Team Awen does BSides Cymru

 

On Saturday 28th September, Team Awen attended the first BSides Cymru!


BSides are Cyber Security conferences where experts from the industry share an insight into their respective research and work projects.


The day kicked off with an entertaining keynote introducing the age-old debate of Apple vs Android titled “Apple Apostles to Google Groupies: Why we need to stop security tribalism” by Chester Wisniewski and John Shier from Sophos.

 
 
John Shier and Chester Wiesniewski of Sophos alongside ‘Android Hippies’ vs ‘Our Dear Leader’

John Shier and Chester Wiesniewski of Sophos alongside ‘Android Hippies’ vs ‘Our Dear Leader’

 

Some of our favourite talks included:


“How I breached Your Organisation” by Anthony Paimany of Blackberry Cylance, where we learnt the process and tools a Red Team uses to assess a company’s cyber-security. The mission presented involved ethical hacking processes to determine if it was possible to transfer $10,000 into a nominated bank account from within the organisation.
“Closed for Business: Taking Down Darknet Markets” by John Shier of Sophos which gave an insight into how law enforcement gathered data about illicit Darknet websites to seize the sites and track down their founders. This talk also explained how the closure of one Darknet market gave rise to the next dominant website.

 
‘How I breached your organisation’ by Anthony Paimany from Blackberry Cylance, and the aeroplane seating in the Tramshed Cinema

‘How I breached your organisation’ by Anthony Paimany from Blackberry Cylance, and the aeroplane seating in the Tramshed Cinema

Other notable talks included presentations on the possibilities within quantum computing and cryptography, how to retrieve relevant data from car infotainment systems and innovations within cyber security analysis.


Team Awen also enjoyed visiting the ICS Village and meeting the team from the University of Bristol, and the sticker exchange where we picked up more adornments for our laptops!


Overall, we had a very enjoyable, informative day where we were able to network with many other companies and employees from the bustling South Wales Cyber Security scene!


Thank you to the organisers and volunteers behind BSides Cymru for a fantastically successful day, and we look forward to the next BSides Cymru (2020?!).

 

Awen - Pitch@Palace on Tour

 
GroupPhoto.jpeg

On the 24th September 2019, our CEO had the pleasure to pitch to HRH The Duke of York Prince Andrew, a distinguished panel of judges and a packed lecture hall at Pitch@Palace 12.0 on Tour which took place at the University of South Wales Newport Campus.

It was a pleasure to meet the Duke of York, and hear about his perspectives on entrepreneurship, pitching and innovative business. He officially refereed the panel, and took a genuine interest in every single pitch.

The pitch by CEO Daniel gave an overview of the problems and pains that industrial organisations (energy, water, transportation and manufacturing) face in regards to cyber security, it also covered how Awen is providing solutions with Profile, Dot and our planned future software products. Finally, the audience members were asked for any introductions that they may be able to offer in these industries, to ensure that cyber security is on the board-level and managerial-level agenda.

DJL-Pitch.jpg

The day also included inspirational talks from the Cofounder of Just Eat UK, David Buttress, and the Cofounder of Coffee#1, James Shapland. Breaks in the day provided not only needed refreshments, but also opportunities to network with various professionals. Plus, the entrepreneurs received some nifty goodies:

 
 
pitchatpalaceswag.png
 

I’d recommend anyone thinking of Pitch @ Palace to go for it. It is a great opportunity to meet some exciting people and showcase some of the UK’s most innovative companies.

Meet the Team - 2019

 
Twiglet supporting Wales to their first Rugby World Cup game win against Georgia @ Awen HQ

Twiglet supporting Wales to their first Rugby World Cup game win against Georgia @ Awen HQ

 

September at Awen Collective brings lots of excitement, with the rugby World Cup, the upcoming first BSides Cymru, and the addition of three new members to our tech team!

 
Our newest members of the Awen Tech Team - Seren, Jamie & Lara

Our newest members of the Awen Tech Team - Seren, Jamie & Lara

 

Seren and Jamie join us as graduate software developers from Cardiff University, where they both completed their Computer Science degrees this summer. Lara is joining us part-way through her Computer Science degree at Cardiff University, undertaking her placement year at Awen as an Analyst/Developer.

Lara is very outgoing and helps maintain the great atmosphere at Awen HQ. She is very passionate about being zero waste/plastic free and has already helped us to make changes to reduce our plastic waste. One of Lara's biggest achievements is cycling…

Lara is very outgoing and helps maintain the great atmosphere at Awen HQ. She is very passionate about being zero waste/plastic free and has already helped us to make changes to reduce our plastic waste. One of Lara's biggest achievements is cycling 900 miles from the south of France along the coast back to England! Lara is also a very keen gym goer - her aims for the next year include gaining an insight into the cyber security industry, and getting totally shredded 💪.

