When it comes to software - is it Location, Location, Location?

#AwenAsks

We will be releasing 5 pairs of questions on LinkedIn about a whole variety of things including cyber security, software, industry 4.0 and much more. We are tagging it with #AwenAsks, or you can view the questions directly via our Awen Collective LinkedIn company page. This post talks about the 2nd pair of questions.

2nd Pair of #AwenAsks Questions - Geopolitical Cyber Security

The second pair of #AwenAsks questions was:

  1. Does the geographic origin of software matter to you?

  2. How much do you think politics plays a role in cyber security?

The purpose of asking these two questions was to begin an open discussion on the geopolitics of cyber security.

Quite often geopolitics plays a role in offensive cyber security - for example, we quite often hear about “state-sponsored cyber attacks.”

However, geopolitics also plays a role in understanding defensive cyber security - for example, it’s important to national security to understand exactly where data is flowing to and from, and what other nations could have access to sensitive information and networks. One example is the debate over whether certain technology providers should be providing technology for building public 5G connectivity, as the worry is that other nations could then use that technology as a medium for spying or perhaps even to cause damage.

Both questions received significantly more attention than our first pair of questions, and we suspect that this is because everyone has an opinion when it comes to politics!

What were the results?

Does the geographic origin of software matter to you?

76% said “Yes” 

5% said “No”

19% said “Maybe”

0% said “I don’t know”

We also had some comments such as one from Ryan who says “Absolutely it does - geographic location determines the regulatory environment in which the company resides, the risk of hostile government snooping, etc.”

Nicola Lumb from Prosys Computing also shares the sentiment: “From a business perspective it impacts the decision. If I was reviewing similar options and one was from the UK, Wales or even better, local, then that would be preferred, particularly when it comes to time differences and accessing support.”

We also had a comment directly to us, who wishes to remain anonymous - “I honestly lately have become suspicious of some software depending on its country of origin, in particular China and Russia. It seems that these countries’ software gets considerably more attention in the media when it comes to cybersecurity (and privacy in general). TikTok is an example that comes to mind.”

However, one recent comment was sent to us which said that many organisations already use software from nations which we (at least) suspect engage in state-sponsored cyber attacks, and so it may not be an issue when considering purchasing other technologies from that same nation.

How much do you think politics plays a role in cyber security?

76% said “Significantly”

18% said “A little”

0% said “None”

6% said “Don’t know / Maybe”

That’s quite a significant lean towards people believing that politics plays a role in cyber security.

We can tell you that these were actually different people that answered (i.e. it wasn’t the same 76% that answered “yes” in question 1 that answered “significantly” in question 2).

We certainly know that politics influences cyber security. Here in the UK the UK Government shaped the National Cyber Security Strategy of 2016-2021, and there is a new strategy in development for release in 2021. This strategy is politically driven, led by the political party in charge, although understandably shaped by:

  • Political cross-party interest/working groups

  • Public sector experience, such as from the MOD, GCHQ, DCMS and BEIS.

  • Private sector experience, largely through influencers such as the techUK and ADS trade associations.

Politics also makes a decision in large scale infrastructure projects, such as the on-again-off-again relationship that many western governments have with Huawei and its connection with China.

We also have regulation in place, in the UK and EU we have regulations such as GDPR and the NIS Directive, which are incredibly important for the privacy, safety and security of our communities but are ultimately driven by political decisions.

Our second question can also be flipped on its head - does cyber security play a role in the shape of politics? While the UK government has focused on securing and defending our networks and data with the GDPR and NIS regulations, it was recently confirmed that the UK has also invested in a new organisation, the National Cyber Force, whose purpose is to "counter threats from terrorists, criminals and hostile states" [quote from a BBC news article] through offensive cyber operations. The fact that this organisation has been made public shows that the UK believes that cyber security or lack of, poses a serious threat to the country. 

From a slightly different angle, it is known that states and malicious organisations have used technology and social media platforms to interfere with election or referendum results, or spread misinformation on the platforms, which is becoming a growing problem in politics. This is a very effective and divisive tactic used to divide a country politically. It uses a concept called the "filter bubble" [from The Filter Bubble: What The Internet Is Hiding From You - Eli Pariser 2011]. This is the concept that social media algorithms turn user interactions from posts into recommendations for other similar posts. And the more the user interacts with similar posts the more similar posts they see. That is why it is possible to reinforce misinformation, so that people believe it is fact. For example, recently with news that Coronavirus vaccines have been successful in trials and are now being rolled out, anti-vaccination misinformation has been seen spreading across social media. This has also been used to spread misinformation about political candidates in elections. 

