Issue 136 Jan/Feb 2024

EXCLUSIVE: SAMI ALAJMI ON

ARAMCO’S INDUSTRIAL SECURITY OPERATIONS

Aramco’s VP of Industrial Security Operations discusses his career journey and the evolution of the sector

LENS ON INNOVATION

How is camera technology being used to enhance security in urban planning?

THREAT HORIZON 2024

The ISF shares its 22-24 forecast. Was it accurate and can the threats be navigated?

CYBER RESKILLING PROGRAM BAHRAIN

Looking for skilled cybersecurity professionals who are eager to advance their careers and contribute their expertise to your organization?

Look no further than our Cyber Reskilling graduates. Selected from 1500 applicants for their high aptitude and trained by world-class experts in an intensive and accelerated training program. Equipped with the latest knowledge and two industry-recognized GIAC certifications, they are ready to protect and secure your critical information and technology assets.

“Our alliance with SANS and Tamkeen has been invaluable. Not only have we onboarded top-tier Bahraini cybersecurity talent, but we’re thrilled to share our journey and insights, further propelling this initiative.”

UP FRONT

January is always a highlight of the security calendar – playing host to the Intersec exhibition in Dubai, which sees thousands of security professionals convene over three days.

As expected, Intersec’s Jubilee edition was a rousing success, seeing a number of industry-defining innovations being unveiled, and providing a backdrop to conversations and security deals across the Middle East and beyond. You can read more about our review of the event on page 20.

However, there’s no rest for the Security Middle East magazine team. After a packed three days pounding the aisles at Intersec we’re now on to ramping up the preparations for our own event – the second Security Middle East Conference. We are delighted to announce SAFE – The National Security Services Company as our Strategic Partner, as well as welcoming Magnet Forensics, Arana Security, Western Digital and our Gold Sponsor, Dell, to our panel of sponsors. Find out more about

what to expect at the Security Middle East Conference on page 18.

This issue we also got to spend time meeting with Sami Alajmi, Vice President of Industrial Security Operations at Saudi Aramco. With three decades working for the company, Sami has been at the forefront of innovation and witnessed the evolution of security firsthand. His insights are fascinating and paint a picture of the future of the sector – take a look at take a look at page 14 to read Sami’s interview.

CONTENTS

MONITOR

03 Up front

Foreword from the Editor

07 News Monitor

The latest regional and international security news

12 Market Monitor

A roundup of the latest security products and solutions

14 Cover story: Saudi Aramco

We take the opportunity to speak with Vice President of Industrial Security Operations at Saudi Aramco, Mr Sami Alajmi to find out about his three decades working with the company and the part he has played in changing the face of security

FEATURES

18 Security Middle East Conference 2024

We’ve just months to go before the Security Middle East Conference will be sparking debate in Riyadh, Saudi Arabia. We have new sponsors to announce and more details to share with you about what to expect for this industry-defining event

ISSUE 136 JANUARY/FEBRUARY 2024

20 Intersec 2024

Were you there? If so you’ll know all about the many industry-advancing innovations that were unveiled at the show. Take a look at our post-show review to find out all the highlights of Intersec’s Silver Jubilee edition

24 Lens on innovation

Urban planning in the Middle East is increasingly playing its part in enhancing security. Now Ryad Soobhany, Associate Professor of Mathematical and Computer Sciences at Heriot-Watt University Dubai, looks at the use of camera technology in urban planning to further the security goal

29 Converged supply chain security

Jim McConnell discusses how to map the scope of the vulnerabilities in your supply chain, to better understand how vulnerable your company’s supply chain is

32 Case study: IDL Fastlane Turnstiles

When a Qatar-based energy supplier was looking to shore up its security across 10 high rise towers, it was down to IDL Fastlane Turnstiles to deploy an access control solutions to deliver maximum security and efficiency

34 Are we ready for a passwordless future?

A passwordless future has long been seen as the way security will go – but are we ready? Mortada Ayad, Director of Sales Engineering at Delinea believes we’re heading in the right direction and shares how we’re going to get there

CYBER MONITOR

38 Perfect PAM

Beyond Trust’s John Hathaway looks at how to select your Privileged Access Management solution

THIS ISSUE’S PARTNERS & CONTRIBUTORS

Strategic Partner

SAFE

42 The cybersecurity implications of AI adoption

What does AI mean for cybersecurity risks? Paul Lawson, Executive Director, Cyber Defense at CPX, shares insights and best practices from a new whitepaper on the topic

46 Threat Horizon 2024

The ISF’s Dan Norman reveals the organisation’s two-year forecast that was made in 2022. As we now reach 2024 how accurate were the predictions? And what should organisations be preparing for on the threat landscape?

INDUSTRY MONITOR

49 Regional focus: Saudi Arabia

Meshal Aljohani of Aramco, talks to Atallah Al Sinani, Country Security Manager for Saudi Arabia and Yemen at ABB, to learn more about his role and the types of security strategies being used within industrial security in Saudi Arabia

50 Diary

Diary dates for forthcoming security exhibitions, conferences and events

SAFE – The National Security Services Company is owned by The Public Investment Fund and was established in 2019. Its mission is to lead the transformation of the security services ecosystem and to promote and transform security services sector through a consultative approach changing client perceptions and future expectations by offering the best-in-class security solutions and combining world-class technology with the expertise of well-trained and distinguished personnel. Its vision is to be the ultimate security partner leading the transformation of the security ecosystem.

Contributors

Sponsors

Partners

Sami Alajmi

Vice President, Industrial Security Operations, Saudi Aramco

Sami Alajmi has worked his way up within Saudi Aramco over three decades, to become VP of Industrial Security Operations.

Dan Norman

Regional Director, EMEA, Information Security Forum (ISF)

Dan Norman’s role at the ISF is to help organisations to manage current and emerging cyber risks.

Ryad Soobhany

Associate Professor of Mathematical and Computer Sciences, Heriot-Watt University Dubai

Ryad Soobhany has a PhD in multimedia forensics and machine learning.

Report: Concerns AI could drive cyberattacks

INTERNATIONAL NEWS

A new report from Barracuda, Cybernomics 101, has revealed the average annual cost of responding to compromises exceeded US$5 million. The report also highlighted concerns over the use of AI. Half of all respondents believe AI will enable hackers to launch more attacks, while alarm bells were sounded over hackers exploring how generative AI technology can increase the volume, sophistication and effectiveness

of attacks. The report polled opinions of 1,917 IT security practitioners, including those who identified as ethical hackers.

“While the Cybernomics 101 research underscores the harsh reality of suffering a data breach, it also underscores that organisations are not powerless,” said Fleming Shi, CTO, Barracuda. “Proactive monitoring and attack detection to prevent progression to more severe stages like data exfiltration or ransomware is key.

Bahrain considers facial recognition tech

REGIONAL NEWS

Bahrain is considering introducing facial recognition technology to tighten up security. The Southern Municipal Council has approved a proposal to launch an AI-powered solution to help identify offenders without the need for an investigation or police assistance. Ministry officials are now calculating the costs of setting up such a system, while officials look at its use in the UAE, where it is currently being tested by immigration, customs and traffic authorities.

Council Chairman Abdulla Abdullatif said: “Current detection methods are acceptable. By and large, they get the job done, mostly because they are handled by alert and dedicated security officials. However, there have been instances when it has not yielded the expected results.

“Criminals and terrorists have become smarter and hence a new detection system is needed to reflect the advances in technology. Facial recognition software is the only solution in which an artificial intelligence-powered system can detect each and every individual at any place or time.”

