Security Experts:

Conference Preview: Suits and Spooks London: Sept. 12, 2014

The first European edition of Suits and Spooks, the cyber security conference that brings together decision makers and influential thought leaders in the industry, will be held in London on September 12.

Suits and Spooks London

"SNS provides a first-class forum to openly (and professionally) debate cyber security policy issues. Everyone benefits from hearing all sides of the issues and, correspondingly, leave with new perspectives. - Robert Bigman, former CISO, Central Intelligence Agency

 One of those rare conferences where even the speakers learn something new. - Stewart A. Baker, former General Counsel, National Security Agency; former Ass’t Secretary for Policy, Department of Homeland Security

 Suits and Spooks is an intimate gathering of like minded security professionals focused on discussing timely and relevant topics, not Marketing fluff. The speakers were engaging and brought real world experience to the table.” - George Kurtz, CEO/President and Co-founder, CrowdStrike

Former intelligence officials, corporate executives and information security practitioners from the United States and Europe will gather at the Blue Fin building in the neighborhood of Southwark for a limited attendance, single-track event focusing on some of the hottest cybersecurity and intelligence related topics.

A total of 13 presentations and two panels have been announced for Suits and Spooks London, which similar to previous editions, is closed to the press and held under the Chatham House Rule. The list of topics includes advanced persistent threats (APTs), the challenges faced by law enforcement, threat research, cyber warfare operations, and the criminal underground.

Jeffrey Carr, creator of Suits and Spooks, will open the event with a presentation titled "APT for Hire: SU Bin and Espionage-as-a-Service." Troels Oerting, head of the European Cybercrime Center (EC3) at Europol, will discuss the current challenges in investigating cross-border criminal operations.

Boldi Bencsáth of Hungary-based CrySyS Lab, which has analyzed several high-profile attacks over the past years, will discuss the difficulties in threat research, including collaboration with companies located in the same country as the source of a state-sponsored attack, and the negative impact of media attention.

"Regarding targeted attacks, the evolution (or culture and regulation building approach) began from two sides. Bottom-up from technical guys and top-down from decision makers, politics, organizations," said Bencsath. "These two groups should regularly meet as structured solutions are only possible if stakeholders among the two different approaches change their ideas and flexibly bend their mind to a direction that is better for both sides. For this, Suits and Spooks format, discussions and a mixture of attendance including governmental employees really helps to exchange ideas." 

After a short break, Troels Oerting, Kaspersky Lab founder Eugene Kaspersky, Chris Coleman of Lookingglass, and Rodrigo Bijou of The Data Guild will hold a panel discussion on the dependence of governments on cyber security intelligence provided by the private sector.

Eugene Kaspersky will also have a separate presentation on "The changing faces of the cyber underworld." Kaspersky Lab will also be represented by Costin Raiu, who will discuss so-called false flag operations around the Turla campaign.

Another high-profile campaign, the one dubbed "Snake," will be detailed by Adrian Nish of BAE Systems. Because the conference would not be complete without some NSA-related talks, Freddy Dezeure of CERT-EU will discuss the issue of trust in information sharing following the Edward Snowden leaks, and Joe Fitzpatrick of SecuringHardware.com will detail the tools of the NSA playset.

A hot topic will also be discussed by Brian Mefford of the Center for Open Democracy Ukraine, whose talk is entitled "Ukraine in a year of revolution and war: what's next?" Andrej Bastar and Sasha Bobich will present their research on the "deep web" and the use of artificial intelligence for minimizing financial risks. Jan Stinissen of the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) will discuss cyber warfare operations and international law.

"The talk is about how basic notions of public international law, including ‘use of force’ and ‘armed attack’, can apply to activities in cyber space. I will also address which options - from a legal perspective - are available to States in response to malicious cyber activity not raising to the level of an armed attack. The different aspects will be illustrated by real life examples," said Stinissen. "The aim is to give the audience a better understanding of the legal framework States and State entities operate in when conducting cyber operations."

Kris McConkey of PwC, Dezeure, Raiu and Bencsáth will host the second panel on the importance of attribution. The experts will debate if cyber security organizations are accurate when it comes to blaming an entity for a cyberattack.

Unlike other cyber security conferences, where it's often difficult for attendees to walk away with actionable information, Suits and Spooks has a 1:4 speaker to attendee ratio, a format which encourages debate and discussion. Attendees can challenge speakers at any moment during their presentation, even if they're government officials or C-level executives. This approach ensures that no questions remain unanswered and that all participants learn something they can later put to good use.

Furthermore, since it's a single-track event, participants don't have to worry about missing out on potentially interesting talks.

The Suits and Spooks conference was acquired this spring by Wired Business Media, publisher of SecurityWeek. In addition to the event in London, a conference will be held in Singapore on December 14 and in Washington D.C. in February 2015.

Thank You Sponsors

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.