Organised by UCL STEaPP, April 2019

A government delegation from Thailand’s Digital Economy Promotion Agency and Fiscal Policy Research Institute undertook a two-day visit to UCL STEaPP in April 2019, organised by Dr Kruakae Pothong. On day one, the ECSEPA team showcased their work alongside other research projects and public engagement activities from members of DTPL, PIU and RISCS.

The cybersecurity evidence portion of the ECSEPA main project was firstly introduced, followed by a live demonstration of the ‘ECSEPA Map of the UK Cyber Security Policymaking Landscape.’ During the talks, the ECSEPA team explained the project design and theoretical premise behind the Mapping Exercise to illustrate how the governance of UK cybersecurity policy has evolved in recent years. The series of mapping validation meetings and workshops conducted so far with central government departments were also highlighted to reflect the research impact that the mapping tool has had on the policy community.

The Thai delegation was subsequently invited to participate in a RISCS Community Meeting event on day two of their visit, centred on the themes of cyber liability and cyber insurance. The delegates took part in a workshop with table-top scenario-based exercises designed to elicit perspectives on a collection of fictitious IoT-related hybrid cyber incidents that escalated aboard a cruise-liner.

Organised by the London Resilience Partnership in London, May 2019

The ECSEPA team collaborated with the London Resilience Partnership (LRP) to deliver the Strategic Coordination Summit held in London. Organised by LRP, the event brought together London’s strategic leaders and decision makers to enhance their understanding of prevailing risks, partnership strategic coordination arrangements, and response and recovery capabilities relating to a significant cyber incident. Delegates included representatives from the central government, national organisations and international partners.

The ECSEPA team supported the scenario design for the workshop exercises which focused on an evolving cyberattack in the transport sector. During the workshop, the team facilitated the group discussions to explore strategic incident response framework and advisory coordination mechanisms.

The Summit aimed to:

• Raise awareness of the cyber threat and the associated impacts on London;
• Consider arrangements for the multi-agency response to a cyber incident or attack;
• Identify key strategic issues, dependencies and expectations across organisations;
• Highlight the implications for business continuity planning.

Organised by the Data for Policy Committee (UCL, Cambridge University, and NYU), June 2019

At the Data for Policy international conference at University College London (UCL), the ECSEPA team delivered a presentation based on a joint-authored paper, titled: ‘Cyber capacity building and knowledge sharing: The UK policy community’s perception of the National Cyber Security Centre (NCSC).’ Informed by data collected through the ECSEPA study, the talk explored UK policymakers’ views on the relevance of NCSC provisions to their work, and their engagement experiences with the NCSC. The presentation also touched upon areas of intervention suggested by the policy community which could help strengthen expertise sharing practices.

The ECSEPA talk was part of a joint session coordinated with departmental colleagues from UCL STEaPP’s Digital Technologies Policy Laboratory (DTPL) and the PETRAS IoT Research Hub, titled: ‘Bridging the sociotechnical divide from a policy perspective: Knowledge sharing in cybersecurity and data management in digital technologies.’ Aimed at crossing the sociotechnical divide to examine how public and private sectors can be better equipped for the 21st century, areas covered by the other talks in the session included:

• Multi sectoral collaborations on open source simulation to improve UK critical national infrastructure security;
• The increase of GDPR efficacy with regards to privacy, security and data protection in an IoT environment;
• Better data management and cybersecurity in the IoT based on polycentric governance approaches and the UN Paris Agreement on Climate Change.

Organised by the Ministry for Housing, Communities and Local Government (MHCLG), hosted by St George’s House of Windsor Castle, June 2019

The ECSEPA team, with the support of the Research Institute in Science of Cyber Security (RISCS), delivered a policy-focused session during the two-day event, titled: ‘ECSEPA Project: Policy Challenges in UK Cyber Resilience Building’.

The session drew on ECSEPA project findings to highlight the complexity of the cybersecurity policy landscape and informational issues in policymaking. The coping mechanisms employed by the policy community in their evaluation of cybersecurity evidence are discussed, along with suggestions for how research can better support policymaking.

The event was organised as part of the UK National Cyber Security Programme – Local, in collaboration with the UK Cabinet Office, Local Government Association, National Cyber Security Centre, and a range of local authorities. The Consultation examined the emerging lessons that can inform local leaderships to bring localities to work in step with the wider aspirations of the UK National Cyber Security Strategy and the Local Digital Declaration cyber commitment.

The Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) project is funded by EPSRC and supported by the Sociotechnical Security Group at NCSC. It is intended to learn more about how the UK Government cybersecurity advisory and policy-making community evaluate evidence in their roles. As part of this, we invite participation in a cyber policy game that tests the participants’ responses to scenarios through a range of escalating crisis scenarios. As part of this participants will be asked to assess a diverse body of evidence in their evaluation of risk, threats and consequences. The overall objective of this research is to understand how such policy-making be better supported.​
​
The policy game will take place on 21st February 2019 in London and will require one full-day of commitment. We invite anyone recently or currently involved in supporting cybersecurity policymakers in the UK, specifically civil servants who provide short and long-term policy advice, either in response to specific crisis incidents or in the context of longer term planning for national security and capacity building.​
​
For a formal invitation see: NCSC Weekly Threat Report 23rd November 2018

Please email s.shaikh@coventry.ac.uk to register an expression of interest to participate in the game with a very brief description of your current role.​

Atif Hussain and Dr. Alex Chung took part in the National Cyber Security Programme Pathfinder Regional Multi-Agency Cyber Exercise in Westminster, London in January 2019. Run by the Ministry of Housing, Communities and Local Government in association with the Cabinet Office and the National Cyber Security Centre, the winter/spring series of multi-agency exercises is designed to help organisations develop a shared understanding of the implications for Local Resilience Forums when responding to a significant cyber incident. It provides the opportunity for participants to consider how their well-established inter-agency crisis management procedures support cyber response.

The ECSEPA team presented their work at the NCSP showcases 2018 in various UK cities as part of a series of interactive events organised by the Ministry of Housing, Communities and Local Government and iNetwork aimed to:

• Raise awareness about the NCSP, explain the role of key national strategic partners and increase understanding of the importance of Cyber Resilience in localities
• Provide locality leaders, policy makers and practitioners guidance on developing a cyber-aware culture within their organisations and across their partnerships
• Offer guidance on where to go for further advice or training, supported by the NCSP Think Cyber Think Resilience Initiative

The ECSEPA team supported the running of the Cyber 9/12 Strategy Challenge in London and Geneva. The competition is designed to identify and foster the next generation of policy and strategy leaders for the cyber security challenges of the future.

It provides students across multiple academic disciplines, be they technical or non-technical, a deeper understanding of the strategy challenges associated with cyber security and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack, analyse the threats and risks and then propose effective mitigating policies and strategies to panels of expert judges.