Thailand Government delegation visit: Showcases by UCL STEaPP’s Digital Technologies Policy Laboratory (DTPL), Policy Impact Unit (PIU), and Research Institute in Science of Cyber Security (RISCS)
A government delegation from Thailand’s Digital Economy Promotion Agency and Fiscal Policy Research Institute undertook a two-day visit to UCL STEaPP in April 2019, organised by Dr Kruakae Pothong. On day one, the ECSEPA team showcased their work alongside other research projects and public engagement activities from members of DTPL, PIU and RISCS.
The cybersecurity evidence portion of the ECSEPA main project was firstly introduced, followed by a live demonstration of the ‘ECSEPA Map of the UK Cyber Security Policymaking Landscape.’ During the talks, the ECSEPA team explained the project design and theoretical premise behind the Mapping Exercise to illustrate how the governance of UK cybersecurity policy has evolved in recent years. The series of mapping validation meetings and workshops conducted so far with central government departments were also highlighted to reflect the research impact that the mapping tool has had on the policy community.
The Thai delegation was subsequently invited to participate in a RISCS Community Meeting event on day two of their visit, centred on the themes of cyber liability and cyber insurance. The delegates took part in a workshop with table-top scenario-based exercises designed to elicit perspectives on a collection of fictitious IoT-related hybrid cyber incidents that escalated aboard a cruise-liner.
The ECSEPA team collaborated with the London Resilience Partnership (LRP) to deliver the Strategic Coordination Summit held in London. Organised by LRP, the event brought together London’s strategic leaders and decision makers to enhance their understanding of prevailing risks, partnership strategic coordination arrangements, and response and recovery capabilities relating to a significant cyber incident. Delegates included representatives from the central government, national organisations and international partners.
The ECSEPA team supported the scenario design for the workshop exercises which focused on an evolving cyberattack in the transport sector. During the workshop, the team facilitated the group discussions to explore strategic incident response framework and advisory coordination mechanisms.
The Summit aimed to:
- Raise awareness of the cyber threat and the associated impacts on London;
- Consider arrangements for the multi-agency response to a cyber incident or attack;
- Identify key strategic issues, dependencies and expectations across organisations;
- Highlight the implications for business continuity planning.
At the Data for Policy international conference at University College London (UCL), the ECSEPA team delivered a presentation based on a joint-authored paper, titled: ‘Cyber capacity building and knowledge sharing: The UK policy community’s perception of the National Cyber Security Centre (NCSC).’ Informed by data collected through the ECSEPA study, the talk explored UK policymakers’ views on the relevance of NCSC provisions to their work, and their engagement experiences with the NCSC. The presentation also touched upon areas of intervention suggested by the policy community which could help strengthen expertise sharing practices.
The ECSEPA talk was part of a joint session coordinated with departmental colleagues from UCL STEaPP’s Digital Technologies Policy Laboratory (DTPL) and the PETRAS IoT Research Hub, titled: ‘Bridging the sociotechnical divide from a policy perspective: Knowledge sharing in cybersecurity and data management in digital technologies.’ Aimed at crossing the sociotechnical divide to examine how public and private sectors can be better equipped for the 21st century, areas covered by the other talks in the session included:
- Multi sectoral collaborations on open source simulation to improve UK critical national infrastructure security;
- The increase of GDPR efficacy with regards to privacy, security and data protection in an IoT environment;
- Better data management and cybersecurity in the IoT based on polycentric governance approaches and the UN Paris Agreement on Climate Change.
Local Leadership in a Cyber Society 3: Building Resilience Together – Lessons for the Future Consultation
The ECSEPA team, with the support of the Research Institute in Science of Cyber Security (RISCS), delivered a policy-focused session during the two-day event, titled: ‘ECSEPA Project: Policy Challenges in UK Cyber Resilience Building’.
The session drew on ECSEPA project findings to highlight the complexity of the cybersecurity policy landscape and informational issues in policymaking. The coping mechanisms employed by the policy community in their evaluation of cybersecurity evidence are discussed, along with suggestions for how research can better support policymaking.
The event was organised as part of the UK National Cyber Security Programme – Local, in collaboration with the UK Cabinet Office, Local Government Association, National Cyber Security Centre, and a range of local authorities. The Consultation examined the emerging lessons that can inform local leaderships to bring localities to work in step with the wider aspirations of the UK National Cyber Security Strategy and the Local Digital Declaration cyber commitment.
How do you make dense research topics intersecting cybersecurity and public policy cool? The answer, the Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) project team believes, is by turning it into a game!
The policy game will take place on 21st February 2019 in London and will require one full-day of commitment. We invite anyone recently or currently involved in supporting cybersecurity policymakers in the UK, specifically civil servants who provide short and long-term policy advice, either in response to specific crisis incidents or in the context of longer term planning for national security and capacity building.
For a formal invitation see: NCSC Weekly Threat Report 23rd November 2018
Please email firstname.lastname@example.org to register an expression of interest to participate in the game with a very brief description of your current role.
- Hussain A, Shaikh S, Chung A, Dawda S and Carr M. (2018). ‘An Evidence Quality Assessment Model for Cybersecurity Policymaking‘. Critical Infrastructure Protection XII, IFIP.
- Chung A, Dawda S, Hussain A, Shaikh S and Carr M. (2018). ‘Cybersecurity: Policy’, Encyclopedia of Security and Emergency Management, LR Shapiro and MH Maras eds. Springer Nature.
- Raise awareness about the NCSP, explain the role of key national strategic partners and increase understanding of the importance of Cyber Resilience in localities
- Provide locality leaders, policy makers and practitioners guidance on developing a cyber-aware culture within their organisations and across their partnerships
- Offer guidance on where to go for further advice or training, supported by the NCSP Think Cyber Think Resilience Initiative
Image credit Deloitte: https://www2.deloitte.com/ch/en/pages/risk/articles/cyber-crisis-management.html
Image credit GCSP: https://twitter.com/TheGCSP/status/981868493128785920