By preparing for these scenarios today, organisations can significantly reduce the impact and cost of these incidents.”

www.barracuda.com

Saudi Arabia shores up Boeing deal

REGIONAL NEWS

As part of Saudi Arabia’s ambitious Vision 2030 strategy, the country is set to be home to US plane manufacturer Boeing Co. The company plans to open its Middle East HQ in Riyadh, though it has not yet been revealed what this will mean for other Boeing offices in the region, including Dubai, Abu Dhabi and Kuwait.

The same week it was also announced that Boeing’s Saudi unit has signed an agreement with the Kingdom’s Bahri Logistics to enhance its role in supporting services and defence-related products.

Saudi is well on its way to launching its new airline. Set to take to the skies in 2025, Riyadh Air is being launched by the sovereignbacked Public Investment Fund (PIF) and has already placed a large Boeing aircraft order.

In Brief

SAUDI ARABIA

Saudi Arabia has forged a number of new agreements with international and domestic organisations to help bolster national security. During the World Defense Show 2024 it forged new partnerships in unmanned systems and local agreements to enhance the localisation of the military industries sector.

BAHRAIN

Authorities in Bahrain have seen a high uptake of digital ID services using digital platforms in 2023. In total 743,000 identity transactions were completed online, aligning with the country’s goal to integrate innovative digital services.

OMAN

Oman is seeing a rise in cybercrime, according to The Public Prosecution. In 2023, it saw 140 cases of cybercrime, compared to 126 in 2022. In addition, cases related to online content – such as misusing financial cards and information technology fraud – rose from 2,519 in 2022 to 2,686 in 2023.

KUWAIT

Kuwait’s Ministry of Interior has confirmed the continuation of its biometric fingerprinting initiative for citizens, residents and individuals from GCC countries. During January 2024, Kuwait International Airport recorded 26,238 arrivals using the biometric procedure alone.

ABU DHABI

Abu Dhabi has established a new artificial intelligence council – The Artificial Intelligence and Advanced Technology Council (AIATC). The council will take responsibility for developing and implementing policies and strategies that relate to AI research, infrastructure and investments in the emirate.

REGIONAL NEWS

Advanced technology and defence group, EDGE has appointed Saif Ali Al Dahbashi as President of the Missiles & Weapons Cluster. Al Dahbashi has over 18 years experience in shaping and implementing large-scale transformational programmes, including time as CEO of EDGE entity AL TAIF. Within his role, he will provide oversight and strategic direction on the development and business functions of four companies in the cluster, which has a dedicated focus on the design, development and manufacturing of industry-leading smart weapons, firearms and munitions.

EDGE appoints new President of Missiles & Weapons Cluster UAE thwarts cyber attack

REGIONAL NEWS

The UAE Cyber Security Council confirmed in February that the national cyber systems were successful in thwarting cyberattacks carried out by terrorist organisations targeting vital and strategic sectors. The cyber emergency systems were activated nationwide to efficiently and proactively repel the attacks.

Although the UAE has a highly developed digital infrastructure, the council stressed that all national teams would continue their work in fortifying the country’s digital ecosystem following best practice guidance and international standards.

UAE tops ransomware attacks globally

REGIONAL NEWS

A report from TXOne has found that 46% of organisations globally have been impacted by operational technology security incidents in the past year. In addition, nearly half of those incidents involved ransomware. The United Arab Emirates and the US suffered the highest number of ransomware attacks against OT systems, according to the report. The majority of these attacks were targeted at government, manufacturing and healthcare entities.

Manufactured, Tested, Specified, Certified

Sunray is the specifiers choice for Steel Security, Fire and Blast Doors, Louvre Panels/Facades and Steel/GRP Platforms and Walkways. Our comprehensive Steel Door Range and associated products provides Fire Ratings for up to 4 Hours plus overrun and Security Ratings from SR1-SR6.

We lead the industry with our Door Size Ratios, which enables the Architect, Designer or Specifier to maximise infill without overpanel and creating clean sight lines, as well as practical ease of access for plant, machinery, and general use. With an extensive list of hardware and locking options, electro-mechanical access, vision panels, finishes etc. we tailor your criteria to deliver the required performance and practical solution.

● UTILITY

● TRANSPORT

● POLICE

● EMBASSY & CONSULATE

● PETROCHEM

● RETAIL

- sub-stations, transformer chambers, plant & pump rooms.

- rail, including underground, airport & ferry terminals.

- government & military, armouries, ranges, sensitive & secure buildings.

- UK & abroad.

- UK & abroad.

- staff / safe & stock rooms & financial institutions.

For more details, call our specialised team to discuss your particular project on:

01233 639039

sales@sunraydoors.co.uk

Customised Access Control Solutions: Safeguarding healthcare Access

How healthcare organizations can benefit by integrating biometric access control into their security infrastructures

Security attacks on medical facilities have become increasingly common, making robust access control measures crucial for healthcare organizations. By implementing tailored access control solutions based on the latest biometrics technologies, healthcare facilities can effectively protect patient privacy, comply with regulatory requirements, strengthen their overall security posture, maintain a positive reputation, and ultimately, deliver better-quality care and support to patients.

That said, every medical facility is unique in terms of its layout, size, security challenges, and access control objectives. That’s why generic, off-the-shelf systems

based on legacy technologies provide insufficient protection. In fact, such systems can even increase their risk exposure and leave them vulnerable to many threats.

To prevent such issues, healthcare organizations need customized access control solutions that seamlessly integrate into existing security infrastructures so the organization can effectively address their unique security requirements. As leading system integrators in the Middle East and Africa region, we bring in over twenty years of experience in designing, deploying, and integrating such tailored, biometrics-based solutions.

Types of Biometrics Access Control for Healthcare

Biometrics systems utilize unique human physical characteristics, such as fingerprints, iris, face, voice, and palm veins for authentication purposes. These systems provide reliable user identity verification and determine authorization based on physical characteristics that are almost impossible to steal or compromise.

Additionally, the emergence of “touchless” access control systems that utilize user’s face prints, hand waves, QR codes, or devices like key fobs offers enhanced convenience and safety without compromising security.

Benefits of Biometrics Access Control in Healthcare

Biometrics-based access control eliminates the reliance on weak authorization credentials like passwords or keycards, which can be easily compromised. Access is granted solely based on unique physical characteristics, ensuring stronger security and reducing the risk of identity theft, fraud, and intrusions.

Furthermore, Biometrics access control solutions protect sensitive information and enable healthcare organizations to comply with data security regulations and privacy laws. By implementing these systems, healthcare facilities can securely manage access to medicine dispensaries, prevent unauthorized access to restricted areas, and track employees’ time and attendance for resource planning and payroll purposes.

Applications of Biometrics Access Control Systems in Healthcare

Healthcare facilities have multiple access control requirements. Some need to better secure their medicine dispensaries and prevent drug theft, while for others, the priority is to keep patients from wandering off wards.

Proper access control can ensure secure entry into protected/off-limit/limited-access premises like laboratories, morgues, and storage areas. It can keep intruders out and also prevent unauthorized access to privileged information. Furthermore, the digitized access records provided by these systems enable administrators to track employees’ time and attendance for payroll, resource planning, and other purposes.

Compared to legacy access control systems, which often fail to provide comprehensive security, biometrics-based solutions offer superior protection against intruders, theft, scammers, and various threats, making them an ideal choice for security-conscious healthcare organizations.

The role of systems integrators

To fully leverage the power of tailored biometrics access control solutions, knowledgeable tech partners are essential. Experienced systems integrators like MVP Tech- Convergint, bring technical expertise and deep insights into the healthcare sector. We work closely with healthcare facilities to design customized security solutions that address unique access control requirements. Additionally, we continuously optimize and update security measures to stay ahead of emerging threats, ensuring that healthcare organizations remain adequately protected.