These events demonstrate that cyber security and politics are interdependent, meaning that they can affect each other, politics plays a role in cyber security and vice versa. This is why it is extremely important to strengthen cyber security and privacy mechanisms.

Clarification & Summary

We should clarify that as a business, as Awen Collective, we do our best to take a neutral position, and leave it up to the authorities in various parts of government to discover exactly what is going on in the international geopolitical sphere. Public opinion seems to strongly indicate that geopolitics does play a role in cyber security, and the decisions that organisations make when purchasing software (whether that is knowingly or unknowingly).

At Awen Collective we made the decision very early on to be understanding over geopolitical sensitivities. We decided to create our software ourselves (rather than outsource it), and so we understand what every line of code does. This provides us with a very in-depth understanding on the security of our own software from a “white-box” perspective, and this should help us to build a good trust relationship with our partners and clients. Our development team live and work in the United Kingdom, and our prime office is in Wales. 

We do not only see ourselves as investing in local, but we position ourselves as being globally relevant. We participate in programmes which are Wales focused, UK focused, Europe focused and International focused. Plus, we give flexibility to our partners and clients to use our software in a geopolitically sensitive manner - if you want to run Profile or Dot in a region such as the EU or ASEAN then that is fine, if you want to have a version in running on a server in your country then we can arrange that too, if you want to lock a version down on a hardened system on-premise then we can work with you on that too.

If this sounds interesting to you, and would like to continue the conversation please do feel free to contact us.

This blog post was assembled by Awen Team Members: Daniel Lewis, Seren Corbett and James Sandrone.

Purpose-built OT Software Trumps Repurposed IT Software

#AwenAsks

For the next 5 weeks, we will be releasing questions on LinkedIn about a whole variety of things including cyber security, software, industry 4.0 and much more. We are tagging it with #AwenAsks, or you can view the questions directly via our Awen Collective LinkedIn company page.

Week Commencing 16th November 2020

In the week commencing the 16th of November 2020 we asked two questions on LinkedIn:

  1. Would you be comfortable using repurposed IT tools on your OT / ICS / SCADA / IIoT system?

  2. Do people in engineering departments think differently to those in IT departments?

The purpose of asking these two questions was to understand more about how software in both IT and OT worlds are treated.

These were our first two LinkedIn polls, so we were not expecting to receive a large number of responses. Question 1 of this week received 10 votes within 1 week. Question 2 received 11 votes within 1 week. The questions for the following week have already been released, and have received more votes than our first week.

What were the results?

Question 1

repurposed_it_question.png

With a 0% for yes, and a 50% as no, this indicates to us that people (at least those who we are well connected with) recognise that there are differences between Information Technology (IT) and Operational Technology (OT). As such, our requirements for software which interacts with these systems should be treated differently.

The 40% who voted “Maybe” and 10% that voted “I don’t know” most likely either have particular scenarios in mind (e.g. there may be particular OT devices which are directly controlled by IT software), or are unfamiliar with the differences between IT and OT.

Question 2

engineering_thinking_question.png

The result for “do people in engineering departments think differently to those in IT departments” - posed more as a process-thinking, rather than a belief-thinking question, shows a resounding yes response at 82%. Within this small sample, people do believe that engineers think differently from a process perspective to IT staff.

This most likely hints towards user experience (and also data dashboard) requirements of IT software and software that handles OT, are very much different. The approach to these members of staff should also be different.

Summary and Why are we interested?

In summary it seems that for Operational Technologies (OT), software developed specifically for OT trumps repurposed IT software. This software should not only be built from the ground up for OT, but should be tailored to the specific needs of engineering.

When we started Awen Collective in 2017, we discovered anecdotal evidence of this, and it shaped the way that we developed our software products Profile and Dot. We therefore strongly believe that purpose-built OT software trumps repurposed IT software.

However, while we believe that OT should have OT-specific tools, there is a place for IT involvement in the OT (especially in OT cyber security). The IT world has a lot more experience with, and mature products for, cyber security. So, at Awen we like to speak to people from across an industrial business - OT, IT, Cyber, Risk and the executives - just so that we can get a deeper understanding in how we can best support now and in the future.

If this sounds interesting, then please do feel free to contact us.

Questions released during week of 23rd November 2020

The results were analysed by Daniel Lewis, CEO & Cofounder of Awen Collective.

