ISSN 2516-0087 (Print) ISSN 2516-0095 (Online)
Critical Infrastructure Protection Review Autumn 2018
CONFRONTING CHALLENGES POSED BY THE CHANGING NATURE OF THE SECURITY ENVIRONMENT HUMAN BEHAVIOUR AND DIGITAL TRUST:
HOW UNEXPECTED REWARDS CAN IMPROVE CYBERSECURITY, PROTECT CRITICAL INFRASTRUCTURE AND REDUCE COSTS
PROTECTIVE SOLUTIONS AGAINST RAMMING ACTS OF TERRORISM COGNITIVE BIASES IN INFORMATION SECURITY CAUSES, EXAMPLES AND MITIGATION QUANTUM COMPUTERS: CYBER SECURITY THREATS FOR CRITICAL INFRASTRUCTURE PROTECTING INDIAN RAILWAYS - THE NATION’S LIFELINE RISE - RESILIENCE INNOVATIONS SUMMIT AND EXCHANGE
2018
OLYMPIA LONDON, 28 – 29 NOVEMBER 2018
EVOLVING SECURITY THROUGH INNOVATION
350+
1,000+
200+
Exhibitors
Product Launches
FREE Educational Sessions
Free conferences & workshops Topics include: Protecting Crowded Places Major Events & Stadium Security Hotel and Retail Security Designing Out Terrorism Facilities Management and Security
NEW for 2018
Back by popular demand
Cyber, IT and Data Security Crisis Response & Business Continuity Critical National Infrastructure Security Transport & Border Security
Protecting Urban Spaces Immersive Demonstrator LPCB Physical Attack Live Testing Zone Drone Fly Zone ft Counter-IED UK Pavilion Co-located International Disaster Response Expo
INTERNATIONAL SECURITY EXPO
Hear from cities blighted by recent terrorist attacks
register online today for FREE and save £99 on the day: www.internationalsecurityexpo.com
EDITORIAL CONTRIBUTORS
Critical Infrastructure Protection Review Published by Delta Business Media Limited 3rd floor, 207 Regent Street London, W1B 3HH United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.criticalinfrastructureprotectionreview.com
ISSN 2516-0087 (Print) ISSN ISSN 2516-0095 (Online)
UPCOMING EVENTS
The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the publisher. While every care has been taken in the preparation of this edition, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š2018. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. criticalinfrastructureprotectionreview.com
3
CONTENTS
CONTENTS
IFC INTERNATIONAL SECURITY EXPO - ISE 2018 5
SECURITY AND COUNTER TERROR EXPO - SCTX 2019
7
EGYPT DEFENCE EXPO - EDEX 2018
8
2nd COUNTER UAS USA 2019
9 FOREWORD
By Martin Underwood
11 CWC DIGITAL OIL & GAS PARTNERSHIPS SUMMIT 12 CYBER INTELLIGENCE ASIA 2019 13 CONFRONTING CHALLENGES POSED BY THE CHANGING NATURE OF THE SECURITY ENVIRONMENT
By Matti Saarelainen, Director, the European Centre of Excellence for Countering Hybrid Threats
18 BEHAVIOURAL ANALYSIS 2019 19 HUMAN BEHAVIOUR AND DIGITAL TRUST: HOW UNEXPECTED REWARDS CAN IMPROVE CYBERSECURITY, PROTECT CRITICAL INFRASTRUCTURE AND REDUCE COSTS
By Chris A. Jones, George Runger and Jack Caravelli
25 CYBER SECURITY REVIEW 26 DELTA BUSINESS MEDIA 4
Critical Infrastructure Protection Review - Autumn 2018
www.sctx.co.uk
CNI PROTECTION
SCT
CYBER SECURITY POLICING AND COUNTER TERRORISM
SECURITY & COUNTER
MAJOR EVENTS AND CROWDED PLACES
TERROR EXPO
BORDER SECURITY
5-6 March 2019 Olympia, London
SERVICES
@SCTX19 sctx.co.uk/linkedin
OFFENDER MANAGEMENT
THE UK’S LEADING NATIONAL SECURITY EVENT Meet face to face with over 10,000 security professionals
200+ Free-to-attend seminar sessions
350+ Exhibitors - Explore the latest products and solutions
Benchmark strategies with the security experts from over 100 countries
VISIT SCTX.CO.UK TO REGISTER FOR THE SHOW Part of UK Security Week
WORLD COUNTER TERROR CONGRESS
Ambition THE EPRR EXPO
Organised by
FORENSICS EUROPE EXPO
CONTENTS
27 PROTECTIVE SOLUTIONS AGAINST RAMMING ACTS OF TERRORISM
By Zsuzsanna Balogh, PhD, Hungarian Ministry of Defense
36 3rd NEXT GENERATION CYBER SECURITY FOR UTILITIES 2019 37 COGNITIVE BIASES IN INFORMATION SECURITY CAUSES, EXAMPLES AND MITIGATION
By Veselin Monev, information security and compliance practitioner
44 ENFORCE TAC 2019 45 QUANTUM COMPUTERS: CYBER SECURITY THREATS FOR CRITICAL INFRASTRUCTURE
By Roderick Hodgson, Director Secure Chorus
50 PUBLIC SAFETY INDONESIA 2019 51 PROTECTING INDIAN RAILWAYS - THE NATION’S LIFELINE
By Colonel H R Naidu Gade - Indian Army Veteran