Conclusion

In today’s healthcare landscape, where security breaches pose substantial risks to patient privacy and organizational reputation, implementing tailored biometrics-based access control solutions is crucial. By integrating these solutions into the existing security infrastructure, healthcare organizations can effectively control access, protect sensitive information, and comply with regulatory requirements.

Looking for a customized access control solution?

We can help you design the right solution for your healthcare facility.

Zenitel’s critical communication solutions help secure healthcare settings

Zenitel has released its unified critical communication solutions for healthcare customers, helping to ensure a safe environment for patients, staff and visitors at healthcare facilities.

With integration to other security platforms, like video management, surveillance, access control and building management system, Zenitel’s unified critical communication solutions offer better situational awareness within hospitals and allows hospital teams to act on what they see and hear.

“By incorporating audio into the security mix, healthcare facilities can

add value to video-based security system and transform from being reactive to proactive for any security threats within hospital facilities,” said Sri Sutharsan, Head of Marketing and Segment Solutions, Safety and Security, Zenitel.

The solutions include the Turbine Extended Intercom, IP Operating Room (OR) Master Station, IP Network Ceiling Speaker, Turbine Extended Intercom with Card Reader, and more.

www.zenitel.com

JODDB signs MoU with Tron Future Tech

On the second day of the World Defense Show, Jordan Design and Development Bureau (JODDB) signed a Memorandum of Understanding (MoU) with Tron Future Tech for the future inclusion of the T-Radar Pro on the JODDB mobile counter UAS SKYSTORM System. Tron Future’s T-Radar underwent extensive testing and evaluation to prove its ability in the extreme heat and desert environment of Jordan. The MoU represents a significant capability in anti-drone radar advancements within the Midde East. www.joddb.com

Emrill’s new app to boost safety in UAE

A new app to help enhance the safety of UAE residents has been launched by facilities management company Emrill. The Telesphere Security Patrol App will help to increase operational efficiencies and optimise the time it takes for patrol teams to complete designated tasks on prescheduled routes. In addition, it should help improve the safety, maintenance and emergency response times of teams patrolling communities.

The new app uses Bluetooth technology to enable access to realtime data and geo-coordinates. It will act as a centralised platform for managing the rosters, schedules and assignments of security guards. The system will automatically generate the daily patrol schedule and offer suggestions for additional actions to maximise security patrol efficiency based on data and analysis.

www.emrill.com

Saudi Arabian police gain Lucid electric car

The Lucid Air electric sedan for the Saudi Arabian police force has been unveiled. It’s the first model from the US electric-car start-up, which is 60% owned by The Public Investment Fund of Saudi Arabia. Along with the Saudi Arabian police force livery, lights and sirens it also features a drone launchpad on the roof, which allows officers to launch and retrieve the device from within the vehicle. www.lucidmotors.com

IDCUBE set to revolutionise security operations

IDCUBE has unveiled the Access360 Helix/ AI version 3.5, which includes advanced features and intuitive interfaces to drive forward security operations. The mobile app is powered by AI and introduces seamless visitor management, allowing users to submit requests, send group invitations and enable restricted access.

The Geo-Tagging feature facilitates onduty requests, reflected in the attendance log upon supervisor approval. The Visitor Management system introduces a userfriendly interface across mobile, web, and

tab platforms, supported by new email and SMS templates.

The Dashboard for Visitors is a centralised hub for monitoring behaviours and generating custom reports to deliver vital insights into visitor traffic. The Real-time, Credential, and Parking Management Dashboards provide administrators with immediate visibility into the access control system, allowing real-time monitoring of security events, credential status and parking occupancy. www.idcubesystems.com

Check Point triumphs in Miercom’s next gen firewall benchmark report

Check Point’s Infinity Platform has achieved an impressive 99.8% block rate on Zero_1 day Malware, and a 100% phishing prevention score in Miercom’s Next Generation Firewall Security Benchmark 2024 report.

“The Check Point Infinity platform continuously sets new threat prevention benchmarks for the cybersecurity industry,” said Eyal Manor, VP of Product Management at Check Point Software. “These Miercom results validate our exceptional ability to accurately detect and block new malware, especially against increasingly sophisticated ransomware tactics. A key differentiator for our Infinity Platform is the ability to preemptively block zero-day malicious exploits and malware. There is no reward for second place in cyber warfare.”

www.checkpoint.com

OPSWAT launches enhancements to MetaDefender Kiosk Series

OPSWAT’s next generation of MetaDefender Kiosks are marked by the new Kiosk Mini, Kiosk Stand and the first-of-its-kind integration with MetaDefenser Sandbox and Media Firewall technologies.

The MetaDefender Kiosk offers a solution for securing critical environments and to help overcome the challenges companies face in managing and handling threats originating from peripheral media.

The new Kiosk Mini is designed to be more accessible, portable and versatile, supporting tabletop and rugged environments.

Finally, the entire MetaDefender Kiosk product line includes the integration of OPSWAT’s Sandbox technology – the first peripheral media scanning solution in the industry that enables adaptive threat analysis technology for zero-day malware detection, even in airgapped areas without the installation of software on critical assets. www.opswat.com

Spotlight on: Sami Alajmi

Security Middle East magazine met with Mr Sami Alajmi, the Vice President of Industrial Security Operations at Saudi Aramco

With 30 years’ experience of working in the field of security, it’s fair to say that Sami Alajmi has been at the coalface of the sector, as it has undergone one of its biggest evolutions.

Having joined the Aramco apprenticeship programme at just 17, he has worked his way up from an entry level role to being appointed as the Vice President of Industrial Security Operations in September 2023. And not only has his ascent through the company been impressive, it has also taken place at a time when the security industry has seen tremendous progress and advancements. From working in the field of digital system repairs, Alajmi has gone on to lead projects including executive protection, securing multi-million dollar oil production facilities, the inauguration of KAUST (King Abdullah University of Science and Technology), and the biggest security systems programme in the history of the company. So, what has he learned from his three decades in security?

Tell us about your career path?

I joined Aramco 33 years ago at the age of 17 through an apprenticeship programme. After an initial role in the marine department, I was selected to work in the field of digital system repairs to troubleshoot, repair and replace security systems. It was through this that I started to gain valuable experience in the industry.

Following that placement, Aramco selected me to join a Bachelor degree programme in the US to study computer engineering, with a strong focus on access control. I returned in 1996 and was tasked with spearheading Aramco’s first digital replacement programme in the security department. Our main challenge at the time was implementing a sustainable security infrastructure that would deter unauthorised access to Aramco’s facilities. Digital networking back then had neither the speed nor support for such systems, and we didn’t have the knowledge we needed. Aramco

nominated me again for further study — this time to take part in a Master’s programme in telecommunications.

When I returned, the world had changed and we realised we needed an entirely new security system for Aramco.

So we designed one from scratch. One of our first major achievements was to develop and implement the ‘4D strategy’: Detect, Delay and Deploy, in order to Deter unauthorised access. This was implemented in a civil facility for the first time in the world, and it took security — both within Aramco and the wider Kingdom — to a different level of sophistication.

Since then, I have led many critical projects ranging from building complex security systems across Aramco’s oil production facilities to executive protection. There was also the inauguration of KAUST, not to mention executing the biggest security systems programme in the history of Aramco. Each project had its own set of unique challenges that were crucial to my growth journey.

In your 30+ years in the industry what has been the biggest leap forward you’ve seen?

Digital transformation has been a game-changer for the security industry in the last 30+ years. No industry, including physical security, has been immune to its impact. Technologies of the Fourth Industrial Revolution (4IR) are reshaping the global economy, including the energy sector. But, with advancements in digital technology, security risks have become increasingly multifaceted and sophisticated. This underscores the need for a holistic strategy to ensure the proper security architecture and controls are in place to protect our assets and enable secure and reliable energy supplies.

