10 minute read
PROTECTING THE CROWN JEWELS
by cxoinsightme
LIMITED DATA INSIDE OT AND ICS ENVIRONMENTS ARE RESTRICTING USAGE OF TRADITIONAL CYBERSECURITY TECHNIQUES AND DRIVING A DETERMINISTIC APPROACH, EXPLAINS DANIELLE JABLANSKI, OT SECURITY STRATEGIST AT NOZOMI NETWORKS.
The current state of security for operational technology and industrial control systems is turning a corner. In today’s reallife scenarios, there has been an increase in related cyber incidents. In one week in May 2022, the Cybersecurity and Infrastructure Security Agency in the U.S. released 27 Industrial Control Systems Advisories.
Advertisement
The growing number of attack patterns has revealed three pitfalls in operational and industrial systems: • Companies are reacting to security incidents, rather than investing in reducing severity • Threat of sophisticated, nation-state level attacks, narrows focus to threat hunting at the expense of other indicators • Data science in theory is useful for security, but in practice does not solve challenges in operational and industrial systems
Industrial and operational technologies encompass a wide range of machines and configurations, pumps, compressors, valves, turbines, and similar equipment, interface computers and workstations, programmable logic controllers and diagnostics, safety, metering, and monitoring and control systems that enable or report the status of variables, processes, and operations.
A single programmable logic controller can be designed and produced by several different vendors, can be configured using different programming languages, and enable communications from hundreds of different protocols.
When simplified, any programmable logic controller from an average of 10 major vendors, utilising any of the top 5 most common programming languages, and one or more of the 12 most common communications protocols, has at least 600 possible operational configurations. This example demonstrates how quickly standardizing the technologies and products to establish their attack scenarios will become an enormous task.
We need to build a deterministic nature of purpose-built systems in operational technology and industrial control systems, customised for every and any operation. This approach ensures no two attacks on operational and control systems are ever the same.
This is the next step in building security systems for operational technology and industrial control systems environments. The purpose-built systems and subsystems need to be translated into purpose-built systems for security.
In security we continue to amass knowledge in the form of indicators of compromise. Unfortunately, attacks on operational and industrial systems do not provide the volume of telemetry data to adequately derive threat actor objectives helping to identify novel attacks ahead of time.
Indicators of compromise do not capture indicators for misconfigurations, malfunctions, or accidental changes that go undetected. These limitations are only captured by monitoring actual processes and operations.
Most of the security companies doing intrusion detection in this space focus on network traffic capture and security monitoring that evaluates and scans for known threat activity. There are limitations to this type of collection, rule application, and analysis for operational and industrial systems.
Since there are no cut and paste tactics, techniques, procedures from incidents in operational and industrial systems, the only way to secure operations is to include plausibility checks for systems in play.
Security is relative to functioning of the entire process or critical operation worth securing. Systemwide frameworks for understanding risk and threat scenarios are a must for this field. A systemwide framework examines the largest-scale dynamics, and the inherent systemic risk of the Internet. This approach is necessary to secure operational and industrial systems and explore the full range of potential intrusions, espionage, attacks, disruptions, and accidents.
The more efficient we become at asset intelligence, process variable detections and plausibility checks for real-world outcomes, the better we will be able to augment threat intelligence. It is more efficient to spend resources in building intuition and bolstering situational awareness, rather than incident response capabilities.
The next wave of building intuition into monitoring for operational and industrial systems security is behavioural analytics that cover communications traffic and process variables simultaneously.
With an, assume a breach has happened mentality, the focus for security products must be on reducing the severity of potential impacts, not on responding to worst case scenarios after they unfold. Building intuition into security for purposebuilt operations requires customising detections and prevention methods. That is the way forward.
DUBAI RANKS AMONG TOP GLOBAL HUBS FOR TALENT AND INNOVATION
THE DIGITAL REVOLUTION IS CREATING ENORMOUS OPPORTUNITIES FOR CITIES AND NATIONS TO UNLEASH NEW SOURCES OF INNOVATION-LED GROWTH. BCG IDENTIFIED BIG DATA AND ANALYTICS AS WELL AS ARTIFICIAL INTELLIGENCE AS THE HOTTEST FIELDS FOR RELOCATORS IN DUBAI.
Aspiring tech hubs must enact measures that both create traction quickly and that sustain growth and development in the future. The United Arab Emirates—96% of whose tech workforce is composed of immigrants— exemplifies the benefits of a well-planned, comprehensive strategy for developing a tech hub that deploys both short- and long-term levers. In a new report titled ‘Turning a Tech Hub into a Talent Magnet’, Boston Consulting Group (BCG) studied 11 tech hubs around the world that continue to thrive by attracting digital talent from beyond their borders. In particular, BCG analysed the strategies and mix of policies Dubai has deployed to attract talent has fostered strong client relationships across the region since 2019, and already has a proven track record in delivering game-changing businesses for leading public and private organisations. “Successful digital hubs need lots of digital talent—an increasingly scarce commodity. The global shortage of technology workers will reach 4.3 million by 2030. And that was before the onset of the COVID-19 pandemic, which heightened demand for digital services. Dubai recognized this appeal very early on in the game, attracting tech experts from every four corners of the world,” said Faisal Hamady, Managing Director and Partner, BCG.
“A major catalyser in talent attraction is Dubai’s ongoing visa offerings which are a first in the region and further grounded the hub as one of excellence. These include business visas, under which foreigners can obtain a long-term visa as part of the Golden Visa system but also remote work visas and their assigned virtual working program for start-ups and entrepreneurs wishing to reside in the UAE all the while working outside the UAE.”