59 INTERNATIONAL DEFENCE INDUSTRY FAIR – IDEF 2019 60 DEFENCE & SECURITY 2019 61 RISE - RESILIENCE INNOVATIONS SUMMIT AND EXCHANGE
By Michael W. Lowder, Michael W. Lowder & Global Associates, LLC
65 COUNTER-IED REPORT IBC BAHRAIN’s PREMIER INTERNATIONAL TRI-SERVICE DEFENCE SHOW – BIDEC 2019 6
Critical Infrastructure Protection Review - Autumn 2018
HELD UNDER THE PATRONAGE OF HIS EXCELLENCY, PRESIDENT ABDEL FATTAH EL-SISI THE PRESIDENT OF THE ARAB REPUBLIC OF EGYPT, THE SUPREME COMMANDER OF THE EGYPTIAN ARMED FORCES
3-5 DECEMBER 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE
JOIN EGYPT’S FIRST TRI-SERVICE DEFENCE EXHIBITION IN 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE 3-5 DECEMBER 2018 300+
EXHIBITORS
10,000+ VISITORS
@egyptdefenceexpo
FULLY-HOSTED VIP
DELEGATION PROGRAMME /egyptdefenceexpo
www.egyptdefenceexpo.com Platinum Sponsors
sales@egyptdefenceexpo.com
Gold Sponsors
VIP Lunch Sponsor
Official Carrier
Bronze Sponsors
Silver Sponsors
Supported by
Ministry of Defence
@visitedex
Media Partner
Egyptian Armed Forces
Ministry of Military Production
Organised by
March 12-14, 2019 Washington, D.C.
DETECT IDENTIFY DEFEAT Expert presentation from the military, government, law enforcement, and international military & government. COUNTERUAS.IQPC.COM
FOREWORD
FOREWORD By Martin Underwood
E
xactly what constitutes Critical Infrastructure may vary from nation to nation, but the common aspects would be the major impact upon essential services, national security or the functioning of the state resulting from any disruption to it. The threats to critical infrastructure that are the most obvious are those that may be instigated by malicious acts, whether by criminals, terrorist and insurgent groups of malign state actors, but natural disasters must not be ignored. The devastation caused recently by sweeping forest fires in California, floods in major Italian cities and the earthquake and tsunami in Indonesia show that nature can be every bit as damaging as deliberate attacks on infrastructure. The massive leap in communications and information technology in the past quarter century or so has made delivery of systems and services greatly more efficient and effective, but has also exposed the critical infrastructure to cyber-attack. Targeting of critical information systems becomes more common year on year and the challenge to defend our systems and infrastructure more complex. We see in Roderick Hodgson’s fascinating analysis of the growth of quantum computing, how this exciting technological enhancement may further revolutionise our lives, but
holders of private data need to follow to ensure that they provide the best protection. This not to say that the bureaucratic measures are unnecessary, but simply to highlight additional costs to business at all levels. This theme of “Human Behaviour and Digital Trust” is explored in detail by Chris Jones, George Runger and Jack Caravelli, where they explain how trust in digital systems can be lost in an instant, but takes months or years to regain. Digital trust refers to the interconnection of people, data and networks and their article looks at how breaches of this trust can be rapidly identified, quantified and corrected. A key element to this being the importance of having the right people at critical points of the system – including anyone who enters data into the system – and how to motivate security aware behaviours. Related themes are addressed by Veselin Monev in his analysis of how human factors are crucial to addressing information security, including the need to finds ways to overcome natural cognitive biases. One of the themes common to most of the articles in this edition is planning. The further ahead that we can address security provisions within critical infrastructure and design the infrastructure and its associated systems the more likely we will be able to
at the potential cost that its use for criminal purposes will be harder to protect against. A loss of public confidence in the data security provided by banks and social media companies, among others, takes time to rebuild and has a knockon effect on the type and quality of data that we are prepared to share – and in the bureaucracy that all