Jamie honed skills in Parallel Computing and Forensics during their time at Cardiff. When not working on our Dot software, Jamie has a passion for video games, branching into the development scene recently through Game Jam competitions 🕹️. Jamie al…

Jamie honed skills in Parallel Computing and Forensics during their time at Cardiff. When not working on our Dot software, Jamie has a passion for video games, branching into the development scene recently through Game Jam competitions 🕹️. Jamie also has a love of languages and is studying Korean and French in their spare time.

With her passion for cyber-security, and looking to gain new skills and diversify her knowledge, Seren was keen to join our unique small company culture at Awen Collective. Her motivation is to develop leading-edge technologies to benefit people, or…

With her passion for cyber-security, and looking to gain new skills and diversify her knowledge, Seren was keen to join our unique small company culture at Awen Collective. Her motivation is to develop leading-edge technologies to benefit people, organisations and customers to make their lives easier. Outside of work, Seren enjoys Zumba, travel, photography, walking in the Welsh hills and baking 🧁. The entire Awen team is highly supportive of Seren’s baking skills, especially when her brownies make it into Awen HQ for a tasting!

We were lucky enough during the summer to also have Volkan join Team Awen as our Business Development & Marketing Manager. His extensive background in growing revenues using his sales and marketing skills will certainly supercharge our future pl…

We were lucky enough during the summer to also have Volkan join Team Awen as our Business Development & Marketing Manager. His extensive background in growing revenues using his sales and marketing skills will certainly supercharge our future plans at Awen. In his spare time, Volkan is a keen photographer, and kindly took many of the photos you see on this page! 📷

 
 
Whilst the influx of some brilliant new faces at Awen is a great reason to celebrate - we must also offer our congratulations and thanks to Paige and Ollie. Both joined Awen in September 2018 and spent a fantastic year as Analyst/Developers for thei…

Whilst the influx of some brilliant new faces at Awen is a great reason to celebrate - we must also offer our congratulations and thanks to Paige and Ollie. Both joined Awen in September 2018 and spent a fantastic year as Analyst/Developers for their placement year as part of their Computer Science degree course at Cardiff University. We’d like to thank them for all their great work over the last year - their input has made a huge impact on the company and their legacy will continue as they return to complete their degrees. We wish them all the best with their academic endeavours. 🎓🍻

 
 
One final new face at Awen - our Employee Well-being Consultant Twiglet has an Apprentice of her own - Elsie! Elsie has settled into office life at Awen well (with only a few accidents along the way 😳💩) and is certainly excelling at her role of ma…

One final new face at Awen - our Employee Well-being Consultant Twiglet has an Apprentice of her own - Elsie! Elsie has settled into office life at Awen well (with only a few accidents along the way 😳💩) and is certainly excelling at her role of maximising happiness among Team Awen.

Do you like what you see here? We’re not currently hiring for any specific positions at Awen - but if you fancy a blog post all of your own (plus benefits including working with some amazing colleagues and two energetic Spaniels) drop us a line at careers@awencollective.com and let us know why you’d be the best new member of Team Awen!

 

Awen goes to the USA

 
 

As part of the prestigious Tech Nation Cyber programme (1st cohort), Awen took the opportunity to visit the USA in the week commencing the 2nd of September 2019.

Our CTO, Jules Farrow, attended the trip, with various others from the Tech Nation Cyber cohort. The trip included:

It was a great week, where we built new business connections and further explored the possibilities afforded by expansion into the Americas.

If you’re local to South Wales too and would like to learn more about our experience with Tech Nation Cyber and our learnings on the US market, we’ll be recounting some tales at the South Wales Cyber Cluster September Meeting on Tuesday 17th, come and join us!

 
 

Awen Collective: What's in a name?

iStock-653137006.jpg

We are often asked why we chose the name “Awen Collective” as our formal business name. It is quite unlike other cyber security software companies out there. So why “Awen Collective”?

 
AwenCollective-Logo-Green-Horiz.png
 

Awen Collective was founded and established in Wales. We wanted a Welsh word in the business name to reflect our founding. Awen is a Welsh (and Cornish and Breton) word, the most direct translation is “inspiration.” However, Awen is much more than that, it is a very old Celtic concept that can be translated as the flowing spirit which sustains life.

