Cyber Security: Further Information

Newrisk Limited is available to advise organisations and governments on cyber security issues. Newrisk Limited and its principal adviser, Dr Leivesley, have previously provided media commentary, lectures, conference papers, workshops and publications on this topic, examples of which are set out below. To return to an overview of Newrisk Limited's cyber security expertise, please click here.

To request Newrisk Limited's assistance in connection with cyber security, or to discuss a tailored package of services, please contact Newrisk Limited directly.

Media Commentary

Newrisk Limited's principal adviser, Dr Leivesley, has provided media commentary on cyber security issues, including:

• NATO Cyber Defence Conference, London and cyber threats from Russia, for Monocle Radio, on 11 November 2024;
• USA Election Day cyber risks, for Monocle Radio, on 5 November 2024;
• CrowdStrike computer outage ongoing effects on transport and other services, for GB News, on 21 July 2024:
  • "We need a cyber safety inspectorate.'  Sally Leivesley says the public should be 'absolutely outraged' by the IT outage that has caused global chaos."
• CrowdStrike global cyber outage,  for The Globalist Monocle Radio, 19 July, 2024;
• New Year look ahead, The Globalist, Monocle Radio, 1 January 2024; 
• How do we get a sensible risk approach for 3rd party security due diligence, Panel Discussion, Pulse Security Circle, Remote Meetings, 11 November and 9 December 2022;    
• Covid 19 Vaccination Research hacking UK, USA and Canada,  Morning Ireland, RTE Radio, Ireland, 17 July 2020;
• How should cities handle a crisis?appear for Monocle Radio The Urbanist on 30 January 2020,  Episode 433 Health emergency: the coronavirushttps://monocle.com/radio/shows/the-urbanist/433/
  • As the threat of the coronavirus spreads, we look at how our urban areas have coped when disaster has struck, be it terrorism, a health emergency, a natural disaster or a cyber attack, Security expert Dr Sally Leivesley on how urban areas are dealing with the coronavirus as more cases are confirmed outside mainland China.
• Mark Smith, Sally Leivesley Modern Catastrophe, in The Gentlewoman, Issue 20, Autumn and Winter 2019, pp 158-161: ‘..those insiders can constitute physical or cyber security threats. For example there were a couple of brothers working for an airline..one was in IT.. ‘ and p.161 ‘Drones don’t only target airports, …they represent a problem for industry in the middle of cities, they are an off- the- shelf technology that can carry explosives or function as a weapon of cyber reconnaissance… ‘p. 158Huawei cyber risk and world trade risk, for BBC World Service Weekend News Review on 4 May 2019;
• Future Trump Putin meeting impacts on cyber security of Europe’s critical national infrastructure and Ukraine in discussion on BBC World Service Week in REview (England) on 18 February 2017;  
• Cyber risks to energy, ADIPEC TV Presenter Eithne Treanor talks to Dr. Sally Leivesley at ADIPEC, published on 8 November 2016;
• Yahoo breach, cyber security responsibility and public protection for Channel 5 News, ITN on 23 September 2016;
• Oil & gas industry must take a “coordinated and streamlined” approach to security, urge experts,   at ADIPEC Conference on 19 September 2016:“In 2016, there is an urgency for nations to adopt national integrated cyber/physical security frameworks to pre-empt the growing external threats that are now constantly exploring vulnerabilities in energy facilities across the supply chain,” said Dr Sally Leivesley, Managing Director of UK-based risk management firm Newrisk Limited. 
• 'The Nervous breakdown of the Internet', for BBC Radio 4 (England) on 1 December 2015, with Edward Lucas: "Internet security is vital, but increasingly fragile."
• 'Anonymous Hacker Threats to ISIS' for Sunrise Seven Network (Australia) on 18 November 2015;
• 'Home Secretary’s release of the Draft Investigatory Powers Bill and Human Rights Issues' for BBC Radio Scotland on 30 September and on 4 November 2015;
• Requirement for Internet Monitoring Following Increased Terror Threats in UK for BBC News Channel (England) on 27 February 2015;
• Women in the UK Intelligence Community - Intelligence and Security Committee Report 03/2015 on Female Recruitment and Lifecycle in GCHQ, MI6 and MI5 for BBC Radio Scotland (Scotland) on 7 March 2015;
• 'Without a Trace: Who is behind the mystery of flight MH370? Talk in Hanger-7' for Servus TV (Austria) on 5 June 2014;
• 'The Plane that Vanished' panel interview by Donal MacIntyre on MAL MH370 plane disappearance and causation for Channel 5 on 14 March 2014;
• MAS Plane Disappearance for ITV Daybreak, Channel 5 News and ITV News on 10 March 2014;
• Home Affairs Select Committee Recommendations for Cyber Crime for ITV Daybreak on 30 July 2013 - more online;
• NSA Intelligence Leak and GCHQ Data Surveillance for ITV Daybreak on 10 June 2013;
• Catastrophic Risk Cyber Security Press Briefing for the Institution of Technology and Engineering at the Wellcome Trust on 29 April 2013;
• North Korean Missile Threat for ITV Daybreak on 2, 8 and 10 April 2013;
• MoD Cyber Report, House of Commons Defence Committee for ITV News on 9 January 2013;
• MI5 Director General's speech on terror threats for the Olympics & beyond for Channel 5 News (pre-record) on 26 June 2012;
• Coronial verdict on GCHQ/MI6 Cryptologist's death, forensics & security issues for ITV Daybreak on 3 May 2012;
• National & Cyber Security post-GCHQ/MI6 Cryptologist's Death for ITV Daybreak and Channel 5 News on 22 April 2012;
• Data Attack on the Home Office Website for Sky News on 8 April 2012;
• Wikileaks Critical Infrastructure Cables for TT5 News (Italy) on 8 December 2010 and Sky News on 5 December 2010;
• Saudi Funding of Terrorism revealed in Wikileaks for Sky News on 5 December 2010;
• Police Chief Bob Quick Security Breach and Arrest of Terror Suspects for GMTV on 9 April 2009.

