Centre of Excellence for Security and Cybercrime

As the Internet, and the creation, storage and consumption of electronic information, increases by the day, it is important that we create an infrastructure which has high levels of security and trust. Without these the Internet will not truly scale to encapsulate every aspect of our lives, and leave threats to the future economy and to our own personal integration into it. The vision of this Sympoisum is create next generation infrastructures which protect the rights of individuals, and which also reduce the risks to our citizens, in the face of threats that they are now exposed to. The overall collaboration will thus be in the most inclusive way possible, and will allow knowledge to flow across knowledge domains.

Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University. He currently leads the Centre for Distributed Computing and Security, and works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. Bill has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing. He has published over 26 academic books, and over 100 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including with the Scottish Police, health care professionals and the FSA. [Bill's]

The talk will cover the ability of law enforcement to effectively deal with high tech crime issues, where we are today, what the problems are today and where we would like to be in the future. The future will address the need for dedicated ecrime units and the role these units will perform within the Police.

Alan Batey is a Detective Sergeant with a wide experience of roles within Northumbria Police having been a Police Officer for over 26 years. His present role and that of the last 8 years is within the High Tech Crime Unit of Northumbria Police. This unit is responsible for dealing with all types of crime where the perpetrator has used a computer, the internet or some other form of digital media to commit or facilitate the crime. Other roles include secretary to the Regional ACPO High Tech Crime Working Group which reports to the National ACPO Group, and member of the board for the safety in schools pilot project. Alan is also a Director of the North East Fraud Forum and Hadrian Project where he advisors on matters related to high tech crime and online fraud.

The growing problem of computer fraud is costing organisations millions in direct financial losses and immeasurable damage to their brands and reputations when such fraudulent activities are exposed in the media. Well known examples are Société Générale and TK-Maxx. The state-of-the-art computer security software, code-named Digital DNA, being developed by the project team could have saved these companies from their losses. Digital DNA provides an organisation with ultimate awareness of computer-based malicious activity. Products offered by competitors will inform a security team of an incident, but will not inform as to the full story of WHO WHAT WHERE WHEN and WHY the incident occurred. Digital DNA provides this crucial information automatically, allowing an organisation to detect criminal activity and intervene. We were awarded, in the final stages of my PhD in Digital Forensics, a Proof-of-Concept (PoC) award from Scottish Enterprise. The PoC funding is intended to allow us to bring the research, which has been demonstrated in a lab, into the commercial domain, in order to develop it as a prototype. After 24 months of funding, the research and prototype will form the basis of a technology spin-out. [Digital DNA]

Computer crimes have existed almost as long as people have been applying computers to money-making endeavours. Police forces started to recognise the need to have clear computer forensic processes and procedures 20 years ago. Just under 10 years ago the Council of Europe Convention on Cybercrime 2000 identified the subject for the urgent national attention for member states. Over the last decade we have seen the development of this new discipline emerge as a potential career pathway; increasingly supported by university courses. This was welcome new-comer at a time when applications to the more general computing subjects had been in decline.

In the academic world the key to the success or failure of these courses has been the recognition that Cybercrime Forensics is new and not just a subset of the wider computing area. It occupies an overlap with many other disciplines; law, forensic science, business and informatics. The close cooperation between universities, law-enforcement and commercial organisations is vital for students to be exposed to contemporary experiences and problems being solved, with up-to-date processes and procedures. The resource cost to do this is also high; requiring commitments to be made for investment in staff development, hardware and software.

Recognising the professional dimension of the discipline is an important consideration. Many computer forensics standards, certifications and qualifications exist. Many of these originate in the USA but are establishing credibility in Europe and around the World with large blue chip companies. No one standard has yet emerged as the de facto gold standard. The BCS Cybercrime Forensics Specialist group has now grown to 1100 members. The intention is for the group to support the wider growth of Cybercrime Forensics by establishing a cooperative network of organisations working together and sharing experiences. This talk will cover some of the progress made to date and the wider view towards a standardized EU picture of collaborative work.

Denis Edgar-Nevill was elected as founding chair of the BCS Cybercrime Forensics SG in December 2008 at its inaugural meeting. He holds the post of Head of the Department of Computing at Canterbury Christ Church University. He has been working in the area of Cybercrime Forensics since 2002 when he began working with the NPIA (National Policing Improvement Agency); the body responsible for specialist high tech crime training for the regional police forces and Home Office in the UK. This has led to a jointly validated MSc in Cybercrime Forensics with the NPIA in 2004 and a BSc Computer Forensics in 2007. He also chairs the annual International Conferences on Cybercrime Forensics Education and Training (CFET). He is a member of the editorial board currently drafting the revised ACPO standards for digital investigation chaired by PCeU within the Metropolitan Police. [Denis]

Ever since Larry Lessig's "Code as Code", the potential to integrate key legal concepts such as privacy, contractual rights or other legal entitlements directly into computer system design has been recognised in theory. But apart from some very basic implementations such as DRM, little systematic use has been made of this idea. The paper shows based on the experience with a large European project on online fraud detection that some of the main obstacles can be addressed with a more systematic theoretical reflection that draws on legal theory and comparative law rather than doctrinal legal analysis."