As malicious threat actors become more sophisticated and organised, with capabilities to launch cyberattacks across the supply chain, it highlights the need for an integrated security strategy that

addresses both digital and physical environments. At the same time, ensuring an even pace and consistency of digital transformation can be challenging. For example, a lack of integration between hardware, software, data, information security, and other factors can impact the efficacy of security protocols.

These unprecedented challenges propelled the use of digital technologies in the security domain over the past two decades, as organisations sought to deploy advanced security technologies to ensure security capabilities across multiple functions were up to date.

Today, areas of focus include cybersecurity, security management, access control, physical security infrastructure, hazardous materials detection, surveillance and crisis and emergency response systems. While much progress has been made we maintain our relentless focus on digitalisation and the deployment of 4IR technologies to ensure our security capabilities remain robust, allowing us to continue supplying vital energy around the world.

How has security evolved in the past three decades?

Advancements in technology have radically transformed security functions, enabling more sophisticated intelligent systems with real-time response capabilities. Today, harnessing 4IR technology, images can be accessed remotely, via the cloud, allowing for real-time surveillance. This has transformed the role of security officers from being passive observers to proactive responders, who can detect and deter threats before harm or loss occurs.

The same is true for physical Access Control Systems (ACS), which have evolved from being simply stand-alone electromechanical locking mechanisms. Now, they are an ecosystem of integrated technologies. As threat actors become more sophisticated, such a holistic approach to security that relies on interconnected systems is essential.

What do you regard as areas for future growth and development?

To continue to enhance and develop our capabilities to keep pace with advances in technology and confront new threats that may emerge. Our priorities to ensure we maintain the highest security standards across our global operations include:

• Sustaining the capability and efficiency of security operations through a robust security framework.

• Enhancing the readiness of our security force to improve emergency response capabilities and ensure company assets are protected at all times.

• Continuing to optimise the latest 4IR technologies to transform traditional processes and services into a datadriven ecosystem of connected solutions to better understand performance, risks and address security challenges.

• Continuously improving our human resources capabilities to ensure we have a competent workforce at all levels that drives the Industrial Security Operations (ISO) business towards excellence.

What is the biggest challenge the Middle East’s security sector is facing right now?

The security sector in the Middle East, and indeed in the rest of the world, is facing multiple challenges. These include complying with increasing regulations and requirements, confronting evolving security threats, and ensuring the performance of security systems under immense time pressures in complex environments. In addition, the sector faces strong competition in attracting and retaining top talent, due to perceptions of high-risk work environments and challenging working conditions.

To address these challenges, the sector must continue to develop holistic security strategies and invest in integrated technology solutions to effectively address risks across its supply chain. Additionally, continued investment in comprehensive training programmes and technological upskilling for security personnel will be key to ensuring fluency with the latest security

technologies and enhancing response capability. Developing programmes to address challenges associated with shift work, such as fatigue and burnout, will also play an important role in developing a sustainable talent pool in this critical sector.

With the advancement of technology, the nature of risks facing our sector is ever-evolving. Continued public-private collaboration will be key to addressing emerging challenges, and staying upto-date with regulations, requirements and strategies.

How would you like to see the sector evolve in the future?

The security sector has undergone significant changes over the years, with advancements in technology such as AI, data analysis and robotics expected to revolutionise security services in the near future. The perception of security has also changed significantly, with an increased emphasis on safety and customer service. Security officers are now trained to be more integrated within the community. They are also now trained in data collection and analysis, enabling

them to make more informed decisions when protecting clients. Robotic security officers are becoming more popular, increasing the efficiency of security operations. These changes are expected to continue shaping the future of the security industry.

How has ISO positioned Aramco to succeed?

A secure and stable supply of energy is crucial to the global economy, and Aramco plays an important role in meeting the world’s energy needs. The security of its operations and facilities is therefore of paramount importance, both to the company and its customers around the world.

Security and safety are our top priority, and we collaborate with many security associations around the world to develop communication channels; exchange expertise; and learn about global best practices in industrial security. Ultimately, our goal is to protect our people and our assets, all the while maintaining a safe and healthy environment in which to live and work.

SECURITY MIDDLE EAST CONFERENCE 2024

It’s full steam ahead as we begin to finalise preparations for the forthcoming Security Middle East Conference – an event that will once again define the security sector

We’re delighted to say that preregistrations are nearly at 50% for our second conference, with top-level security professionals keen to attend to ensure they remain ahead of the competition. Our guests will have front-row seats to the Middle East’s foremost experts and innovators in the field, sharing their expertise, best practice examples and solutions to drive innovation.

We are also proud to announce that sector heavyweight, SAFE – The National Security Services Company, will be joining us as our Strategic Partner to help power the event to success and share their own considerable knowledge.

SAFE – The National Security Services Company is owned by The Public Investment Fund and is licensed by The Higher Commission for Industrial Security in The Kingdom of Saudi Arabia. The organisation provides integrated security solutions covering all areas of protection. Thanks to its work, citizens and visitors to the Kingdom enjoy peace of mind and confidence to live, work and invest in the country. Its mission is to promote and transform the security services sector through its consultative approach, its bid

to change client perceptions and its future plans. We’re delighted to have them on board, and join us in our mission to transform the security landscape for the better.

Industry leaders unite

SAFE – The National Security Services Company is not the only heavyweight to join us in our mission. As announced in our last issue our sponsors include MVP Tech, March Network and Eagle Eye Networks. Roshi Lodhia, Eagle Eye Networks VP and Managing Director EMEA, said of the company’s sponsorship of the event: “With the rapidly increasing adoption of cloud video surveillance in the Middle East, we are excited to sponsor the Security Middle East Conference in May.

It will be an ideal venue to collaborate, network, and discuss the new technologies – notably cloud and AI – that are helping organisations in the Middle East increase efficiency and solve their security challenges. We look forward to connecting with partners, customers and industry colleagues at this important event.”

We can now share that those sponsors are to be joined by Magnet Forensics, Arana Security, Western Digital and our Gold Sponsor, Dell. With a cross-section of sponsors, specialising in everything from cyber and information security to access control and risk management, these sponsors will be bringing their world-leading experience, expertise, insights and innovation to our audience.

Arana Security is a global provider of customised security solutions, specialising in delivering end-to-end services tailored to meet the diverse security needs of businesses. It is a pioneer in the field of biometric solutions, access control, surveillance systems and app development. Raied Nasser, Managing Director, Arana Security, said: “We are pleased to be participating in the Security Middle East Conference, allowing us to provide innovative and customised security solutions to organisations in Saudi Arabia. Leveraging our extensive experience in offering security solutions within the Middle East and Europe we are hoping to expand our business further.”

Magnet Forensics is at the forefront of the modernisation of digital forensics.

Powered

HERE’S WHY THE SECURITY MIDDLE EAST CONFERENCE 2024 IS A MUST-ATTEND FOR SECURITY PROFESSIONALS

Networking opportunities

As in so many industries, it’s often not what you know, but who you know. For this year’s edition of the conference we have devoted more time to networking opportunities, allowing our conference guests to meet and mingle and forge those vital new connections, as well as reinforce old connections.

Engage in debate

Alongside several keynotes we’re also including more panel discussions, allowing our audience to engage in lively, high-level debates about the topics that matter most. Here’s your chance to have your say and add to discussions that will shape the future of security.

Top-level speakers

In one day you’ll gain the opportunity to hear from the industry’s most innovative,

As a global leader in digital investigations, it is continuously finding ways to access data thoroughly, using analytics to quickly make sense of information. The company uses automation to ensure time optimisation, as well as the cloud to reduce outdated dependencies, in a bid to keep innovation at its heart.

