cybersecurity

Taking the journey from IT to OT security. My findings so far (James Sandrone)

 
JamesSandrone.jpg
 

Hi, I am James Sandrone, the senior business solutions consultant at Awen Collective and I’m an OT security newbie.

Seven months ago I started working for the fabulous Industrial cyber security start-up called Awen Collective. This presented an exciting opportunity to grow both on the business development and technical side. With this came the promise to be part of something from the ground up, that could really make a difference. Through my experience of putting together CISO & CIO events for a previous employer, cyber was certainly a strong area of interest for the next step of my professional journey. My limited experience in cyber told me that it is about trust and integrity, and I wanted to work within an area with these attributes.

Through some mutual connections that understood both mine, and my then potential employers, needs and ambitions, I joined a fantastic team at Awen Collective. Awen believed in me and gave me the platform to put my ideas into practise to grow the business. Not only that, the key values of trust and integrity were clear to see from the start, and I needed to dig deep into understanding the market and the technologies. 

So the first question I wanted asked myself was, OT & IT - what are the differences? Well, If I had to explain this 7 months ago then I would have broken it down like this: IT deals with information, while OT (Operational Technology) deals with machines, and while OT manages the operation of physical processes and the machinery used to carry them out, IT manages the flow of digital information. But it got a little confusing to me, as they can often cross over through contemporary ICS (Industrial Control Systems) and Industrial Internet of Things (IIoT) and their connection to the internet also. The real big problem that I initially discovered was that the OT involved in these systems is sometimes old, and was not designed to be secure against this kind of connectivity and risk. In contrast, the risk within IT is far better understood and mitigated.  

I wanted to dig a bit deeper into the perspective of an Industrial CISO / OT Cyber professional… so that's exactly what I did! Months of engaging with these experts in all parts of the world (to understand if this was a global problem). I noticed a common feeling among the community, that there is a lot of noise at the moment around OT cyber solutions and what they promise to deliver, but the reality is very different and in fact, unfortunately, there is a lot of disappointment in the current solutions on the market and what they offer. This, of course, naturally made it easier for me to engage with industrial organisations, as OT cyber needs were far from being met.

The great thing is that through speaking with many people within cyber security, it seems that the awareness and need for a better OT cyber solution is growing. As is the community of people who want to make a difference by better understanding cyber resilience. After all, our Critical National Infrastructure has significant cyber risk, and a threat to industry is a threat to every one of us. We, as the cyber security community, need to get this right. We can definitely keep society a little safer by reducing the risk of cyber attacks on our essential services, I encourage any of you in the cyber world that feel the same way, to get in touch and see how we can tackle this problem together!

The Percy Hobart Fellowship 2020 + Awen = INNOVATION PARTNERSHIP

steven-reilly.jpg

In July of this year Awen Collective welcomed a new member to its team, me! I’m Steve a serving member of the Royal Navy and I have been lucky enough to be placed with Awen for 12 weeks (July - September 2020) during a new and exciting programme in innovation training from PUBLIC, ‘The Percy Hobart Fellowship.’


Over the 12 week course I am working directly alongside Awen Collective, learning how a fast paced and exciting Tech Start-up operates and providing them an insight into the military mindset, in addition to this I am being provided access to taught material, mentoring and workshops combining to give a strong base in both the theoretical and practical side of innovation.

The journey so far has been an interesting one, and I could not have made to feel more a part of the family at Awen. They have firmly brought me onboard with their vision of creating a more cyber resilient world, an issue not just for the military and defence sector but for society at large. 

I’m looking forward to the rest of the journey with Awen and perhaps I will share more of my experiences with this dynamic organisation in the coming weeks.

Collaboration across EU helps cyber-security of society

wales-belgium.png

Awen Collective has produced a Software-as-a-Service product called Profile which makes it much quicker and easier for Critical National Infrastructure, their partners and their regulators to perform audits to ensure regulatory compliance to the NIS Directive. We are also actively working on other projects for some of our continental partners.

The NIS Directive is a European Union directive that has, as of 2018, been implemented in law in all 28 member states of the EU (including the UK). This regulation provides a much needed prompt to European critical infrastructure providers to improve the cyber-security policies, processes and technologies within their whole organisation – from board member to engineer, from IT to Operational Technologies (OT).

However, it is not the only good thing that the European Union has done or is doing in regard to cyber-security in general and industrial cyber-security in specific. We don’t even need to mention GDPR. This blog post outlines some of the other great initiatives.

Europe-wide Cyber-Security Initiatives & Programmes

European Union Agency for Network and Information Security (ENISA) – is a great organisation (or agency) which contributes to the network & information systems security across Europe, with a particular focus on ensuring the security and safety of European society, commerce and government. It is a very holistic organisation, very much worth checking out if you have not heard of them. ENISA has done so well over the years, that the EU decided to enhance the powers of ENISA through the Cybersecurity Act of December 2018.

The Computer Emergency Response Teams for the EU institutions, agencies and bodies (CERT-EU). It provides threat intelligence and assistance in the prevention, detection, mitigation and response to cyber-attacks by providing a cyber-security information exchange. It works closely with other CERTs in the public & private sectors across Europe.

The European Cyber Crime Centre (EC3) is a division of the EU agency for law enforcement cooperation (EUROPOL). EC3 assists with the law enforcement response to cyber-crime across the EU, with particular focus on strategy, forensics and operations/intelligence. EC3 publishes the Internet Organised Crime Threat Assessment report, which highlights some interesting information.

The European Cybersecurity Industrial, Technology and Research Competence Centre (ECITRCC) is a policy-driven centre focused on the European digital market. It will contribute to the deployment of the latest cyber-security technology, provide financial & technical support to cyber-security start-ups & SMEs, it will support industrial R&D, push high-levels of cyber-security standards and facilitate cooperation between civil & defence spheres in regard to cyber-security. It is too early to say how effective the Centre will be, but it seems to be very promising.

There is also a significant number of funded R&D initiatives across Europe through the Horizon 2020 framework, which require collaboration from different organisations in at least a few member states and typically support a mixture of SMEs, universities, larger organisations and the public sector across Europe.

Plus much more…

All of the above combine to help everyone to live and work in Europe safely and securely.

What are Awen doing?

Awen have built software to provide solutions to an international problem. One product, Profile, addresses the NIS Directive directly and is naturally a European-focused product. Contact us today to organise a demonstration of Profile. Email: hello@awencollective.com