, but our infrastructure and physical environment. Answers to key questions about regulation, security and interoperability will need to be established. This session will explore this and ask:
- The IoT has the potential to amplify weak points in many IT and OT environments due to its unprecedented reach and complexity. How can security be built into devices, software applications and network connections to address those challenges?
- How are national and international standards and product certification initiatives for new connected technologies developing?
- What is the potential for AI and machine learning to detect, prevent and predict cyber-attacks?
- To what extent will privacy and security concerns affect the proliferation of these technologies?
Session Four | Privacy, Security and Personal Data
Businesses hold vast amounts of data and personal information on consumers and citizens. The exchange and flow of this information is vital to the functioning of the internet and key to the value and success of the world’s leading technology companies, driving the growth of the online economy. Although encryption technologies are key to securing privacy, increasing state surveillance and the rise of ethical and criminal hacking means privacy is being challenged. In response to this, regulators across different jurisdictions have been changing the rules on how data is processed, accessed, stored and shared. This session will assess how data regulation can be balanced in a way that is acceptable to citizens and regulators while ensuring ease of data flow and transfer. It will also address the practical implications for companies dealing with a changing regulatory landscape.
- How is data regulation changing the way businesses operate? How can increasingly divergent and potentially conflicting rules and regulatory systems be navigated?
- What measures do companies now need to take to ensure the safety of their customers and their data? What new tools are there to secure an individual’s personal data?
- As the volume and value of personal data held by companies continues to grow, how can companies manage issues of trust and transparency?
- How can the need for data privacy and national and commercial security be balanced?
- What are the risks to businesses of increasingly strict data localization requirements?
- What consideration should be given on how to manage the vast amounts of data that will be collected through growth in IoT technologies?
1730 End of day one and reception hosted by Chatham House
Friday 29 June
Session Five | Cyber Risk and Defence
Organizations are increasingly cyber reliant, interconnected and vulnerable to potentially damaging shocks caused by attacks and cyber breaches. Given increasing levels of connection and convergence, organizations face challenges not only to secure systems, data and intellectual property, but also in understanding how their assets form part of the wider digital environment in which they operate. This session will assess strategies being deployed to manage cyber risk and explore what more can be done to increase cyber resilience.
- What is the potential for new technologies or approaches to revolutionize cyber security?
- How can penetration testing best be incorporated into security systems? How can independent researchers be incentivized to disclose vulnerabilities responsibly?
- How can cyber risk be effectively quantified and insured against?
- In what way could the emergence of cyber insurance for individuals alter the dynamics of risk?
Session Six | Approaches to Cyber Crisis Management
Organizations are becoming increasingly aware that they must operate on the basis that it is not possible to defend against, or even identify, every attack or cyber breach. Cyber security management strategies must now include detailed processes and contingencies for when something goes wrong. In reality, there is often little planning for dealing with the immediate fallout and longer-term consequences of such attacks. This session will explore strategic approaches to cyber crisis management and ask what needs to be done to improve cyber crisis management practices.
- Given the ever increasing scale and cost of attacks, does cyber defence even deter at all? Is there too much emphasis on cyber deterrence and defence?
- What are organizations doing to plan for when the worst happens? What is the right approach to developing cyber incident response plans?
- Do senior leaders in business have sufficient understanding of cyber security to provide effective oversight? How are leadership structures changing to respond to cyber threats?
- What can we learn from recent high-profile cyber attacks on major organizations and how they have been handled?
1300 End of conference
© The Royal Institute of International Affairs 2018
Register by Friday 27 April 2018 to benefit from the early booking rate.
Ways to book:
- Phone: Call Charlie Burnett Rae on +44 (0)20 7957 5727
- Online: Click here to complete the online registration form
- Email/Post: Download a PDF registration form, complete and return to Louisa Troughton via email or post to: Louisa Troughton, Chatham House, 10 St. Jame's Square, London, SW1Y 4LE
Check if your organization is a member of Chatham House here.
EARLY RATE (+VAT):
|FULL RATE (+VAT): |
AFTER 27 APRIL
|Partners and major corporate members|
|Standard corporate member|
|NGOs and academics||£440||£540|
|NGOs and academics||£490||£595|
Your delegate pass includes:
- Conference attendance
- Lunch and refreshments
Travel and accommodation are not included. View a list of recommended hotels here.
If you are interested in becoming a sponsor for this event, please contact Adam Bowie on +44 (0) 20 7957 5732
If you are interested in partnering on this event, please contact Ayesha Arif on +44 (0)20 7957 5753
10 St James's Square
Telephone: +44 (0)20 7957 5643
Fax: +44 (0)20 7957 5710
If you wish to book the venue for your own event please phone +44 (0)20 7314 2764
The nearest tube station is Piccadilly Circus which is on the Piccadilly and the Bakerloo Underground lines. From Piccadilly follow Regent Street southwards towards Pall Mall and take the first road on the right called Jermyn Street. Duke of York Street is the second road on the left and leads to St James's Square. Chatham House is immediately on your right.
Although we cannot book accommodation for delegates, we have arranged a reduced rate at some nearby hotels, where you can book your own accommodation. Please inform the hotel that you will be attending a conference at Chatham House (The Royal Institute of International Affairs) to qualify for the Institute's reduced rate.
Please note all rates are subject to availability.
13 Half Moon Street
London - W1J 7BH
Tel: + 44 (0)20 7499 2964
Fax: + 44 (0)20 7499 1817
Classic Double without breakfast: £195 +VAT
The Cavendish London
81 Jermyn Street
London - SW1U 6JF
Tel: + 44 (0)20 7930 2111
Fax: + 44 (0)20 7839 2125
Classic Room without breakfast: £205 +VAT
The Stafford London
St James's Place
London - SW1A 1NJ
Tel: 020 7493 0111
Fax: 020 7493 7121
Classic Queen without breakfast: £247 +VAT
Quote Chatham House
The Chatham House Rule
To enable as open a debate as possible, this event will be held under the Chatham House Rule.