Western Digital has long been at the forefront of game changing innovations. The global organisation is always pushing the boundaries of technology to make what you thought was once impossible, possible.

Finally, US giant Dell is a trusted technology and security partner for organisations on their Zero Trust journey. It delivers timely information, guidance

forward-thinking security experts and influencers. You can find out more about the sector’s most pressing challenges and hear about best practice examples and case studies.

Achieve your business objectives

Attending the Security Middle East Conference can help you push forward your own business objectives. Not only can you engage in discussions, hear content from highprofile experts and make new connections but you’ll also be able to explore the newest innovations showcased in the exhibition space.

Refine your ideas

Attending the Security Middle East Conference shows your willingness to consider new ideas, and new ways of working. Joining our discussion panels and learning from our keynote speakers will help you refine

and mitigation options to minimise the risks involved with security vulnerabilities.

Tackling topics that matter

Our collaboration with Saudi Arabia’s security pioneers will result in an informative and forward-looking agenda, tackling the most pressing issues that need to be addressed. Through a mixture of keynote speakers and expert-led panel discussions we’ll be covering sustainability, women in security, security training programmes and the evolution of smart cities.

Our aim is to be at the forefront of advancing the security industry not just in Saudi Arabia but in the wider Middle East. To do this we are developing an agenda

and revise your ideas and strategy, to take back to the office for implementation.

Enhance your CPD

Attendance at industry events is a key part of your continuing professional development and a demonstration of your commitment to your industry.

Enjoy the hospitality

There can be fewer better ways to participate in changing the face of security than from the comfort of the prestigious five-star InterContinental Hotel, Riyadh. Our host for the day will ensure our guests enjoy exceptional service, food and refreshments from a stunning setting in the heart of Riyadh.

Act now and apply for your place at this must-attend event: www.securitymiddleeastconference.com

and speaker list not to be missed, all with the help of our advisory board.

Craig Ross, Senior Safety & Security Manager, Diriyah Gate Development Authority, who took part in one of our panel sessions at the 2023 event, said: “Events like the Security Middle East Conference are hugely important in developing our networks and sharing ideas on best practice.”

The Security Middle East Conference is taking place at The InterContinental Hotel, Riyadh on the 14th May 2024 and we look forward to seeing you there.

Find out more about this event and how to secure your place at www.securitymiddleeastconference.com

INTERSEC 2024

It may have been Intersec’s Silver Jubilee but this year’s event certainly deserved a gold star for uniting the industry

Taking place from 16-18 January 2024 at the Dubai World Trade Centre, the international exhibition for the security, safety, policing, cybersecurity, fire and emergency services sectors, was held under the theme of ‘innovating security tech for a quarter century’.

This year’s event was anticipated to be the biggest ever Intersec and it certainly lived up to expectation. Over 1,000 exhibitors packed out the show over the course of the three days, coming from over 60 nations. In addition, more than 47,000 visitors flocked to the exhibition, eager to stay abreast of the industry, learn from best practice examples, hear about breaking tech news and make new connections in the sector.

As the official regional media partner, Security Middle East magazine was in attendance. As well as handing out

copies of the latest issue and exploring some of the new innovations being showcased we were also busy filming our Expo Lives – short video interviews with key industry figures to find out more about their future plans and what they were exhibiting at Intersec.

We had fascinating and informative interviews with security leaders from Amstergi, CommPort Technologies, Everbridge, Genetec, IDCube, LBA, Limitless Technologies, March Networks, OREP, SALTO, Secury360, UCDSystems and Western Digital. Check out the videos on our website and YouTube channel to keep up-to-date with industry developments.

Powering innovation

The January show has become synonymous with new security launches –a chance for leading companies to unveil

their latest innovations to a receptive audience all looking for solutions. We saw March Networks announce the launch of its Essential Line (EL) Network Video Recorders, delivering customers a full-feature video management solution and analytics platform with advanced functionality. Axis Communications was showcasing the world’s first thermometric explosion-protected camera, certified for use in Zone and Division 2 hazardous locations, amongst other innovations, while Matrix revealed the Matrix COSEC PANEL200P – a multi-function site controller.

We got to see the ThreatScan AS2 flat panel for 3DX-Ray’s portable x-ray system, experience the latest version of Genetec’s Security Center and learn about the opening of the company’s state-ofthe-art experience centre in the UAE. Plus Hikvision unveiled its AIoT products that use infrared and x-ray technology to extend far beyond conventional visual capabilities.

In addition, IDIS and Mercedes-Benz announced a partnership and plans to use an end-to-end solution that delivers comprehensive coverage of the latter’s showroom and warehouse facilities.

Evolution of security

As we explored the various stands there was one thing that became immediately apparent – the security sector is making huge leaps forwards in terms of innovation and is showing no sign of slowing down. We saw real-world examples of how artificial intelligence is being seamlessly blended with Internet

“This year’s event was anticipated to be the biggest ever Intersec and it certainly lived up to expectation”

of Things (IoT) technology. As a result, AIoT is integrating sensor technology to improve detection accuracy and transforming industry applications.

According to Hikvision, who were exhibiting at the show, AIoT is delivering enhanced capabilities, including more precise temperature monitoring for industrial thermography; smarter perimeter security due to object classification; more accurate license plate recognition; the ability to detect slip and fall accidents; and the capacity to ensure personal protective equipment (PPE) is being worn correctly.

There was also an increase in fully integrated, end-to-end solutions, a reflection of the growing trend for companies to adopt a more comprehensive and integrated security solution that brings together multiple systems and devices in a single centralised platform. This type of solution can encompass video security, access control, parking management, command centre operations and more, streamlining processes and giving an intuitive user experience.

Cloud cover

Migration to the cloud was also a popular theme across exhibitors, with cloudbased time and attendance systems, enterprise cloud networking systems and cloud-based access authentication all being showcased.

Away from the show floor there was also a packed conference schedule for visitors who wanted to hear from innovators and leaders, as well as product demonstrations.

Another highlight of the event was the much-anticipated Intersec Awards 2024. Notable wins include Red Sea Global walking away with ‘Outstanding Security Team of the Year’; the Middle East and Africa Award going to the Virtual Technology Centre of Dubai Police for its Smart Security awareness project; and Alyaa Alkaabi from the UAE Ministry of Interior being crowned as a ‘Women Trailblazers in Security’.

After a busy three days, it’s easy to see why this show will be returning once again to Dubai in 2025 – that date for your calendar is 14-16 January 2025.

Revolutionising physical identity and access management with smartphone wallets

Smartphones serve as central hubs for everyday tasks such as payment, identification, health monitoring, and communication. Now there is a new convenient feature: wallet-based access control. Patrick Wimmer, John Harvey and Carl Fenger, of LEGIC Identsystems, explain more

The integration of access management with smartphones represents a pioneering breakthrough in the realm of Physical Identity and Access Management (PIAM), transcending the constraints associated with conventional mechanical keys and plastic keycards, which are frequently lost, misplaced, forgotten, or stolen.

Here are two compelling approaches to achieve PIAM integration:

1. Smartphone Wallet Integration

By seamlessly merging the LEGIC Connect trusted service with Smartphone Wallets, your smartphone can now assume the role of a universal key for your office, home, hotel room, and much more. Initially designed for storing digital credit, debit and loyalty cards, Smartphone Wallets have expanded their functionality to encompass transit pass, ID card, employee badge, hotel room key, and resident key for private and multi-family homes.

2. Dedicated App

Utilising the LEGIC Security Platform and mobile software development kit (SDK), building operators and hospitality service providers can create their own branded apps for access control, along with inhouse payment solutions for vending machines, restaurants, parking facilities, EV charging stations, and other amenities within their company, campus, or hotel.