,

Dot Demo Event - 15th October 2020 - Post-event write-up

,

On Thursday the 15th October 2020, Awen Collective officially launched Dot in the UK.

Dot is an asset and vulnerability discovery software system which reduces cyber risk and increases cyber resiliency of Operational Technologies (those technologies which control our energy, water, transportation and manufacturing systems). For more information about Dot please visit our page on Dot, and/or contact us today.

The event also marked the end of a 12 month project (called Project DOMINO) with the UK Ministry of Defence, which saw the Dot product accelerated into use cases for the defence and security sectors. Dot is a commercial product developed by Awen Collective, a Welsh Cyber Security Software company. For more information about how our work applies to the defence sector please visit our page on the defence sector, and/or contact us today.

Project DOMINO was funded by the Defence and Security Accelerator (DASA) of MOD DSTL. Awen Collective was the lead partner on the project, with BAR Associates assisting. We released a press release about Project DOMINO at the end of 2019.

The demonstration event was hosted by Awen Collective, in collaboration with BAR Associates, Thales Cyber & Consulting and the National Digital Exploitation Centre (NDEC).

We had over 70 attendees from a range of organisations: the UK Ministry of Defence, other parts of UK Government, a few British industrial sector regulators, energy companies, water companies, defence sector companies, water sector companies, and other Friends of Awen.

Awen Collective joins technology trade association techUK

 
 

We are very pleased to announce that Awen has joined techUK, the UK’s leading technology membership organisation.

Currently over 850 companies are members of techUK, from all across the UK. techUK works collaboratively with the public and private sectors, providing guidance and insight for members about preparing for the future, anticipating change, and realising technology potential in a fast-paced world. techUK is an organisation descended from the British Radio and Valve Manufacturers Association (BVA), and was previously known as the Intellect Trade Association.

Awen Collective became a techUK member in October 2020 with a view to participate in particular interest groups, including the Cyber Security Group and the Smart Infrastructure Group (aka “SmarterUK”), as well as taking advantage of opportunities to help shape the future landscape of Industrial Cyber Security policy for the sake of communities across the UK, Europe and Internationally.

Team Awen is very much looking forward to engaging with the various programmes, initiatives, campaigns at - and members in - techUK and its subgroups.

If you would like to partner with Awen Collective, or if you would like to know more about how we do business in the UK, Europe or Internationally then please do contact us.

Awen Collective software now available on G-Cloud 12 Framework

g-cloud-logo.png

We are very pleased to announce that we have been chosen as a Supplier on the G-Cloud Framework 12 of the UK Government Crown Commercial Service (CCS).

Specifically, our Profile software is available as an approved as Cloud Software on G-Cloud 12. Profile helps critical national infrastructure organisations and their suppliers to adhere to the NIS Directive by giving the opportunity to efficiently & collaboratively work through the Cyber Assessment Framework (CAF) as recommended by UK National Cyber Security Software (NCSC), and supported by the sector regulators.

Profile is made for use in a wide variety of sectors, including: government, energy (electricity, oil & gas, nuclear), water (drinking water, waste water) , transportation & logistics (road, rail, aviation, maritime), healthcare and many more.

Profile can be used organisations firmly in these sectors, or they can be used by service providers who service these organisations. These services providers could be as managed security service providers (MSSPs), professional services companies, IT & cyber security consultancies and many more. Most importantly this also includes the regulators.

Awen Collective is also on another UK Government Crown Commercial Service framework called the Digital Outcomes and Specialists 4 (DOS4), which is targeted more at general service provision on a project-by-project basis.

If any of this is interesting, then please do contact us today. We are happy to talk it through, and tell you honestly what we can and cannot do, and see if we can work together in order to make society safer through increasing our cyber resilience.

Awen Collective is 3!

processed_tatiana-rodriguez-1CtFjHY6O6c-unsplash.jpg

Today, 25th September 2020, Awen Collective celebrates it’s 3rd birthday as an official limited by shares company registered at the Companies House of Wales & England.

CEO & Cofounder Daniel Lewis registered the company this time in 2017. What an amazing three years these have been: developing two software products, gaining our first customers and revenue, raising investment rounds, travelling around Europe telling people about Awen. We have evolved from one person working on Awen full time (Daniel) into an amazing team of innovative, caring and hard working people who not just work for Awen, but who are Awen.

