The Biden Administration is planning to create a Cyber Incident Review Board in the coming weeks to investigate the Sunburst campaign and produce a report to inform government action and private sector defense. How this board will develop following its initial task is an open question. Rob Knake, a Fellow at Harvard’s Belfer Center, has been leading a study on applying lessons learned from aviation safety and other fields to cybersecurity and will provide a preliminary read out of findings at this meeting. MS Teams

Please register via Eventbrite to join this Seminar In May 2017, North Korea unleashed a messy and poorly contained cyberattack upon the United States of devastating size and impact, but it was the United Kingdom that suffered the worst.  WannaCry, a ransomware attack that crippled law firms, rerouted ambulances, shut down one of the largest mobile communications operators in Europe, and wrecked the UK National Health Service with effects felt still today.  In this cyber war crime, patients were turned away from hospitals, estimated loss of life from lack of services is in the hundreds, and the information security professionals who responded that day remember it like the day Kennedy was shot or the Twin Towers Came down.  Until a young Devonshire security researcher found a hack to stop it, WannaCry infected computers faster than people could blink.  While the world wonders whether there will ever be a "Cyber Pearl Harbor," we believe the turning point was actually in May 2017, and that the UK is also the home to a historical event that is a far better analogy for today.  When the Vikings made landfall and raided the priory at Lindisfarne in 793, it shocked the world.  Far from following any rules of war, these raiders bypassed military protections using their much more advanced transportation technology, and went straight for the soft underbelly: the civilians, their food, their treasuries, their lives.  No one ever defeated the Vikings. Over hundreds of years, they were simply bribed to either remain peaceful or go away, time and again, until they were rich and powerful enough to hold land and eventually become part of the ruling classes of Europe and the British Isles. We will examine whether cyberwarfare is a reflection of the past, bring to light the battle stories from the incident responders who protected patients in hospitals that May of 2017, suggest ways to support our global civilian population when being raided, and take history's lessons on the seriousness and complexity of this form of warfare.    

Open exclusively to Oxford staff and students. MS Teams link The Eight Principles of Security Leadership: An insider’s view of SolarWinds & Supply Chain Failure Synopsis: In 2017, I failed to save a 5 billion dollar company from getting ravaged by Russian and Chinese Advanced Persistent Threat actors from a series of attacks that may have started in 2019. The repercussions of the SolarWinds “hack” as it has been characterised  has generated a lot of attention – mainstream media up to and including three US government house committees: Intelligence, Homeland Security & Reform and Oversight. After four years of introspection I maintain the attack – even though it was conducted by nation state actors funded with millions of dollars and nearly unlimited resources - could have been thwarted. Although we characterise “security” into three domains of people, process & technology there is a need to unite these domains into a organization imperative. I discovered that without security leadership in place to unite people, process & technology in common purpose the three domains become silos. It is within these silos that threat actors exploit organizations and dwell within organizations undetected. In this presentation I present Eight Principles of Security Leadership and discuss candidly how they could have been applied to prevent catastrophe for an organization like SolarWinds. This presentation will be delivered for an exclusive Oxford University audience under the Chatham House Rule. Bio: Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. After a year with the RCMP as a Criminal Intelligence Analyst, Ian worked as a cyber security analyst/consultant for multi-national insurance, banking and regional health care. Today, as Chief Information Security Officer for http://cyjax.com/, Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cyber security consultant specializing in cyber threat intelligence programs for small, medium and enterprise organizations. In his spare time, he teaches cyber security and IT business courses for CompTIA as part of their global faculty and is the lead architect for CyberTitan, Canada's efforts to encourage the next generation of cyber professionals.

