Team Defence Information - Support Chain and Digital Seminar 2020 (SCDS20)

Modernisation and Digital Transformation are key to ensuring our military, and wider defence & security sectors, remain prepared and able to deliver effective, resilient, global operations well into the future. Cyber security is one of the key areas being hotly debated, and Operational Technology Cyber Security is also a major concern for these sectors.

Awen Collective will be virtually exhibiting at the Support Chain and Digital Seminar 2020 (SCDS20), an event jointly organised by Team Defence Information and UK MOD. The event will be held virtually across two days in September and will focus in on “Digital Support in Defence.'“

To find out more details on the TDI website - click here

To prepare for the event we have produced a blog post about the value of Dot to the defence & security sectors:

Dot for Defence & Security - What and How?

Dot is a software product which provides an in-depth understanding of the Operational Technology (OT) assets and their vulnerabilities, in a way that is automated but still safety and security critical.

Defence, like many other industrial sectors, want to see efficiencies in their automation systems. For this reason, they are investing in newer supervisory and data analysis systems (Industry 4.0) which connect existing Operational Technology (OT) networks with Information Technology (IT) networks and Industrial Internet of Things (IIoT) networks.

Defence and security have a whole range of different Operational Technologies in different places. From key card physical access systems, to weapons systems, to Heating Ventilation & Air Conditioning (HVAC), to control systems on planes and ships and much much more. Essentially anywhere which has (networks of) sensors and actuators with some control in the middle - that’s what is in scope!

Unfortunately, this opens up the OT network to increased threat of cyber attack. If disruption were to occur on OT systems, then operational continuity could slow down to a complete halt and the safety and security of the operators and engineers could be at risk.

• Dot focuses purely on reducing risk and increasing resilience before a cyber incident

• We take a forensic perspective, in that we gather as much detail as we can on assets and cyber vulnerabilities that we can, in order to give the best actionable intelligence to the user

• Dot has the flexibility for any industrial environment. It can be used on-premise or in the cloud, and it can be used either with live feeds of data, or with snapshots (packet captures - "pcaps") of archived network traffic

• Dot is engineering friendly with both unobtrusive passive scanning and safety-critical active scanning

Dot currently has support for Modbus, Siemens S7, DNP-3, Ethernet-IP and many more protocols and devices.

Awen is an award winning Welsh Cyber Security Software company focusing specifically on industrial systems (i.e. acronyms such as OT, ICS, SCADA, IIoT, BACS etc.). We develop everything ourselves in-house in Wales, and are a small but very innovative team who deeply understands the need for Security-by-Design. Our Dot software has been the subject of a MOD DSTL DASA project called Project Domino (2019-2020), and has been tested and extended specifically for the defence & security sectors.

Contact us today for further information.

Hello again all, it’s Steve, the Percy Hobart Fellowship member partnered with Awen. I promised in my last blog post that I would return to tell you how my adventure with Awen was going and here I am.

For the last week or so I have been working alongside Awen’s senior business solutions consultant James Sandrone, investigating different use cases for Dot and Profile, Awen’s two OT Resilience products, and how they can be applied across multiple industries. This has been a fascinating experience to date. 

I know I have been surprised at the breadth of industries both large and small that require Operational Technology (OT) to maintain their operations and the wide ranging nature of the cyber threats facing such equipment.

Fortunately a lot of work is being done to address these threats and help secure businesses and national infrastructure with the National Cyber Security Centre (NCSC) taking lead and offering a wealth of resources to read through to assess your requirements and what can be done to make an organisation safer.

Cyber companies such as Awen help put this advice into practice, in Awen’s case by utilising Profile to make navigating the cyber assessment framework (CAF) easier allowing your organisation to work through the framework to check that your processes are  compliant with national legislation, such as the NIS.

Whilst Dot takes a more detailed approach analysing your existing OT equipment and showing the vulnerabilities and therefore risks to the assets connected on the network, whether this is Industrial Control Systems (ICS), SCADA, Industrial IoT or Smart Buildings.

One of the biggest things I am noticing is the strength of community within the Cyber world, the realisation that not one product or company has all the pieces to the complex problems faced with Cyber Security and Cyber Resilience but by working together and being aware of the threats the world can be made safer a piece at a time. 

If you have any questions about Cyber resilience and what you can do to help, and to perhaps improve your own organisations resilience please do get in touch, one of the team here will be more than happy to help. 

Meanwhile I’m off to another meeting with James and hope to share some more of my findings with you another week. 

Hello, I am Seren Corbett, a software developer at Awen Collective. For this blog I thought I would tell you about my first year at Awen Collective, a wonderful Welsh startup.

First, let’s rewind a few years… In 2015 I began my BSc Computer Science degree at Cardiff University. As part of this degree I spent a year in industry at Citrix (a large company with an 8000-strong workforce) as a Software Engineer Intern. In this role I learnt a lot about the software development lifecycle in a large company and gained skills in Testing and User Interface development. From this internship, the main thing I learnt about myself was that I enjoy a challenge and trying new and different things. So when I returned to university, I began my search for a new adventure in my career. Then I came across Awen Collective - a cyber security startup. Working for this company seemed to be the perfect opportunity for me, for many reasons, including:

1. It’s cyber security, an area of technology I have always been interested in, and an area of technology it would be difficult to live without (read the previous blog to find out more). In fact, when leaving my sixth-form, I was asked what was my goal for the future, and I said that I wanted to work in cyber security. Little did I know that this goal would be achieved so soon.

