Malware hits the Mac but is it worth worrying about?
Malware hits the Mac but is it worth worrying about?

Last week I was delighted to attend the Centre for Secure Information Technologies (CSIT) summit in Belfast, in its third year of operating as a think tank and speaker conference.

I was invited at the end of 2012 by the organisers, and as a fan of the city, educational facilities working in security research and speaker conferences, it seemed like a sensible idea.

You may have seen some of the stories I posted so rather than re-hash what you have already read from some of the keynotes, I wanted to focus on the opening and closing of the event.

A division of Queens University Belfast, this facility is now ten years old and is working on developing ideas to sell to industry for development, as well as working on outreach in the area on cyber issues.

Opened by minister for enterprise, trade and investment Arlene Foster, she said that the 'prestigious gathering' presented an opportunity to place the region firmly on the global cyber security map.

Foster said: “CSIT is the UK's lead university centre for cyber security research but far from being an academic 'ivory tower', research specialists in data encryption, network security or video analytics work with industry to solve some of the real world security challenges of the future.”

Foster made some key points, saying that while Northern Ireland may be geographically at the periphery of Europe it has a fully fibre core network, was the first region in Europe to have 100 per cent access to first generation broadband and Marconi first demonstrated overseas radio communications in 1898 in Belfast.

She said: “Cyber crime is now estimated to cost around $1 trillion per year. Technology must be utilised to develop secure solutions to a number of particularly modern problems including: the protection of mobile phone systems; guaranteeing privacy over unsecure networks; the creation of secure 'corridors' for the seamless and rapid transit of people; and privacy and trust for financial markets.

“I don't think the world's cyber challenges will be resolved over the next two days, but hopefully you will further develop your understanding, gain new insights and sow the seeds of research concepts and partnerships that may deliver benefits in the future.”

CSIT principal investigator Professor John McCanny followed Foster, saying that it was "building a strong reputation internationally".

He said: “When CSIT was envisaged, two requirements of our funding as an innovation and knowledge centre were that our research should be industry informed, and that we should accelerate the uptake of world leading research for wider economic impact. We trust this summit will once again deliver on those and that you all find it thought-provoking, stimulating and rewarding.”

One of the things that CSIT has aimed to achieve from its summits is delegate interaction, collaboration, commercialisation and collective research opportunities. McCanny said that it had embarked on a campaign to raise £140 million over the next five years for projects that will increase and enhance the impact it makes on society "and the economy, locally and internationally".

“Examples include new approaches to mobile malware detection developed by CSIT researchers on the Android mobile phone platform and the design of security architectures for identification, authentication and secure communications for electric vehicle recharging systems using CSITs Physical Unclonable Function (PUF) technology,” he said.

Delegates came from a range of industries, including academia, the private sector, financial services, government and consultancies. The keynote sessions saw presentations on research around mobile, Scada systems, the 'Internet of Things' and authentication, and some of those presentations I wrote up as news stories.

On the afternoon of the second day, four breakout sessions were held. Leading a group on 'privacy in the age of the digital native and digital immigrant' was McAfee CTO Raj Samani and Professor Awais Rashid from Lancaster University. Samani said in his summing up that "a big area is trust currency in the world of privacy" and there needs to be more understanding around the balance of control and consent.

Speaking on 'is it the end of the road for username/password' was Facebook's Mark Crosbie and Dr Paul Miller from CSIT. Crosbie said that authentication and authorisation are often confused, and separating them is still a challenge. The practical steps from their session were to understand how to combine usability with security, and know understand how to do identity security "after the mess of identity cards".

Next were SRI International's Ulf Lindqvist and Zachary Tudor, who led a session on 'transitioning research into deployed solutions'. Tudor said that it was important to understand whether development was due to a "technology push or management pull" and make researchers become innovation champions, as they "may not be the people to take things to market".

Finally, investigating the topical subject of 'enhancing cooperation between Certs, law enforcement and government' was Brian Honan, head of Iriss Cert and Brian Higgins from Soca.

Honan said that a problem here is a lack of reporting of issues and involving law enforcement. He said that issues are not reported for fear of reputational damage, the police doing nothing with it, trusting to hand over sensitive information and making people aware of the challenge.

He said: “This is not a regional or national problem, it is an international problem. Also, how do you report an issue, call 999? We came up with no solutions and a lot of problems. We need better collaboration and need better cooperation with Certs and governments to automate information sharing and sustained trust models.”

As Honan said, they raised a lot of problems and not many solutions – but isn't that what discussion is all about? Identifying issues so that problems can be tackled? From what I saw, this is what CSIT thrives on and probably why it does this summit. After all, if you are a product manager at a security vendor – how do you know what features and functions to build into your next solution? Yes, you listen to your users and community, and that seems to be the case here.

Closing the summit, CSIT director Dr Godfrey Gaston, said that it had identified a number of challenges over the course of the summit and this was food for thought for the year ahead.

“Going forward, we were here last year and from my point of view, the positive thing is what we learn and how we help facilitate that, it can be very beneficial,” he said.

“It is one thing to throw it out there, another to keep going with the momentum that we create and if between us we collaborate together on things, I would love the challenge on how to work better together on projects.”

I go to plenty of events and it was really good to attend one with a long-term project and ambition to not only offer networking opportunities, thought leadership and a discussion groups, but take those discussions and do something with them. A solution for IP-connected appliances, unknown mobile devices in the workplace and personal information that is out of the owner's view? You should watch this space.