According to the survey, Dubai stands out as a leader in three waves by combining short- and long-term levers. First, for many years it successfully attracted leading technology companies with an aggressive corporate tax rate incentive capped at zero. Smaller tech companies followed with UAE operations. Moreover, it boasts a UAE’s Golden Visa and a pathway to citizenship for international investors and top talent from around the world, providing them with visas for up to 10 years – next to a recent work visa scheme which enable employees from all over the world to work remotely from the UAE.
Second, it launched several initiatives to attract talent with the skills needed by industries targeted by the government, such as agriculture technology within the city’s 10-point action plan for Dubai Future District, a new space dedicated to the development of the future economy, as well as an AED 1 billion fund to support new economy companies who can power Dubai’s future growth.
Juergen Eckel, Managing Director and Partner, and regional Head of BCG Digital Ventures said “The report highlights that a feature of successful hubs is a range of policy tools. To win the digital talent challenge, policymakers need a clear vision of their hub’s current strengths, the key industrial sectors they aim to develop, and the type of workforce they need. And Dubai has done just that. Attracting digital talent requires insight into the factors that motivate skilled tech workers to move to new locations. Armed with this knowledge, policymakers can continue working with stakeholders in the local digital ecosystem to develop and execute strategies to build and nurture dynamic, resilient tech hubs that can spur innovation and economic growth for decades to come.”
“In addition to combining short- and long-term levers, we identified three other key lessons that those other cities and nations can learn from the leading tech hubs we studied. These include developing and executing a strategic plan, building on existing strengths, and leveraging anchor companies to build broader hubs. With the right mix of policies that leverage existing strengths and enhance their appeal to digital talent and leading tech companies, cities and nations can nurture dynamic tech hubs that will become vibrant centers of international business,” added, Rami Mourtada, Partner & Director, BCG.
To address ongoing inflationary pressures, the UAE now offers select startups office space with two years of free rent, providing health insurance for employees all the while making it easier for incoming talent to attain work visas. Among other initiatives, it established incubators such as Dubai’s Area 2071 and recruited venture capital firms from around the world to establish local offices as a testament to Dubai’s commitment to act as a sustainable global center of excellence.
THE NEED FOR OBSERVABILITY
MENA MIGALLY, REGIONAL VICE PRESIDENT, META, AT RIVERBED, ON HOW TO TURN COMPLEX DATA INTO ACTIONABLE INSIGHTS WITH UNIFIED OBSERVABILITY
In today’s digital world, a click is everything. From employees utilising productivity and collaboration tools, to customers engaging with businesses via mobile apps, digital experiences define the way we live and engage. And with the competition also just a click away, in this fiercely competitive digital world, these experiences must be flawless.
While digital channels have simplified engagements for customers and employees, they have saddled IT teams with new levels of complexity. Today’s environments are exponentially more complex, dynamic, distributed, and hybrid. The result? Despite their best efforts, IT teams find they have an insufficient understanding of how the network and applications are performing.
This is not for the lack of data either.
In fact, it is precisely the tremendous volume of data, generated by tools designed to help IT that actually makes their jobs more difficult. Without the ability to derive valuable insight from this deluge of data, IT teams find their effectiveness inhibited when asked to innovate, or address issues that arise – placing those ‘flawless digital experiences’ far out of reach.
Observability Presents the Answer
IT today permeates every aspect of the modern business with technology systems enabling collaboration, communication, customer experiences, forecasting and much more. As a result, organisations, and particularly the IT teams that actively contribute to driving business results, need greater insight and more context from the data they receive so they can do their job well in today’s constantly evolving environment. The solution? Observability, which represents the next phase in the evolution of monitoring and visibility.
Observability is the ability to measure the internal states of a system by examining its outputs. Observability gives IT the flexibility to dig into “unknown unknowns” on the fly. It enables access to actionable insights by correlating information across disparate tools and providing appropriate context around why things are happening. In doing so, observability ensures seamless business continuity, increases agility and productivity, improves service availability and reduces cost, and bridges silos across domain-specific IT teams.
It is important to note that observability is not a replacement for monitoring which has been key to keeping environments running. Rather ‘completes the story’ by augmenting this established practice to provide actionable insight that aids troubleshooting and resolution. Monitoring provides visibility, which is a prerequisite for observability.
While observability should bring together the benefits of monitoring, visibility, and automation, most observability tools available today have limitations. This is why it is not just observability, but unified observability that organisations need. And here are the key pillars of unified observability.
Full-Fidelity Telemetry
Full-fidelity data is captured across the entire IT ecosystem, from client devices, networks, and servers, to applications, cloud-native environments, and the users themselves. This complete picture enables IT to understand what is happening and what has happened while avoiding missing key events due to sampling. This, coupled with the analysis of actual user experiences, not just sample data, offers organisations a deeper level of insight that augments quantitative measures of user experience with qualitative measures of employee sentiment.
Intelligent Analytics
Applying Artificial Intelligent (AI), Machine Learning (ML), and proprietary data science techniques across disparate data streams, including third-party data, can help organisations better detect anomalies and changes. By doing so, it can surface the most important issues faster and with precision.
This is a significant difference from existing observability tools available today because organisations can better understand the impact and severity of issues from the start. This enables better prioritisation so they can focus their time and effort on the areas that matter the most.
Actionable Insights
By leveraging the powerful combination of AI and ML enabled automation, organisations gain context-rich, filtered, and fix-first insights, ready for IT action. These insights enable effective crossdomain collaboration because it offers a single source of truth, allowing for more efficient decision-making to accelerate mean time to resolution.
Time to Act and Observe
In the era of the always-online customer, failing to deliver exceptional digital experiences can prove disastrous for organisations. As new paradigms, workforce models, and customer preferences will continue to add to the demands placed on IT teams, complexity can become an ever more significant challenge.