These apps can be tailored to specific use cases, combining as well as bundling access with multiple adjunct services to enhance the user experience.

The key advantage of Smartphone Wallets is their status as a native application integrated into the preinstalled mobile operating system. This ensures automatic maintenance and updates by the mobile OS provider. Setup is quick and easy, and the addition of room, office, and home keys to Digital Wallets is accomplished with just a few simple steps.

Unlock your door in a second with your smartphone

Based on Near Field Communications (NFC) as well as Bluetooth® Low Energy technology, Smartphone Wallets deliver a convenient user experience akin to using a traditional smartcard. With the appropriate mode activated, you don’t even need to wake or unlock your device, enter a PIN, or establish a network connection. Just hold your smartphone near the reader to unlock. It’s easy, convenient, and private, eliminating the hassle of finding and launching an app

that requires both hands – a significant improvement over dedicated applications.

Users can enhance security by activating biometric verification such as facial recognition within their Wallet. Additionally, Smartphone Wallets function as a centralised repository for multiple virtual cards and keys, simplifying their use across a variety of applications provided by multiple unrelated service providers.

Get into your space, even when your smartphone needs a charge

Certain Smartphone Wallets can operate even when the battery is critically low, unlike dedicated apps that cease to function. This feature is particularly valuable for access control scenarios where the ability to enter an office, hotel room, or residence when the phone battery appears dead provides both convenience and peace of mind.

Integrate mobile wallet access with the LEGIC Security Platform

As part of the LEGIC Security Platform dedicated to supporting secure mobile

Embedded in locks and infrastructure:

LEGIC SM-6300

Security Module with Secure Element

services, LEGIC Connect comprises an OWASP-ASVS audited Trusted Service hosted on AWS, a Mobile SDK plus LEGIC Security Modules which include an RF transceiver (Bluetooth, NFC, RFID) and tamper-proof Secure Element (SM-6300 and the programmable SM6310). These modules are embedded in infrastructure-devices such as electronic locks, access wall readers, corporate printers, desktop readers for PC login, and vending machines.

Together, these components establish a cryptographically secure, bidirectional channel from backend administration system to smartphone to infrastructure. In addition to credentials, any data needing secure distribution to, or collection from electronic doors, lockers, or containers such as firmware, cryptographic keys, whitelists, device status or certificates can be securely transported via LEGIC Connect.

The LEGIC Wallet Program

For comprehensive information on how to make your LEGIC-based products and services compatible with smartphone wallets, please visit our Wallet Program webpage: www.legic.com/wallet.

Elevate your PIAM systems by embracing smartphone wallet integration in the LEGIC Security Platform and propel your access control products and services into a new realm of security, efficiency, and user satisfaction. It’s easy, convenient, and private!

www.legic.com

Lens on innovation

Ryad Soobhany, Associate Professor of Mathematical and Computer Sciences, Heriot-Watt University Dubai, unravels the use of camera technology in Middle East urban planning to enhance security

In the ever-changing landscape of the Middle East, where rapid urbanisation meets technological advancement, the integration of camera technology is reshaping the foundations of urban planning. As the region welcomes the digital age through ambitious smart city projects, the widespread use of surveillance cameras presents unparalleled possibilities alongside intricate challenges.

Let’s explore the complex interplay of camera technology in Middle East urban planning, untangling the elements that intertwine innovation, privacy concerns, and the prospective urban resilience in this dynamic and evolving region.

Smart city leader

At the forefront of embracing camera technology to tackle urban challenges, the

Middle East is leading in adopting smart city initiatives. MarkNtel Advisors reports the global video surveillance market at US$50.5 billion in 2023, projected to grow at a CAGR of about 12.2% from 2024 to 2029, with the Middle East contributing significantly to this growth. This substantial growth, fueled by ambitious smart city projects, underscores the region’s commitment to establishing interconnected, efficient and secure urban environments.

One notable example is the ‘Oyoon’ initiative by Dubai Police, which employs AI and data analytics to prevent crimes, respond swiftly to emergencies, and alleviate traffic-related fatalities and congestion. With an extensive network of over 300,000 surveillance cameras, Dubai ensures enhanced security, efficient traffic management and comprehensive

urban monitoring. Oyoon even enables digital tracking of criminals citywide by uploading a mugshot into a database.

Another example is Beeah Tandeef, a key waste management player who introduced the AI City Vision. This innovative solution employs AI 360-degree cameras on waste collection vehicles to elevate urban cleanliness standards in the UAE.

Look to the future

In Saudi Arabia, the NEOM project, a futuristic smart city in development, epitomises the Kingdom’s commitment to technological innovation and sustainability. NEOM integrates cuttingedge technologies, prominently featuring advanced surveillance systems to enhance various facets of urban life. The city’s vision encompasses efficient transportation, streamlined energy

management and overall improved urban governance. This commitment aligns with the Kingdom’s substantial investments in smart city initiatives, highlighting its recognition of technology’s pivotal role in shaping the future of urban living. The project underscores Saudi Arabia’s dedication to creating a model smart city that embraces the latest surveillance, transportation and energy infrastructure advancements, positioning the nation at the forefront of global urban innovation. The integration of these technologies in NEOM reflects a strategic approach to building a city that meets the demands of the present and anticipates and adapts to the evolving needs of future urban environments.

Best practice examples

While integrating camera technology in urban planning offers undeniable advantages, it raises concerns about privacy, data security and potential misuse. Striking the right balance is

crucial to ensure that the benefits of surveillance do not come at the cost of individual freedoms. One primary benefit is the enhancement of public safety. Surveillance cameras deter criminal activities, providing real-time monitoring that enables prompt incident response. This is exemplified in the city of Doha, Qatar. Doha has embraced camera technology to bolster public safety. Surveillance cameras are strategically positioned in public spaces and key areas, preventing and reducing criminal activities. These cameras serve as a deterrent and facilitate quicker response to incidents, fostering a safer urban environment.

Moreover, camera technology plays a pivotal role in optimising traffic management. Cities like Riyadh in Saudi Arabia are leveraging smart traffic systems powered by cameras to monitor and control traffic flow. Surveillance cameras are strategically placed to identify congestion points and optimise signal timings. This proactive approach

alleviates traffic-related challenges and contributes to a more efficient and streamlined transportation network. The integration of artificial intelligence (AI) with cameras enables predictive analysis, allowing for the proactive management of traffic patterns and minimising disruptions.

Essential tools

In addition to security and traffic management, cameras are becoming essential tools in disaster preparedness and response. The Middle East is prone to environmental challenges, including sandstorms and extreme temperatures. Cameras play a crucial role in disaster preparedness and response, particularly in the face of environmental challenges prevalent in the Middle East. Smart cities, like Masdar City in the United Arab Emirates, use cameras with weather monitoring systems to anticipate and respond to environmental threats effectively. This integrated approach enhances the resilience of urban

infrastructure and safeguards the wellbeing of residents.

Balancing benefits with privacy

However, the widespread adoption of surveillance cameras raises legitimate concerns about privacy infringement. The omnipresence of cameras in public spaces may inadvertently infringe upon individuals’ right to privacy, sparking a debate on the ethical implications of constant surveillance. Striking a balance between public safety and personal privacy requires robust regulatory frameworks and transparency in the use of surveillance technologies.

To address these concerns, cities in the Middle East need to implement comprehensive data protection laws and ethical guidelines for deploying surveillance cameras. Citizens should be informed about the purpose, scope, and duration of data collection, ensuring transparency in using surveillance technologies. Additionally, adopting privacy-enhancing technologies, such as anonymisation and encryption, can mitigate the risks associated with the

misuse of surveillance data. Furthermore, clear and transparent governance mechanisms are essential to prevent the abuse of surveillance powers. Establishing independent oversight bodies, involving citizens in decisionmaking processes and regularly auditing surveillance technologies can ensure accountability and safeguard against potential abuses.