2. It’s a startup company. This intrigued me being a very new and different environment to that of a large company like Citrix. A startup company can offer more varied opportunities and responsibilities than a larger company and your input equates to a greater contribution than it might at a larger company. At a startup you are a big cog in a small wheel, so to speak. This was the main reason I decided to join Awen Collective. I wanted to be able to try different responsibilities to learn new skills and improve my self-confidence, something that I have definitely been able to do this past year. Other benefits of a startup include the smaller team, a predominantly flat company structure and business transparency. This structure allows for easy communication across the team as well as better collaboration. This quality lends itself to our company values, Agility, Warmth, Equality and Next-level innovation. While continuing to be productive and innovative, as a smaller team we are very social and in general the startup atmosphere is informal compared to many larger companies. CEO Dan and CTO Jules are also very open about business discussions and decisions, this has meant that I have learnt a lot about how running a business works, another thing that I have always been interested in. Another perk of working at a startup is the mutual trust and flexibility, which creates a perfect work/life balance.

Awen Collective focuses on building software solutions to help Critical National Infrastructure companies, and other companies with operational technology (OT), protect their network from cyber threats. We currently have 2 products, Profile and DOT. Profile is cyber security compliance audit software that allows users to assess their cyber resilience against the NIS Directive. DOT is software that enables the discovery of OT assets and vulnerabilities on the network.

During the first half of the year I was working on Profile, building new features and automated tests ready for the release of Profile v1.2. While these were my main activities, I collaborated with my team in many areas of the software development lifecycle from user interface design, through front and back end development, testing and release. I have also had the opportunity to learn and use cloud services, something which in the not too distant future I hope to gain a certification in. More recently, I have been working on project DOMINO for the MOD, extending the development of DOT. Releasing Profile v1.2 and joining this project coincided with the Covid-19 pandemic being declared, so I had to adapt to working from home. These circumstances also meant that I became the primary developer on this project, an interesting challenge but definitely not an insurmountable one! I didn’t have much experience with the code at this point but a good tip for new projects is to play around with the code to discover how it works. That is what I have done these last few months to develop DOT to fit to project requirements and it has been a fun learning experience. The skills I have learnt due to our unforeseen lockdown, have improved my work ethic all round. I am more productive, due to the reduction in my commute, and my problem solving skills and organisation have improved along with my independence and confidence. I also think that Awen has adapted brilliantly, with an instant form of communication and regular check-ins with members of staff not just to check how work is going but also to check how we are doing in such strange circumstances.

What have enjoyed the most about my first year at Awen Collective?

Firstly, the team is great, being a small company, the team is like a second family.  We get on very well with each other and new members quickly settle in. When we are in the office, we always get lunch together and if the weather is nice (a rare Welsh treat), we go walking in the Caerphilly hills with our canine colleagues Twiglet and Elsie.

Secondly, there is always a new challenge, something to do or something new to learn. The work tasks at Awen are tailored to each individual’s strengths within the project brief and there are always opportunities to learn or try out something new. Throughout the year, alongside the software development I have done, I have also had other opportunities and responsibilities to take on. These include writing this blog, delivering product demos, solving customer issues, attending various conferences, including BSides Cymru and Black Hat Europe in London and attending Cyber Wales Capture-The-Flag cluster meetings, to name a few. I have enjoyed them thoroughly and the opportunities have continued to arise. In September I will be starting a leadership course to improve my leadership skills and increase my self-confidence. An opportunity I am very excited for, and one where I will gain a qualification to add to my CV. 

Working for Awen Collective has been a brilliant experience so far and I look forward to seeing what the future holds as my journey here continues.

The following post is by Awen CEO & Cofounder, Daniel Lewis.

Every single one of us uses energy, and that might be electricity, gas, oil/petrol. It might be from renewable sources, or could be from fossil fuels. You might be entirely reliant on a grid system, or you might be self-sufficient and use solar water heaters and photovoltaic solar panels for electricity.

Every single one of us uses water, and that might be provided from a service network of community pipes, or you might have rainwater collection and filtration systems.

Every single one of us uses transportation, for work or for living or for holidays. We have road networks with traffic lights and street lights, we have rail networks, we have airports and airlines. We also have logistics and delivery companies which use these transportation networks to deliver produce to us, and to the shops and businesses on which we rely on a day-to-day basis.

We have satellites providing us with communication and satnav capabilities. We have the police, military, pharmaceutical services and chemical production services - which form crucial parts of our life, directly or indirectly.

A disruption to any of these services could have huge consequences on our day-to-day lives, our businesses and our economy.

At Awen, we work with the organisations which provide these services, to make sure that they are reducing any risk of disruption which could be caused by cyber attacks.

Cyber attacks aren't just about stealing private data, performing fraud, or creating nuisance viruses on your home computer. Hackers have the potential, and they actually have around the world, to cause significant disruption to the devices which control the operations of our energy, water, transport and manufacturing systems leading not only to huge costs to the organisations that run these systems, but significant disruption to society.

Such a disruption could bring the economy to a standstill, or it could even cause health and safety issues (for example, if it were to hit a hospital).

I am writing this not to cause fear, but to honestly state that this is exactly why we exist. Awen exists to reduce the cyber threat to these organisations, this is the reason why we do what we do. This is why we are passionate about it. We do it so that not everyone has to worry about the threat. We do this to make society safer, globally.