Lectures, Conferences and Workshops

Newrisk Limited and its principal adviser, Dr Leivesley, have provided lectures & conference papers on cyber security issues, including:

• CISO Leadership for Strategic Threats and Innovation, 5th CISO 360 Middle East, Pulse Conferences, 10-11 September 2024, Dubai, UAE:
   
  
• Pre-Olympics cyber/physical risks: Olympics case studies for Pulse Conferences, 9th CISO Global Congress, 19-21 June, Marseille, France;
  
  
• Risky Times 2024-2027, for the Risk and Security Management Forum Summer Seminar, London, 13 June, 2024;
  
  
• Risky Times, for the High Premium Group Insurance Agency on Monday 10 June, 2024;
  
  
• Emerging Cyber Physical Threats - USA Business Continuity and Resilience, for Pulse Conferences, 4th CISO 360 Americas, 21-22 May 2024, Las Vegas, USA;
  
  
• Securing Europe’s Supply Chain – Energy, Nuclear War, Quantum, at Pulse Conferences 7th Annual 360 CSO, Berlin 6-8 December 2023. 
  
  
• Singapore 2023 New Cyber-Quantum - Geopolitical Risk Update, Keynote, at Pulse CISO 360 Asia & Oceania Conference, Singapore, 26-27 September 2023.
  
  
• Cyber Security of Critical Infrastructure – Nuclear Power Plants, Transport, Smart Cities, Water, 6G Transformation, at Pulse Global 7th CISO 360 Congress, Barcelona, 5-7 July 2023.
  