As Awen Collective was founded to improve the business and societal continuity (i.e. life) of advanced manufacturers and critical infrastructure providers in the event of disruption (e.g. cyber attacks), we felt that a word about life force in general reflects that quite well.

Other cyber security companies, especially software product companies in this space, have business names or product names which are authoritarian sounding, perhaps they could even be described as masculine. This is probably to try to enforce the nature of being reliable and disciplined, an assertive force hinting at protection.

Awen, on the other hand, is a much softer sound, it has a completely different feel reflecting a different set of attributes. It sounds as if it is willing to acknowledge vulnerabilities as being inevitable and is understanding enough to foster self-improvement, providing guidance on how best to make improvements.

Our primary corporate colour is a light green colour. This is related to the word Awen, in that the green colour symbolically represents “go,” “continue” and “good.” Traditionally it also represents life on Earth, through the primary colour of plants.

The “collective” word is because we acknowledge that all workers in the company are problem solvers. Collectively we solve large cyber security problems, and we do this through the development and offering of software. This word embodies our values and our internal business style. Although as we go forward we will be using less in public materials and eventually only in formal documentation.

There we have it, we have our reasons for choosing the name Awen Collective. We like the name, and it continues to represent who we are.

Event: Factory of the Future - Big Data and Automation

IMG_20190910_112014.jpg

Last Tuesday (10th September 2019) Awen attended the Factory of the Future (Big Data & Automation) event organised by ESTnet, supported by Barclays and hosted by the Newport Wafer Fab.

We heard from three keynote speakers:

  • Mike Lakoju [archive.org] from Cardiff University, who spoke about the Chatty Factories project which attempts to apply cutting-edge data science techniques for a variety of factory-floor applications.

  • Emily Bristow from BluePrism, who spoke about their software bot system RPA used to automate IT & business processes

  • Gareth Jones from the industrial automation division of Omron Electronics in the UK.

We also had a great tour around the wonderful Newport Wafer Fab.

We were invited by the organisers to come along to exhibit our software & services as part of a local showcase of solution providers within Factory of the Future / Industry 4.0 / Smart Factories. We spoke to delegates about our asset & vulnerability discovery for OT system Dot, our NIS Directive compliance system Profile, and the past-present-future of Awen Collective in general.

Awen develops software which provides practical solutions to cyber security problems in industrial environments, and we do so through local and global lenses. We will continue the dialogue with all partners involved in this event, and invite others reading this to contact us today to get involved in that dialogue.

IMG_20190910_122310.jpg

Life disrupted by cyber attacks

Cofounder & CEO of Awen Collective, Daniel Lewis, explains the motives behind Awen Collective.

One thing that I am often asked is “why did you set up the company?” and the answer really is multi-faceted:

First, Andrew and I found an opportunity in the market. Combined, we had been doing digital forensics on IT systems for years, but we had found that, more-and-more, we were being asked to perform investigations on embedded systems, IoT and on Operational Technologies (OT). Unlike IT forensic investigations, there needs to be an entirely different approach to digital forensics & incident response for industrial control systems, IoT networks and embedded systems. You can’t just repurpose IT software and IT digital forensics approaches. Awen Collective was really created in order to develop the tools and techniques to assist in the response to cyber attacks, and other incidents, on complex networks of digital devices. Andrew decided to take a different direction and provide services solutions, whereas I continued by building a team to primarily provide product solutions.

Secondly, it was the right time for me personally. I had worked in professional roles such as software engineering and data science. I had previously undertaken interesting business-focused things such as technology evangelism and tech events planning. I had been through academia with my PhD research at the intersection of artificial intelligence and cyber-physical security, and I had my researcher role in cyber-security and digital forensics. I was looking for something new, something where I could take the theory, match it with market need (or “market pull”) and actually develop market-ready software solutions using my own experiences in professional software engineering, business and academic cyber-security. This desire to provide production-quality solutions to market, was then accelerated by the UK Department for Digital, Culture, Media & Sport (DCMS) who gave me the initial inspirations and skills required to turn it into a growing business.

Thirdly, and definitely not finally, it was the acknowledgement that the software that we could (and are) building at Awen could really have an impact on society. Acknowledging that our software solutions, whether off-the-shelf or more bespoke, are all about improving the operational resilience of critical national infrastructures, advanced manufacturers and building automation & control system owners. This organisational resilience then improves supply chain resilience, and importantly improves societal/community resilience.