Burkhard Schafer studied Logic, Theoretical Linguistics, Philosophy and Law at the Universities of Mainz, Munich, Florence and Lancaster. My main field of interest is the interaction between law, science and computer technology, especially computer linguistics. How can law, understood as a system, communicate with systems external to it, be it the law of other countries (comparative law and its methodology) or science (evidence, proof and trial process). As a co-founder of the Joseph Bell Centre for Legal Reasoning and Forensic Statistics, I help to develop mathematically sound methods to evaluate scientific evidence, develop computer models which embody these techniques, and provide assistance to police and lawyers to interpret and apply scientific evidence, A special interest here is the development of computer systems that help law enforcement agencies to co-operate more efficiently across jurisdictions, assisting them in the interpretation of the legal environment within which evidence in other jurisdictions is collected. This research is linked to my wider interest in comparative law and its methodology, the idea of a "Chomsky turn in comparative law", and the project of a "computational legal theory" My Research Centre is the Joseph Bell Centre. He is involved with a number of organisations that promote the exchange between computer science and law, including the German Association for Informatics, BILETA, and the Evidence and Investigation network of the Scottish Institute for Policing Research. I'm also on the Nomination Committee of the International Association for Artificial Intelligence and Law. [Burkhard]

Matthew Pemble has been Technical Director of Idrach since its founding, having previously worked for the UK Government, Royal Bank of Scotland Group and several testing and security consultancies. Matthew is perhaps recently best known for his contributions to incident management and counter-fraud strategies but also has considerable experience in policy-based security, security architectures, security testing and ISO27001.  Additionally, he has provided product development support to various security vendors, including Cronto and Qualys Inc. Historically, he was one of the first people to qualify as a penetration test team leader under the GCHQ “CHECK” scheme and was also one of the limited number of security professionals qualified as a BS7799 Auditor under the c:cure scheme. A regular writer in trade magazines and speaker at regional, national and international events, Matthew is a Chartered and European Registered Engineer, a Fellow of the British Computer Society and a Member of the Institute of Engineering & Technology.  He is an associate member of the Institute for Information Security Professionals, also acting as a Full Membership Interviewer and Advisor; a Certified Information Systems Security Professional and a Certified Fraud Examiner. [Idrach]

This presentenation looks at the NIM (National Intelligence Model), and identifies the risks that can occur when there is a lack of information shared between the police and their community patners. It thus outlines the aims of NIM which are managing: Crime; Criminals; Disorder; and Problems, with the outcomes of: Community Safety; Reduced Crime; Controlled Criminality; and Controlled Disorder.

Detective Superintendent Russell Scott joined the Metropolitan Police in London in 1981 where he served in both uniform and detective duties in the West End and Kings Cross areas. In 1988 he returned to Scotland joining Fife Constabulary where he again performed uniform and CID duties. Following promotion to Detective Inspector in 1997 he was transferred to the Force Drugs Squad overseeing surveillance and enforcement teams. In October 2002 he was seconded to the SDEA East Group as Branch Commander during which time he managed a number of covert policing operations targeting serious and organised crime groups throughout Scotland. He took up his current post as Project Manager for the ACPOS NIM Development Team based at the Scottish Police College in January 2005. He is represented on a number of national committees including the ACPO NIM Working Group and the Scottish Strategic and Tactical Tasking groups. He also led the recent review of Serious and Organised Crime in Scotland and the review of the Scottish Tactical Tasking and Co-ordination Group resulting in him becoming the Actions Manager. In this role he has an oversight of the five Tactical groups for Scotland including the Public Protection Group on behalf of the lead - ACC Livingstone of Lothian and Borders Police. Currently he is the ACPOS lead for implementation of the Management of Police Information (MoPI) programme which includes development of the Bichard recommendations following the Soham murders. In addition he also leads on the work being undertaken with regards to the Magee Review of Criminality Information (RoCI) which examined the sharing of information with international partners.