Combatting cyber attacks

Integrating camera technology in Middle East urban planning also necessitates focusing on cybersecurity. With the increased connectivity of smart city infrastructure, the vulnerability to cyber threats becomes a critical concern. Recent incidents of cyberattacks targeting critical infrastructure worldwide highlight the urgency of fortifying the digital defences of smart cities. Robust cybersecurity measures, including regular vulnerability assessments, secure communication protocols and incident response plans, are imperative to ensure the integrity and resilience of camera-based urban surveillance systems.

Looking ahead

As the Middle East positions itself at the forefront of global urban innovation, the trajectory of camera technology in urban planning becomes an integral chapter in the region’s narrative. The journey towards smart, efficient, and secure urban environments is undoubtedly underway, with the strategic use of cameras weaving the intricate tapestry of a future where tradition meets cutting-edge technology.

As the digital transformation unfolds, finding the optimal equilibrium between technological advancement and privacy considerations will be imperative for creating smart cities that thrive on innovation and respect their diverse residents’ inherent rights and liberties. The integration of camera technology is not merely a technological progression; it is a pivotal step towards shaping a future where urban spaces seamlessly blend the heritage of the Middle East with the promises of a technologically enriched tomorrow.

www.hw.ac.uk/dubai

Boosting your converged supply chain security

Jim McConnell, an expert in converged security solutions and author on the topic, explores how to visualise and map the scope of the vulnerabilities of your supply chain

If you’re reading this then no doubt you are a security professional. And within your organisation I’m assuming you are as concerned about this thing called ‘risk’ as the next security professional. So, how can we better answer the following questions: How vulnerable are we, when it comes to our supply chain?

First, I’m going to start with some definitions. These may not be the same definitions as you use in your organisation, but for the purposes of this article please consider them.

Supply Chain – Any external (set of) entities and activities, that you get products or services from, that affect

the risk (vulnerability and threat) to the organisation, regardless of whether you pay them directly or indirectly, and regardless of whether you have them under contract.

Security – The prevention, detection, and response to a crime or a violation of an organisation’s rules.

“What data can I start to collect to help me measure the scope of the vulnerability of my supply chain?”

Safety – The prevention, detection, and response to an accident (think spilled milk).

Vulnerability – A (set of) circumstance(s) that if used against an asset would cause a security or safety incident to start or continue.

Converged Security – The security operational model whereby all types of security activities in an organisation are operating together (physical, fraud, cyber, information, personnel, law enforcement, etc). Notice I did not say reporting to the same person.

Risk – The probability that a threat will exploit at least one vulnerability and in doing so impact the organisation.

Visualisation/mapping – The combination of tracking (think database(s)) and the visual representation of the data to help tell the story in the form of a dashboard, pie charts, link analysis, ESRI/Google Map, combination of these, etc.

All – like “any”, “every”, “enterprisewide” – “All in every language means all”. Be so careful when using these words, but also remember this is the ultimate goal of a Converged Supply Chain Security Programme. Red is bad, green is good – As with any mapping or visualisation, colours matter, don’t overcomplicate it.

I simplify it down to two: red indicates BAD, and green indicates GOOD.

To answer the “how vulnerable are we…” question, one tool, and far from the only tool, is to visualise, as close as possible, ‘all’ of your organisation’s supply chain and its vulnerabilities, for the business. So seeing that as I am writing this I

am about 10,000 metres up in the air using a laptop, and this laptop and the information on it is a critical set of assets to my organisation’s business, let us use it as our example to map its supply chain vulnerabilities.

Now, I’m just using a laptop because the business, and consumers, and congress/parliament can relate, but we can do this on almost any asset or service that makes up our entire supply chain.

Measuring the vulnerabilities

In my introduction to supply chain security class I step students through the security reality that this laptop starts its supply chain with sand that makes up the integrated circuits and ends when it is recycled or in a landfill and even the transportation elements. The vulnerabilities (and ownership thereof) throughout this supply chain are many. But how do we start to collect, visualise, and measure the vulnerabilities of our supply chain?

As the end-user of your example laptop, you may not care about the location (and vulnerabilities) of the container ship transporting the laptop. But, should you?

What if these laptops were being procured as registration laptops for the largest conference in the Middle East that your organisation is overseeing? Or are part of your recovery programme for a ransomware attack you are currently a victim of? Or is the laptop you want to give your son/daughter/ageing parent that has a disability and without this laptop, they can’t tell you, “I Love You”?

Think bigger

Some readers were only thinking about SOFTWARE vulnerabilities when I said

vulnerabilities of the example laptop. Good, but expand your mind to a Converged Security context to better communicate the FULL scope of supply chain vulnerability/security issues to your leadership and board. Yes, software supply chain would also be a great area to collect data on, visualise, and even geospatially map, and there is a lot of great data available to map on this piece, even before a Software Bill of Materials (SBOM) is in common use.

Did you know that in one study the average number of manufacturers of installed software on a Windows laptop is 84, and that’s only measured at what I would call the ‘packaged’ level.

What data can I start to collect to help me measure the scope of the vulnerability of my supply chain? Well for just laptops, how about: laptop name, end user, location, software installed, version of software installed, firmware version, network location, criticality/ sensitivity, data/information classification level, service supplier/contract, current manufacturers’ software version/release notes, software vulnerability databases, customer supported by, asset threat data, end-of-life info/end-of-service info, recycle timing, donation information, clean and screen info, and likely more.

Define that data

Got the data flowing to you and your security team on a regular basis, now what?

Let’s quantify the size and vulnerabilities using dynamic link analysis, simple pie charts, maturity trends, technical debt graphs, mitigation costs, etc. Don’t forget your colours.

Now do some storytelling, whether it is via a dashboard on your leader’s cell phone, or to full board-centric BoD presentations, go, you have the data and information and the story, tell the story of your converged supply chain security maturity status.

Remember it’s not about the laptop, it’s about any part of your physical, moving, or services supply chain AND more importantly, getting information to decision makers about all the discoverable vulnerabilities of your supply chain.

www.linkedin.com/in/jimmcconnell

CASE STUDY

IDL - Fastlane Turnstiles

Integrated Design Limited (IDL) was tasked with improving secure access control for an energy supplier in Qatar across 10 interconnected high-rise towers.

COMPANY OVERVIEW

A prominent energy supplier in Qatar was looking to enhance its security across 10 office buildings located in the central business district in Doha, Qatar. The security enhancement project would focus on 10 high-rise towers which ranged from 15 storeys up to 46 storeys. All of the towers are interconnected at basement, ground and podium levels, including a Metro Rail Link bridge connecting to the closest metro station.

Over the course of a typical working day, between 6:30am – 2:30pm, around one thousand employees enter and exit the site, via various entry points. Security personnel are present on-site around the clock and are located at each entrance, with numbers of security staff ranging between 10 to 20 guards at the various locations.

THE CHALLENGES

Access to each building needed to be restricted to only authorised personnel. But, during peak times, the team of security staff were unable to effectively check all individuals entering the facility. The client was looking to ensure that each of its main building entrances would be even more secure.

At the same time, design challenges required the entrance control solution to be unobtrusive and blend subtly with the overall aesthetic of the complex.

There were several existing entrance control turnstiles already installed –provided by other manufacturers. Many of these were old, and the units were no

longer operational. Spare parts for these units were also not readily available, so a replacement solution was required.