2020, as for everyone, has been challenging for Awen. The UK wide lockdown meant the team were not able to physically meet. When the tech team managed to meet at the office at the end of August 2020 and early September for a few weeks, a new set of local lockdowns begun. We are, however, in a privileged position being at the intersection of software and cyber security, where working from home is not as huge a challenge as in other sectors. Even from a marketing and sales perspective we have been fortunate to gain traction during the COVID-19 pandemic, powered by some good energy and empathy!

The future for Awen looks good. The next year will see the real beginnings of our international expansion, plans are afoot - plans which are, in part, supported by schemes such as the UK DIT Tech Exports Academy. We have some partnerships which we hope will be able to be made public in the next few months, and new clients in the pipeline. The team will continue to grow, and we will continue to be the values-driven and mission-focused industrial cyber security business that we always have been - and which will continue to evolve into the great business that we are destined to be.

We would like to thank the many people who have helped us along the way. There are too many to mention, but a particular shout out to the help given by: Our investors, KTN/DCMS prior to starting the company in 2017, The Accelerator Network in 2018 for IoTAWales & Cyber101, Tech Nation in 2019 for Cyber 1.0, Google in 2020 for the UK Immersion Programme, Cardiff Eagle Labs and Welsh ICE, MOD for our DASA project, BAR Associates (and Robin in particular) and all the individual people who have given support along the way!

Here is to a successful next few years!

Our Radical Approach to Marketing & Sales : CISOs are tired

This article is by Awen Founder & CEO Daniel Lewis.

CISOs are fatigued, annoyed and irritated by marketing and sales approaches used by cyber security companies. They’re genuinely tired of it… even more so in the industrial sector, where there are a lot of bold claims made by some industrial cyber security software companies which can stretch the truth a little too much.

We know the truth because we’ve been investigating industrial cyber security before we even considered starting a commercial company.

The truth is that all CISOs in Industrial sectors know that Operational Technology (OT) / Industrial Control Systems (ICS) / SCADA / Industrial Internet of Things (IIoT) are full of potential cyber security vulnerabilities, especially the closer they get to an IT network. The truth is that no single cyber security product is going to solve it all.

The truth is that this is going to take time to become more secure, and it’s going to take software and techniques built from the ground-up, and not software repurposed from IT security.

The truth is that this requires an approach which is not forced upon engineers by people trained in IT or general cyber security, but an approach which is wholeheartedly applicable to engineers and the specific industrial sectors.

The truth is that there is a lot of legacy equipment, and that legacy equipment isn’t going anywhere for a while, despite the desire to work towards Industry 4.0 - “if it works, and it’s enabling the operation of the service, then why change it?”

The truth is that these industrial companies quite often don’t have the budget to make significant changes which would support some of these industrial cyber security software products, particularly within critical infrastructure sectors which have a non-profit ethos. The truth is that these cyber security software products are sometimes looking too far into the future.

Every business, even Awen, has to do marketing and sales in order to survive. But we’ve decided to take a different approach, one of radical truth. This Radical Approach to Marketing & Sales (RAMS) means that we might tell you that we can’t do something yet, and this will be the truth, and our hope is that you will understand this and we, together, use this truth as a basis for further mutually beneficial collaboration. For example, coupled with our agile and empathetic approach to software development, we would certainly take a new feature request on board and even develop it rapidly specifically for you. We will also tell you the truth about the other products on the market, what they cannot do well and what they do well. We want to work with you on industrial cyber security, and not force you into a specific way of working. As a business; Awen is flexible — and as a product; Dot has the flexibility to be deployed based on the way that you work - not a set of requirements dictated by us.

If you’re in an industrial company and are looking for cyber solutions, then contact us today- we’re not going to hard-sell you, or stretch the truth.

CyberSec Expo 2020

CyberSecExpoLogo.png

In response to the Covid 19 pandemic CyberSec 2020 has gone virtual! 

So at the end of September Awen Collective will be virtually heading off to virtual Poland to present (virtually) on the CyberSec Expo Stage. DIT (UK Department for International Trade) is hosting one of the stage sessions where 12 British Companies will be part of the UK Pavilion and Presentation panel. 

Awen’s presentation is scheduled for 11:20am GMT+2 (so that will be 10:20 BST) on the 28th September, and there will be an opportunity for discussion through a virtual room hosted by DIT and the British Embassy in Warsaw. Click here for the agenda for the event.

Awen is really looking forward to this event and the opportunity to virtually meet the movers and shakers in Cyber Security from around Europe and the whole globe. 

Registration for the event is free, click here [archive.org]. Hope to see you there.