Expectations are high that in the post-pandemic world there will be a significant increase in the number of mergers & acquisitions as companies that have survived the pandemic with cash buy up those companies that have struggled. However, there have been high profile examples of security breaches that have occurred after acquisitions. Too often the IT security team have not been involved in the Merger & Acquisition process; CISOs tell me they only hear about the acquisition when the public announcement is made, and they also tell me that they have had to divert scarce resources to deal with security breaches within weeks of acquisitions being concluded. In Q4 2019 the IBM Institute for Business Value surveyed 720 executives responsible for the M&A functions at acquirer organisations. More than one in three said they have experienced data breaches that can be attributed to M&A activity during integration. Almost one in five experienced such breaches post-integration. How can business leaders involve IT Security teams much earlier in the process, assess the security risk as part of the due diligence process and even build a budget to address the security risk into the deal?  Please join us on Friday 26th March for a mini-deep dive into how business leaders can unearth the hidden costs before they have to pay them. MS Teams 

With the rising tide of targeted attacks like WastedLocker, blocking malware payloads from common attack vectors is often not enough. Modern threats focus more and more on the use of legitimate tools or overwhelming obfuscation to thwart AV engines. A desperate attempt to detect such files has resulted in legitimate files now being flagged by over 20 engines on VirusTotal. Furthermore, attackers often hack into their targeted victims first, thereby preventing any normal detection mechanisms from ever coming into play. As threats continue to evolve, our research indicates it is likely that context will be an important part of the detection process. After all, data encryption and mining are legitimate activities. However, when carried out by a malicious actor, ransomware and crypto-miners become a potent threat. This has even caused legislators to consider restrictions on certain technologies like encryption, which is unlikely to be a productive approach. This is likely an extremely interesting area of academic research, as a deeply technical problem. We have found that using the context of the application's execution, with active dynamic analysis, to be extremely helpful in determining intent - a key factor that distinguishes malware from harmless, albeit difficult to analyse files. For instance, screenshots combined with data from window handles can tell us if an application is telling the user what it wants to do or attempting to do it silently. Such systems can be cloud-hosted or local, and with a bit of training, automated decision-making processes could be introduced that better understand the user's interaction with a suspicious application. While this does raise further privacy concerns and calls for responsible handling of user data by security applications, it could be the next inevitable step for anti-malware and anti-virus programs. We are striving to include such paradigms in our testing approach as well as tools like Mal X, that will hopefully help users proactively protect themselves against future zero-day attacks.   MS Teams Link

Data breaches are today one of the biggest threats to businesses. Globally, a data breach cost companies $3.86 million per incident. And the leading cause is stolen credentials. With so many remote workers outside of company walls, the world has seen a sharp rise in phishing and targeted attacks. Strong authentication has proven to be the most effective protection against these threats. But the evolution of strong authentication was a long journey around protocols, deployments and improvements. Join this webinar to understand the state of the authentication market, trends and opportunities.
Meeting Link (MS Teams)

Anjuli's research has so far assessed journalists’ understandings of and security behaviours relating to IoT threats, and compared them to the recommendations of cyber security experts. The study demonstrated that participants were largely unaware of how to protect their work and wellbeing from the intrusive capabilities of new IoT devices, such as smart doorbells, smart televisions, and smart lightbulbs. This talk will discuss these findings as well as her current research, which has included interviewing over 60 experts across her case study countries of the US, UK, Australia and Taiwan on relevant aspects of IoT threats to journalists.   MS Teams Link

Computer scientists and engineers regularly use models, constructs to help understand, communicate about and intervene in complex systems. What sort of model could help us to think about the vulnerabilities which arise from the complex relationships between technology, society and the environment? In this seminar we share an old Danish fairytale and draw out three lessons for the cyber community. In concluding, we argue that stories are a useful type of model for thinking about cyber-physical systems. MS Teams link here

The seminar will explore recent developments in the regulation of operational resilience and outsourcing in the UK finance sector to assess whether the proposed new framework will provide a hallmark for governing cyber-security internationally and across other industries. The reforms arise following high-profile IT failures in the finance sector, which resulted in Treasury Select Committee Inquiries and recommended reforms.  In light of these developments, the UK financial service regulators recently closed a consultation into proposed controls of operations and outsourcing in finance, which include changes that will reform standards for managing cyber-security.  The proposals are likely to form part of expected final policy statements to be announced later this year or during early 2021. The UK financial services regulators are leading in this area and the seminar will consider whether the proposals provide a benchmark for managing cyber-security risk across different sectors and globally. MS Teams Meeting Link (no log-in required) A draft slide deck for this seminar can be found here.