  
• Supply Chain Nuclear Risks and the Known Unknowns of Cyber Security, 3rd CISO 360 Americas,
  Pulse Conferences, New York, 28 March 2023
  
  
• Exercise Cyber Attack, Emerging Cyber Threats, Regional Overview' for  CISO Middle East Ninth Annual Conference, Dubai, March 27-29, 2017 on March 27;
  
  

• 'Urban Terror Targets: Optimising Cyber Security for Survival' for CISO Middle East Ninth Annual Conference, Dubai, March 27-29, 2017 on March 28;
  
  

• 'Optimising Intelligent Systems for Competitive Advantage: Discussions on Singapore and an International Case Study of Systems Failures in Flight MH370'' - Key Note Lecture to the Chief Information Security Officers Conference in Singapore in November 2014;
  
  
• 'Strategic Threats in Cyber Space: Was MH370 the First Cyber Hijack?' - Key Note Lecture to the International Conference on Cloud Security and Management at the University of Reading (England) in October 2014;
  
  
• 'Terror and Cyber Threat Hot Spots' - Lecture for the Chief Security Officer Eighth Annual Summit on Leadership and Holistic Security to Protect People, Property and Profits in Brussels (Belgium) in October 2014;
  
  
• 'Novel Approaches to Cyber Defence: Strategic Analysis and Assessments in the Operating Environment, Case Study of Distributed Energy Systems Sustainability' - Presentation and Panel Participation at the SAS-106 Symposium on 'Analysis Support to Decision Making in Cyber Defence', NATO Systems Analysis Studies Panel in Tallinn (Estonia) in June 2014;
  
  
• Member of the Technical Programme Committee for ICS-CSR 2014, 2nd International Symposium for ICS & SCADA Cyber Security Research 2014 at University of Applied Sciences St. Pölten (Austria) in September 2014. See further: The 2nd International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space;
  
  
• Cyber Hijack and other Emerging Threats: Strategies for Sustainability - Key Note Lecture to the CEP (Corporate Executive Program) in Barcelona (Spain) in May 2014;
  
  
• 'Snapshot of Regional Risks and Sustainability- Incorporating Exercise Cyber-Defence' - Lecture to MIS Chief Information Security Officer Middle East 6th Annual Summit and Roundtable in Dubai (UAE) in February 2014;
  
  

• 'CBRNE/Cyber Terrorism: Technical briefing for ‘Exercise London' - Lecture for the Ministry of Defence, Terrorism Causes, Trends and Responses, Knowledge Transfer Programme at the University of Bradford, School of Social and International Studies in April 2013;
  
  
• ‘London in 2012- Security Lessons and Future Threats’, ISC2 Secure Workshop in London (England) in March 2013. Training modules included: Training modules: Lessons from London in 2012; Lessons for Securing Systems; Skills for Monitoring the Cyber Threat Landscape; Security Audits for Cloud; Media Communications Skills and Role Plays; Skills Development;
  
  

• 'Managing Shock Attacks on Cities: Multiple Terrorist, Nuclear or Cyber Threat Horizons' - Keynote and Planning Lecture for CEOs at the Sixth Chief Security Officer Summit in Berlin (Germany) in December 2012;
  
  
• 'Scientific Solutions for CBRNE Terrorism and Catastrophic Events with Reflections on Fukushima and Norway, Situational Awareness, Communications, Evacuation, Shelter, Risk' - Co-chair for the Permanent Monitoring Panel on Mitigation of Terrorist Acts at the 'Role of Science in the Third Millenium, International Seminar on Nuclear War and Planetary Emergencies', 45th Session in Erice (Italy) in August 2012;
  
  
• 'Water and CBRNE/Cyber Terrorism: Waterborne threats and sustainability of cities including unusual secondary and tertiary water contamination lessons from Fukushima' - Presentation to the 'Role of Science in the Third Millenium, International Seminar on Nuclear War and Planetary Emergencies', 45th Session in Erice (Italy) in August 2012;
  
  
• 'CBRNE/Cyber Terrorism & London in 2012' - Technical Briefing to Government sponsored students at the Department of Peace Studies, University of Bradford;
  
  
• 'Cyber Infrastructure and Physical Security: Case Studies London in 2012 and Bulk Cargo; Managing Catastrophic Risk in Security Architecture: Insider Threats, Integration of Intelligence and Terror Threats' - Keynote paper to the 2nd Annual ICT Security Africa Conference in Accra (Ghana) in September 2011;
  