Taking the technical aspects out of the equation for a moment. As people - people in contemporary societies and communities - we rely on services. These services are critical to the day-to-day functioning of our societies and communities. Infrastructure such as drinking and waste water, electricity, oil & gas (both home/office supply, but also petrol & diesel), chemical production, transport (in the form of road, rail, air and marine), healthcare (regardless of public or private), financial services and so much more – also including food & drink manufacturing, agriculture, pharmaceuticals manufacturing. The list just goes on and on. These services are all in one big, and complex, interdependent network.

In the UK, you only have to look at the recent power-cuts through the electricity grid (on Friday 9th August 2019). Not only did homes and offices have no light or electricity - it caused transportation to come to a standstill, including on overground and underground trains in London. It also caused hospitals to set-up emergency back-up systems. All because two of the larger electricity generators (one gas powered, and one offshore wind powered) had faults at roughly the same time. One cannot imagine the full disruption that fault had to peoples lives and businesses, and then there is implicit and explicit economic damage too.

You see, in contemporary society, we rely heavily on these systems and services. Ensuring the organisations which own and manage these critical services and systems are doing their very best to understand their cyber risk, and are prepared for responding to cyber attacks or other digital incidents, is absolutely fundamental.

Awen was started to assist with the whole digital forensics and incident response lifecycle, and we feel that we are making a positive impact. Minimising the disruption to society, by improving operational resilience and business continuity, by producing software.

 Feel free to get in touch by email: hello@awencollective.com

Cyber Security for Aviation

British Airways (BA) has appeared in the news recently because data of around 500,000 customers has been stolen from their website and mobile app, and this has led to the Information Commissioner’s Office (ICO) in the UK handing them a potential fine of £183.4million (GBP) under the General Data Protection Regulation (GDPR). This is a fine of approximately 1.5% of their worldwide annual turnover, with the maximum fine being 4% of annual turnover (or around £18million, whichever is greater).

nis Directive WITHIN AVIATION

At the same time as GDPR came into force across the EU, The NIS Directive also came into force (somewhat drowned out by the GDPR noise, unsurprisingly). The NIS Directive requires organisations within Critical National Infrastructure, including transportation networks such as aviation, to embed a particular level of cyber security and incident response planning throughout the entire organisation from engineering operations and IT, through to board level.

In the UK, the National Cyber Security Centre (NCSC) which is the public-facing cyber security division of GCHQ, released the Cyber Assessment Framework (CAF) to address the minimal requirements critical national infrastructure must adhere to in order to be compliant enough for the regulation. It was the CAF that was the initial framework of our Profile software. Audits against the CAF are then checked by the regulators for the different sectors.

For the aviation sector in the UK, the NIS Directive regulation still applies, and the Civil Aviation Authority (CAA) is the organisation charged with ensuring that aviation organisations within the UK are complying with that regulation. They, however, are currently not using the NCSC CAF but are using their own framework entitled “CAP 1574: 26 security controls for regulation.”

It is with pleasure that we announce full support of CAP 1574 in the Profile product by Awen Collective, meaning that we make the whole process of helping aviation organisations within the UK comply with the NIS Directive, enabling them also to track their scores over time and assist them with making improvements.

Within the aviation sector, the regulation and the framework should apply to all organisations that own or operate: aircraft, airlines, airports, airspace management and aviation security. The NIS Directive also states that suppliers to these organisations should also have the same or greater levels of cyber security.

Building Automation and Control within Aviation

Aviation sector organisations have to consider the cyber security of their facilities, including their buildings - both private and public-facing, including airports. These buildings are increasingly being fitted with digital networks and internet-connected devices. These devices are often sensors but in some cases they are controllers and actuators (something that makes a physical change). Examples include Heating, Ventilation, Air Conditioning (HVAC); elevators, escalators and travelators; physical access systems (such as key cards or biometric scanners); bag checking systems; fire alarms and so on.

These systems generally come under the category of Building Automation & Control (BAC), and it is with pleasure that we announce that our product Dot supports protocols for BAC, including BACnet. With our software, organisations within the aviation sector will be able to perform automated asset and vulnerability discovery, leading to a greater understanding of risk and the mitigation of that risk. Dot will not only help to improve safety and security within an aviation organisation, but will also help to save money as budget can be correctly allocated to any security concerns before an incident happens. Dot will also help aviation organisations to achieve various components of the CAP 1574 and the Cyber Assessment Framework, in particular those compliance points related to Asset Management, Risk Management, Secure Configuration, Network Segregation, Security by Design, Vulnerability Monitoring and Knowledge Sharing.

Profile and Dot are available now to the aviation industry, contact us today to book a demonstration and to discuss next steps, by emailing hello@awencollective.com

This is the first in a series of a series of blog posts about the cyber security of Building Automation and Control (BAC) and Building Management Systems (BMS).