achieve protection. Michael Lowder’s report on the Resilience Innovations Summit and Exchange in the transportation infrastructure sector neatly summarises this with the line “To be effective resilience must be ‘built-in not bolt-on’.” His report emphasises the value of traditional table-top exercises to resilience planning, bringing together transport regulators, providers
criticalinfrastructureprotectionreview.com
9
FOREWORD
and users to reflect upon the interconnectivity of transportation infrastructure and systems and to develop resilience in them. Although it is often easy to focus on the cyberthreat to our data systems, the threat to physical infrastructure could be just as devastating, if not more so. The vastness and complexity of the Indian Railway system is described in a wonderfully descriptive article by Colonel HR Naidu Gade. The miles and miles of track, some 145,000 bridges, tunnels and signalling systems that comprise “The Nations Lifeline” are vulnerable not only to the massive failure of control and ticketing systems, but to physical attack in a country with a complex ethnic and religious makeup that sadly some minorities want to destabilise. Of course, the threats to the railways in India are equally valid from natural threats. The investment by the Government of India to replace and upgrade the network in the coming years will improve resilience and emphasises the planning element to this task. Reading Colonel Gade’s article took this writer back to happy times travelling on the Indian Rail network some years ago! In Europe, Australia and the United States the use of vehicles as weapons to attack city centres and other places where crowds accumulate to enjoy leisure time, or to go about their daily business has been a sad phenomena in recent years. LTC Zsuzsanna Balogh notes that this attack strategy is nothing new, as similar methods were used in the Assyrian War as long ago as 750 BC – it is just the technology that changes. Physical protection can reduce the impact of ramming attacks, but this is much more effective when introduced at the planning stage in city centre modernisation and the 10 Critical Infrastructure Protection Review - Autumn 2018
construction of new buildings, rather than trying to retrofit after an attack has taken place. The hybrid threats that we now face are nothing new. People have always exploited the weaknesses of others, and it is a constant battle between the technology available to the attacker and that available to the defender. Matti Saarelainen discusses how every country needs to understand its own strengths and weaknesses and how these complex threats (not forgetting the natural threats) may impact on society, the economy and national security. Whatever the nature of the critical infrastructure, physical or data, decision makers need to take a holistic approach, recognise the key vulnerabilities and plan accordingly. Investment in the early stages will make infrastructure more secure and present significant cost benefit in the longer term. ■
ABOUT MARTIN UNDERWOOD Martin Underwood is the Managing Director of Tonanti Limited and an independent consultant in Defence, Security and related matters. His main area of expertise is in ammunition and explosives and he has worked as a Technical Advisor on countering the IED threat, both as a British Army Officer and subsequently as a civilian in the NATO Counter-IED community. He was Technical Advisor to the NATO Counter-IED Capability Monitor and Secretary of the NATO Counter-IED Task Force for two years, advocating the treatment of Improvised Explosive Devices as weapon systems and the exploitation of technical intelligence and evidence from their use to identify and disrupt wider threat networks.
To receive a full version of the Critical Infrastructure Protection Review, please complete the Subscription Form. Please provide a valid corporate, government or academic email address. We reserve the right to refuse to accept any subscription at our discretion. If you have any queries, please email to: editorial@deltabusinessmedia.com
www.criticalinfrastructureprotectionreview.com
Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com