  
• 'Cloud Catastrophic Risks and Reputation Assurance for CISOs: Risk Insights' - Paper to the Cloud Security Forum in Rome (Italy) in June 2011;
  
  
• 'Moving to a Beyond Encryption Society' - Paper to the Information Security Specialist Group Annual Conference at Bletchley Park (England) in March 2011;
  
  
• 'A Framework for Developing Powers and Safeguards' - Paper to the IAAC Identity Assurance Workshop held by the British Computer Society in London (England) in March 2008;
  
  
• 'Myths and Madness in Risk Management' - Keynote paper to 7799 Goes Global: Business Working Together Conference held by the Information Security Management Systems International User Group in London (England) in September 2003;
  
  
• 'Understanding Hi-Tech Crime' - Paper to the E-Crime Congress held by the National Hi-Tech Crime Unit in London (England) in December 2002;
  
  
• 'Exercise: Survive: The Complex Security Cycle' - Workshop exercise to the 19th World Conference on Computer Security, Audit and Control in London (England) in October-November 2002: This exercise stress tested an international audience on surviving extreme attacks in the IT environment. The interactive exercise covered extreme threats to information systems and losses of personnel and critical infrastructure from large tonnage multiple vehicle bombs, suicide attacks, chemical/biological attacks, radiological incidents and cyber terrorism;
  
  
• 'How should a Responsible Company Director Act' - Interactive Forum at the 3rd Annual Symposium held by the Information Assurance Advisory Council in London (England) in October 2002;
  
  
• 'Exercise Tall Buildings: Responding to the Globalisation of Terrorism in Securing Cyberspace, Building Trust and Confidence in IT Infrastructure' - Paper and workshop exercise to the World Conference on Computer Security, Audit and Control (Compsec 2002) in London (England) in October 2001;
  
  
• 'Back to Basics: Delivering Turnbull to the Boardroom: A Systematic Approach to Risk Assessment' - Paper to the British Security Indusstry Association Information Security Conference in Birmingham (England) in July 2001;
  
  
• 'Risk Assessment - Global 2001' - Paper to the Software Technology Outreach Conference on Risk Assessment Techniques for Outsourcing and Asset Management in London (England) in April 2001;
  
  
• 'Designing On-Line Risk Assessment' - Paper to the British Computer Society Information Security Specialist Group Annual Conference in Abingdon (England) in March 2001; and
  
  
• 'Business Continuity: Global Logic for Information Security' - Paper to the British Computer Society Information Security Specialist Group Annual Conference in Abingdon (England) in March 1999.

Publications

Newrisk Limited's principal adviser, Dr Leivesley, has written publications on cyber security issues, including:

• Resilient Core Networks for Energy Distribution;  Kuntze, Nicolai; Rudolph, Carsten; Leivesley, Sally; Manz, David O.; Endicott-Popovsky, Barbara E; 28 July 2014: Abstract—Substations and their control are crucial for the availability of electricity in today’s energy distribution. Advanced energy grids with Distributed Energy Resources require higher complexity in substations, distributed functionality and communication between devices inside substations and between substations. Also, substations include more and more intelligent devices and ICT based systems. All these devices are connected to other systems by different types of communication links or are situated in uncontrolled environments. Therefore, the risk of ICT based attacks on energy grids is growing. Consequently, security measures to counter these risks need to be an intrinsic part of energy grids. This paper introduces the concept of a Resilient Core Network to interconnected substations. This core network provides essential security features, enables fast detection of attacks and allows for a distributed and autonomous mitigation of ICT based risks. OSTI.GOVConference: Resilient Core Networks for Energy Distribution; Research Org.: Pacific Northwest National Lab. (PNNL), Richland, WA (United States) Sponsoring Org.: USDOE: OSTI Identifier: 1178870  Report Number(s): PNNL-SA-100414 : DOE Contract Number:  AC05-76RL01830  Resource Type: Conference Resource Relation: Conference: IEEE PES General Meeting, Conference & Exposition (PES 2014), July 27-31, 2014, National Harbor, Maryland, 1-5; Country of Publication: United States.

