Peter Sommer

Biography

Peter Sommer is a Visiting Professor in the Information Systems Integrity Group in the Department of Management at the London School of Economics and also a Visiting Reader , Faculty of Mathematics, Computing and Technology, Open University. He is one of the  pioneers of digital evidence / computer forensics and has acted as an expert in many important criminal and civil court proceedings.

At the LSE he has helped develop the current range of Information System Security courses, with their emphases on social science, management, law and policy.  At the Open University he is consultant for the Digital Investigations and Computer Forensics course, M889.

He read law at Oxford, had earlier careers as a book and electronic publisher and as a risk analyst/investigator for insurance underwriters and loss adjusters.   His first digital investigation was in 1985.  Legal expert witness activity has included criminal cases involving large-scale computer intrusions,  Official Secrets,   large-scale software piracy,  indecent images of children,  people trafficking,  murder and terrorism.   Civil instructions have covered theft of confidential information,  defamation and theft of software code.

He is a former UK Parliamentary Specialist Advisor and sits on a number of UK government advisory panels.  These have included work for the Government Chief Scientist on Emergency Response.  He has also given evidence to UK Parliament Select Committees.  He has acted as a consultant to the United Nations Counter Terrorism Implementation Task Force,  the UK National Audit Office, the UK Audit Commission and the UK Financial Services Authority.  His Directors’ and Corporate Advisors’ Guide to Digital Investigations and Evidence was published in November 2008 by the Information Assurance Advisory Council. He sits on the Advisory Council of the Foundation for Information Policy Research.

He is the joint author of the OECD publication  Reducing Systemic Cyber Risk.

His website is www.pmsommer.com where you can also find his full CV.

Presentation: The Disciplines of Contigency Planning

Traditionally CERTs have concentrated on the immediate problems surrounding a computer emergency – how to recover from its effects and how to detect the causes.  But for the victims there are other issues – how to bring an organisation back to full functionality and make up for all the consequences of the lost down-time.  These considerations involve many aspects beyond purely technical remedies;  significant and unusual types of business analysis are required and also a well-prepared and highly focussed team of managers.

Two sets of experience are likely to be helpful to planners in government and in the critical national infrastructure industries.  The first comes from the insurance industry, which offers “business interruption / consequential loss” cover,  but only if the insured has agreed to meet certain conditions, which include a contingency plan.  The second, at least from a UK perspective, has been the actual experience of businesses as they recover, particularly from the aftermath of terrorist attacks.

It turns out that full and almost instant recovery is extremely expensive.  The solution is a planned for gradual recovery – but that implies knowing which parts of your organisation and corresponding ICT infrastructure are particularly important.  It also turns out that, although an organisation’s computing infrastructure may be very vulnerable to attack,  ICT is also the means which may make recovery much faster.

Professor Peter Sommer will describe and illustrate the disciplines involved.