CYBER RESILIENCE & HUMAN FIREWALLS
Project Partner
B U S I N E S S I N T E RV I E W
KEEP ON R
Christophe Rome, Chief Inform discusses the role of a huma in the event of
Written by Anna McMahon •
2
RUNNING
mation Security Officer at Lineas, an firewall and cyber resilience f a cyberattack.
Produced by Jennifer Davies
3
RAIL FREIGHT OPERATOR, LINEAS, IS A LOGISTICS COMPANY, WHOSE CORE BUSINESS IS THE MOVEMENT OF GOODS OVER RAILWAY. eing at the centre of As Chief Information Security many of its customers’ Officer, Christophe is responsible supply chains, one of its for IT security and data main objectives is to take protection. It is a fairly new transportation away from role for Lineas, as Christophe the roads and onto the railway. explains, “I started in March Christophe Rome is Lineas’ Chief last year. There was a gap at Information Security Officer. From the company when it came to the company’s headquarters cybersecurity, insofar as nobody in Belgium, he picks up the was actually formally dealing story; “Moving goods over with it, so it was a challenge I railway is not only good for wanted to accept. Previously, the environment, but from an Lineas was only covering the operational perspective, you basics. don’t have the problem of goods being stuck in traffic. Lineas is the biggest private player in Europe currently, and we are number one in Belgium. We are looking to expand into other regions in Europe with our unique offering, the Green Express Network. It works by driving trains on fixed and regular moments between major cities across Europe. These trains bundle different types of goods, ranging from steel, chemical substances and consumer goods, to pallets and containers.” 4
5
IS IT TIME FOR SUSTAINABLE CYBERSECURITY? Do what Lineas did and team up with our cyber-experts! Telenet Business, an experienced Belgian player, has what it takes to guide you through the world of cybersecurity. Your path to greater cyber-resilience begins with a targeted discussion of your needs and expectations. The Telenet experts are at your service. Thanks to their technical experience and market knowledge, they are in the perfect position to guide you to a fully customised cybersecurity plan.
Read more about Telenet Business here
6
Click here to make an appointment for your tailored cybersecurity plan.
ONCE YOU HAVE THE TECHNOLOGY, YOU NEED THE RESOURCES TO WORK WITH THE OUTPUT “There was an IT department handling cybersecurity. In terms of monitoring and alterting, it was all very ad hoc. There was no ownership in terms of security policies, guidelines and standards, and there was no formal security incident response process. From that perspective, it was a great opportunity to be able to start a formal security program from almost zero.” The primary focus for cybersecurity at Lineas is on the operations side, keeping the trains running and avoiding disruption. In doing so, the strategy Christophe has employed is one of cyber resilience. He says, “It is about making sure that when we are hit by a cybersecurity incident, we are able to contain it, react to it, and then come back in the shortest amount of time towards full capability and availability 7
of systems. If one of our core IT systems went down, even for a short amount of time, it would have an impact on production very quickly. That is why it is so important.” Christophe takes the view that every company should accept that it will be breached one day. It is something he likes to call ‘assume breach mentality’. Christophe explains, “You can invest a lot in protection, but you have to invest in detect and response capabilities. That is our focus currently, making sure we have put everything in place to detect an incident quickly. The only way to get there is to create
the necessary visibility. A lot of the attacks today are not very obvious and the worst case will only become obvious when it is too late i.e. when systems go down. It is important to be able to detect attacks in the early stages. So, we have invested heavily in technology and processes using behavioural technologies to make sure we can monitor all possible activity within our network.” Once a threat has been detected, the key is to be able to react swiftly with the right kind of knowledge, technology and processes. However, Christophe is keen to point out that technology is one thing, but you need people to be able to manage those capabilities effectively. He says, “Once you have the technology, you need the resources
8
THE HOXHUNT APPROACH IS WORKING. IT IS LIGHTWEIGHT, EMPLOYEES DO NOT FEEL IT IS TOO INTRUSIVE, AND YOU CREATE CONSTANT ALERTNESS
9
YOU CAN INVEST A LOT IN PROTECTION, BUT YOU HAVE TO INVEST IN DETECT AND RESPONSE CAPABILITIES. THAT IS OUR FOCUS CURRENTLY, MAKING SURE WE HAVE PUT EVERYTHING IN PLACE TO DETECT AN INCIDENT QUICKLY Christophe Rome, Chief Information Security Officer
10
11
12
WE PREFER TO SEE OUR EMPLOYEES AS ASSETS AND APPROACH IT POSITIVELY BY SPREADING CYBERSECURITY AWARENESS to work with the output. Every system in your network outputs a lot of security events, which are centralised in one area, within which, analysis is performed. We outsource the management of this setup and of its output to Telenet Business. They analyse the output of the technology and alert us if something is happening. We can then decide if we need to act in our environment, but the gathering of information, analysis and initial incident detection is all outsourced to Telenet Business.” Lineas’ 2,100 employees form part of the company’s security strategy, acting as a kind of human firewall. According to Christophe, you need to have the employees on board, who are working with the data and using the systems every day. He continues, “What attackers try to do is work around the technology 13
IT IS ABOUT EMPOWERING OUR EMPLOYEES. THEY NEED TO UNDERSTAND THEY ARE ESSENTIAL IN KEEPING THE UPTIME OF OUR SYSTEMS. THAT IS A MUCH MORE POSITIVE MESSAGE defences and get through to the employees do not feel it is data and systems by making use too intrusive, and you create of the end user, often referred to constant alertness. Hoxhunt uses as the weakest link in the chain. a tiering system, so every time We prefer to see our employees an employee reacts correctly as assets and approach to the training, he/she will get it positively by spreading into a higher tier and will receive cybersecurity awareness. We tougher challenges on his/her need the employee to make plate. I strongly believe we have our strategies work. It is about turned a boring IT-related subject empowering our employees. into a success.” They need to understand they are essential in keeping the So, while Christophe’s priorities uptime of our systems. That is a have been cyber resilience and much more positive message.” the formation of a human firewall since his appointment in 2019, The human firewall works by he hopes to be able to shift his not putting employees into attention to other security matters training rooms, but by offering within the next couple of years. continuous phishing training. On He concludes, “At this stage, the average, each Lineas employee focus is on these two areas, but receives a phishing email every we will move on to other securitythree days, combined with related areas in the coming years. a mini training. Christophe Up until now, it has all been about says, “The Hoxhunt approach making sure we keep those trains is working. It is lightweight, running!” 14
For further information on Lineas, visit www.lineas.net 15
+32 2 432 90 00 www.lineas.net Koning Albert II-laan 37 B-1030 Brussels
16