• 'The Impact on the Business Community: Building Resilience against Chemical, Biological, Nuclear, Radiological, Explosives and Electronic Attacks' - by Dr Sally Leivesley in The Unlikely Terrorists by Rachel Briggs (Editor), November 2002, pp.31-42.

Newrisk Limited's principal adviser, Dr Leivesley, has also written unpublished papers on cyber security issues, including:

• 'Infosec as Intellectual Capital in the Business Continuity Paradigm' - Paper dated July 2003: This paper discusses how balancing risk through business continuity actions will determine which companies are the winners and losers. The Information Security specialist has a new function across all business operations to manage extreme risk over the lifetime of the business. New thinking and new information system design are required for real time safety critical systems and business continuity.

Newrisk Limited's principal adviser, Dr Leivesley, has also been cited in various publications on cyber security issues, including:

• 'Modern Catastrophe' by Mark Smith in The Gentlewoman, Issue 20, Autumn and Winter 2019, pp 158-161:

  • ‘..those insiders can constitute physical or cyber security threats. For example there were a couple of brothers working for an airline..one was in IT.. ‘p.161; and
  • ‘Drones don’t only target airports, …they represent a problem for industry in the middle of cities, they are an off- the- shelf technology that can carry explosives or function as a weapon of cyber reconnaissance… ‘p. 158.
• 'How Safe Are We?' by Steve King, on Netswitch Technology Management in October/November 2015: "Dr Leivesley wants to see a team of international observers set up to monitor cyber technology in the same way they monitor nuclear armaments. She says states that repeatedly allow their hardware, like routers or servers, to be used by hackers or cyber terrorists should also face sanctions imposed by the United Nations."
  
  
• 'Exclusive: Cyber hackers are greater threat to UK security than nuclear weapons' by James Fielding, The Express on 25 October 2015: "“Hackers now pose more of a threat to world security than nuclear weapons, one of the country’s top cyber terror experts warned last night. Dr Sally Leivesley, a former Home Office scientific adviser, said rogue states such as North Korea are already developing technology that can infiltrate defence systems and shut down power grids. Her warning follows the huge data hack on TalkTalk that has hit four million customers who face having their bank accounts drained and personal details stolen."
  
  
• 'Is missing Malaysian jet the world’s first CYBER HIJACK? Chilling new theory claims hackers could use a mobile phone to take over the controls' by Wills Robinson, Daily Mail Online, 16 March 2014: "Dr Leivesley, who now prepares businesses and governments for potential terrorist attacks, told the Sunday Express: 'There appears to be an element of planning from someone with a very sophisticated systems engineering understanding. This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals. She added that once the plane is air-side, you can insert a set of commands and codes which can begin a new set of processes."
  
  
• ''World's First Cyber Hijack: Was Missing Malaysia Airlines Flight Hacked with Mobile Phone' by James Fielding and Stuart Winter in the Sunday Express, 16 March 2014: "British anti-terror expert Dr Sally Leivesley said last night: “It might well be the world’s first cyber hijack."
  
  
• 'Outsourced IT Offers Hackers Access to Key Control Systems' by Mark Hennessy in Irish Times, 2 May 2013, discussing cyber security: "The North Koreans have been blamed for interrupting websites run in South Korea by banks, newspapers and TV companies in “a show and tell” warning about what they are capable of during a conflict, warns Sally Leivesley of Newrisk. The South Koreans have taken the warning seriously, upgrading security at their nuclear plants – including disabling every USB port in every computer at the plants lest they be used to breach defences."
  
  
• Editorial by Stephen Hinde in Computers and Security, Vol. 21, No. 8 in 2002, discussing the 'Exercise: Survive: The Complex Security Cycle': "Dr Sally Leivesley, building on the success of her interactive workshop last year, split the audience into six teams to consider specific aspects of surviving extreme attacks from terrorism in the IT environment."

To request Newrisk Limited's assistance in connection with cyber security concerns, or to discuss a tailored package of services, please contact Newrisk Limited directly.