Meet the expert: Ameer Al-Nemrat to speak at PrivSec London

Live at Park Plaza, Riverbank in London on February 28 and March 1, PrivSec London gives global audiences the chance to learn more about Trust, Digital Transformation, Ethics, Data Protection, Privacy, Security and much more.

The event will also provide a unique opportunity for industry professionals to network with peers and develop business relationships.

Ameer Al-Nemrat is Director of the Centre for Cyber Security and Artificial Intelligence at University of East London (UEL). He is the director for the Professional Doctorate in Information Security & the MSc Information Security and Digital Forensics programmes.

Ameer will appear exclusively at PrivSec London to explore state-sponsored cyberattacks and how organisations can best protect themselves on the current risk landscape.

We caught up with Ameer for more on his career to date, and for an introduction to the themes on the table at his PrivSec London session.

Could you briefly outline your professional journey so far?

I am a Reader in Cyber Security at the Department of Computer Science and Digital Technologies, University of East London (UEL). I am also the founder and the director of Cyber Security Centre of Excellence (CSCoE). 

I manage and oversee the Chip Forensics Reverse Engineering & The Electronic Evidence Laboratories, UEL, where we closely work with Law and Policy makers both nationally and internationally, as well as agencies on cyber security research projects.

My research in cyber security and digital forensics has had considerable impact on public and industry practice at national and international level as per REF (Research Excellence Framework) 2021 result.

Could you explain the key reasons behind the sudden increase in nation-state cyber activity over the past few years?

There are several reasons behind such increases in nation-states’ cyber activities, including: 

The digital transformation age: the number of countries digitising their economy is rapidly increasing every year. According to the IMD World Competitiveness Center report (2022), 63 economies adopted and explored digital technologies as a key driver for economic transformation in business, government, and wider society. This means more reliance on technology, which, in its turn, created a larger attack surface for state-sponsored hackers and militias.

The growth of cyber-physical systems: The number of cyber-physical systems are rapidly and dramatically increased and the amount of complexity to operate, manage, and secure them is much higher than in the traditional networks. They consist of computational algorithms, networks, devices, and systems which leaves organisations with incredibly complex safety, security, and performance risks. They provide the hackers or state-sponsored hackers better chances to exploit vulnerabilities and access points to the systems.

The value of data available online: As a result of digitisation and globalisations, the amount of valuable stored, transmitted, and processed data by public and private sectors in every country provides an attractive target for state-sponsored hackers. The motivations vary between economics and political motivations.

Absence of international law to regulate cyber space: Regulation of cyberspace is a current and discussed debate in the international law field. However, due to the complexity of cyber space character “Virtually” and “Communality” consensus is far from being reached.

What impact is this escalation having on global business?

The scale of historical cyber-attacks carried by a single or group of hackers, while certainly damaging, has been relatively small until this point. However, a global-scale cyber-attack orchestrated by state-sponsored hackers or militant caused loss of digital infrastructure access for whole countries or geographical region. 

This due to the increase of globalisation of economies which has led to a more interconnected world and interdependence between countries. Therefore, businesses and organisations are spending more and more on cyber security to respond to cyberattacks or to repair damage to their reputation caused by such attacks.

The scale of damage caused by state-sponsored attacks is widespread and causes disruption to communities and economics if critical infrastructure such as power grids, health care, and transportation systems are targeted.

What challenges do organisations face as they bid to put together defence strategies in the face of such attacks? 

Defending against state-sponsored attacks is very challenging because it involves evolving technologies and tactics which making it hard to predict, detect, and respond to it in a timely manner. 

State-sponsored attacks are carefully crafted and might be carried out by a group of hackers or a militant on behalf of a state to evade detection and responsibility. This makes it even more difficult for businesses that operate in regulated sectors because they might be subject to significant fines by regulator as result of state-sponsored attacks. 

Business are operating in interconnected environments and this makes it challenging to have full visibility into their own networks. One single Zero-Day vulnerability in their systems is enough to be used as an entry point to launch an attack on multiple systems.