Getting tricky: The many faces of social engineering, Prof Steven Furnell

Social engineering now represents a significant threat to users in both personal and organisational use of IT, and may be used as a basis for a variety of potential follow-on attacks including identity fraud, malware infection, and system penetration. This presentation examines the nature of the problem and the different guises in which it can be encountered, drawing upon a series of practical examples and research studies to evidence the challenges that can be faced. Consideration is also given to baseline advice that can be given to users in order to improve their awareness and reduce their susceptibility.

Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at the University of Plymouth in the United Kingdom, and an Adjunct Professor with Edith Cowan University in Western Australia. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) – namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 190 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). Further details can be found at www.plymouth.ac.uk/cscan.

Trends in the global threat landscape, recent observations, Don Smith (SecureWorks/DNS)

Drawing from SecureWorks unique view of Internet security across 3,000 clients worldwide, the talk will summarise the evolving threat landscape which faces us today, give some insight into the evolution of the business models adopted by criminals and give some examples of recent research findings from the SecureWorks Counter Threat Unit.

Don Smith is VP Engineering and Technology at Securework. He has worked in the IT industry for 18 years, starting his IT career with the groundbreaking Edinburgh University spin-off, Vision Group. After a successful flotation Vision was acquired by STMicroelectronics where ultimately Don became responsible for security architecture and operations for this $8billion enterprise. During his time at ST in Geneva, Don also worked on successfully integrating 14 acquisitions across 26 sites on three continents. Don joined dns on returning to Scotland in 2005 and was instrumental in the construction of the dns identity management practice and the evolution of the dnsMSS service portfolio. Don is regarded as an expert in the field of Identity and Access Management. After SecureWorks' acquisition of dns, Don focuses on bringing SecureWorks threat intelligence and security messages to European clients as well as continuing to provide leadership across the varied technologies and application areas represented by the IAM umbrella.

Knowledge Led Policing, John Gillon (Memex)

John will outline the promise of intelligence-led policing (ILP) and also wonders whether this activity/ process should be more focused on being 'knowledge' led. The established view of leading writers on the subject such as Dr Jerry Ratcliffe sees ILP as both a business model and management philosophy focused on the importance of data analysis and crime intelligence in reducing and preventing criminal acts. Crucially, ILP must be understood as not being about intelligence-gathering but rather a process and a philosophy determining actions. But what about that activity that could perhaps best be described as knowledge-led policing? Like many in the Service, I am more than happy to reinforce the importance of intelligence. But the fact is that there will always be more to ILP than information gathering and analysis. In the early days (mid-1990s), 'intelligence led' was undoubtedly the correct label, as amassing information was far from easy and the vital intelligence input (analysed information) was at the heart of the 'target packages' which gave structure to pro-active operations. But how far has ILP really moved us on from the situation where investigation-led intelligence was the norm?

John Gillon is a Consultant with Memex Technology where he advises on law enforcement issues and on product development. Previously he completed 30 years service with Strathclyde Police before retiring from the force having attained the rank of Detective Superintendent. He enjoyed a rich and varied career holding many high profile positions.

Secure Openness within the Public Sector – Reality or Oxymoron?, Alan Moffat

Alan Moffat is an Information Assurance expert and Innertalent Consultant, with over 30 years of experience in developing IT solutions to meet business requirements. With 20 years of developing secure national infrastructures for UK Police Forces to meet Government security standards (MoPS and SPF) and International Standards (BS7799, ISO 27000 series). [SIAF]

Evolving threats and attacks: A Cloud Service Provider's viewpoint, John Howie

Cloud computing is an evolution of well-established outsourcing practices, leveraging the Internet to deliver computing service as a utility to customers. As more computing power is built in clouds, and as more enterprises and consumers adopt the paradigm, cybercriminals and others engaged in cyber terrorism and cyber warfare are evolving their use of technology to commit crime, and disable or even completely prevent the delivery of cloud-based computing service. In this session, John Howie will describe the evolution and nature of attacks against a large cloud service provider, and the steps that they have taken to defend against them.

John Howie, CIPP/IT, CIPP, CISA, CISM, CISSP is the Senior Director of Technical Security Services for the Online Services Security and Compliance (OSSC) team within Global Foundation Services at Microsoft Corporation. He manages the teams responsible for strategy and architecture, threat management, and incident response for the company's cloud computing infrastructure. Prior to joining OSSC, John led the Data Governance Initiative in Microsoft's Trustworthy Computing Group, focusing on privacy protections for personal information, strategy, and policy. Previously he managed the company's Security Center of Excellence, and led the security community and its professional development program. John has spent twenty years working in the Information and Communications Technologies industry, principally working in the areas of information security and privacy, in several industry sectors including entertainment, financial services, and telecommunications.