Some of the units provided previously by Fastlane products were still reliably operating. With dependability and trouble-free operation being the priority for this project, when it came to looking

“Both our Glassgate 250 and Glasswing turnstiles were a great choice for the client providing a security solution that is both pleasing to the eye, yet simple and intuitive to use.”

Alan Hardy, Sales Manager for EMEA at IDL

for a new entrance control solution across the site, the client requested that all units be replaced with Fastlane products.

THE SOLUTIONS

IDL determined that two separate solutions were required to tackle different areas of the towers, to ensure maximum security and efficiency of operations. The company worked with its local installation partner, Intelligent Technologies, to successfully complete the project.

Within the lift lobbies, 25 lanes of the Glassgate 250 were installed. These units are designed for high pedestrian throughput, with the capability to process up to 60 people per minute, giving a total capacity of 1,500 workers and visitors being processed to enter the building every minute.

The bi-directional dual glass barriers are in closed mode as standard, and only open to allow entrance to authorised personnel after a valid card or visitor signal has been presented. In the event of other authorised users trying to use the lane the barriers will stay open, even if they are walking in the opposite direction, to keep the flow of traffic moving during peak times. The glass barriers intuitively move away from the authorised person and the familiarity of the ‘door-like’ action of the barrier gives users confidence in operating the system, ensuring quick user acceptance.

The 24 beam IR detection matrix in the Glassgate 250 provides unsurpassed tailgate detection and deterrence, with tailgaters detected following as close as 5mm behind authorised users. The glass barriers close quickly and safely behind an authorised person to deter unauthorised access, with a 2-stage

TIMESCALES

To avoid disruption to normal business operations, much of the installation work was carried out during non-office working hours, over weekends and eid-holidays. Works were carried out at pace: one location (which featured five lanes) was made fully operational during the course of a single weekend.

alarm response provided should an unauthorised access attempt be made.

In addition to the Glassgates, 53 lanes of Fastlane Glasswings were installed. As with all Fastlane turnstiles, these use state-of-the-art optical technology to allow authorised entry after a valid card has been presented. They also quickly close behind each user to tackle the issue of tailgaters or anyone seeking to obtain access fraudulently. They operate at the same capacity as the Glassgate 250 installed in the lift lobbies – allowing 900 visitors to be processed every minute. This particular product benefits from the glass barriers retracting inside the pedestal.

The elliptical-shaped pedestals of the Fastlane Glasswing, coupled with

the fast-moving glass wings, offered the level of security and fast throughput that was required for this site, without compromising on the aesthetics, as requested by the client.

For this project, the client requested the Glassgate and Glasswing units be customised with Corian deep black quartz tops to complement the black Calacatta marble pattern on the floor, with black acrylic concealed reader windows built into the turnstiles to provide a seamless finish. Square pedestal ends on the Glassgates further added to the architectural look.

www.fastlane-turnstiles.com

The passwordless future: are we there yet?

Passwordless implementation has long been heralded as the future, but are we ready, asks Mortada Ayad, Director, Sales Engineering at Delinea

We often hear about the increasing appetite for a passwordless future and while this mostly is in the context of consumers, the reasons for organisations wanting the same seems straightforward. According to the Verizon 2023 Data Breach Investigations Report stolen credentials were used in 49% of breaches by external actors. However, tightening policies and procedure to avoid credential theft often means hampering productivity and chances are employees will find ways around them to get things done, compromising security without realising it. It is also simply unrealistic to expect them to create, remember and regularly change multiple, unique and complex passwords. If the password is the weakest link, why haven’t we gotten rid of it yet?

Passwordless, explained

First and foremost, it is essential to differentiate between a passwordless implementation, where the password is removed from the authentication process, and a passwordless experience, in which the mechanics of password

authentication are still happening, but the user is not required to enter it anymore.

A full passwordless implementation, however, is much more difficult to achieve. Technology has undoubtedly made huge strides and several solutions, like biometrics or passkeys are now competing to replace the password, but according to a recent Delinea report 68% of IT decision-makers think that the password is not dead just yet.

Furthermore, only 30% of respondents said that their organisation has already started the transition towards passwordless, while 36% claimed they are a couple of years away and 21% admitted they are three to four years away. The slow pace of this transition appears to be due to several factors, such as the limited availability of these new technologies, which do not always live up to expectations or do not cover all use cases; their compatibility with legacy systems still existing in many companies for the foreseeable future; and the need to demonstrate that their use does not hinder compliance.

“The productivity advantages of passwordless hardly need saying, especially for power users and administrators who may have hundreds of accounts”

Walking the security-UX line

It appears then that the passwordless experience could be a useful intermediate step, as long as the slick user experience is coupled with robust security measures to minimise the risks of having the password still in the authentication process. This is where modern Privileged Access Management (PAM) solutions come into play, auto-generating long and complex passwords and autorotating them on a schedule, while implementing Multi-Factor Authentication (MFA) throughout the access chain from the initial login to privilege elevation. They also provide granular controls to ensure users receive just-in-time, just-enough access based on their roles or responsibilities and offer extensive monitoring and auditing capabilities. PAM solutions can help organisations move passwords into the background, as they continue using legacy technology, moving to the cloud, or beginning to leverage passwordless solutions.

Out with sharing

In both iterations, an advantage of passwordless authentication is that it prevents employees from sharing their permissions, reducing risk and enforcing better cyber-hygiene practices.

The productivity advantages of passwordless hardly need saying, especially for power users and administrators who may have hundreds of accounts, saving them hours of password management. Helpdesks are also no longer inundated with passwordrelated queries and tickets. And since the workforce is far less of a phishing target, the likelihood of downtime due to a ransomware attack – or similar disaster stemming from credentials theft – is dramatically diminished.

It is important to remember that even with a full passwordless implementation, an organisation will still have other types of vulnerabilities, but they can be reduced by a sweeping privilege management strategy for enhanced visibility, security, and control.

Endpoint management that allows the onboarding of new user devices without compromising the environment will also be necessary. And, of course, no passwordless ecosystem, no matter how well designed, should be seen as a substitute for the ongoing education of users.

A lot of people have strong opinions about ‘passwordless’, either saying that passwords are here to stay or that they will soon disappear. The new research

68% of IT decision-makers think that the password is not dead just yet

shows that both views are possible, and that different authentication options are creating a future where passwords still exist but are less visible.

As technology progresses, with biometrics becoming more accurate, passkeys becoming common among consumers, and legacy technology getting replaced, enterprises will become more comfortable with a passwordless future. The only question is, how quickly that future arrives. The advantages laid out here should encourage many to pursue the elimination of text-based authentication and build a stronger, more productive enterprise.

www.delinea.com

Perfect PAM

John Hathaway, Regional Vice President, iMETA at BeyondTrust, says the path to cyber resilience is paved by privileged access management

IBM’s 2023 edition of its Cost of a Data Breach report puts the Middle East’s average data breach cost at US$8 million, which is almost double the global mean. And the grand meme of cybersecurity is that the threat actors who cause all this damage no longer hack in; they log in. They use sneaky, subliminal messaging to phish credentials from unwary users and navigate laterally through security infrastructure, escalating their privileges as they go. An expanding attack surface (multi-cloud, remote work, shadow IT, and so on) brings with it an expanding threat from privilege itself. You want another meme? “Identity is the new perimeter”. Which means privileged access management (PAM) has become the cornerstone of modern cybersecurity. Operating systems, applications, hypervisors, cloud management platforms, DevOps tools, robotic automation processes — they, and dozens of other IT assets, are governed by privileges. Simple lists of accounts and

the things they can and cannot do have become central to our protection. And now that attackers are using machine learning and artificial intelligence (including generative AI), organisations that do not take PAM seriously are left wide open to nightmare scenarios.

‘Perfect PAM’

If attackers are using smarter tools, then so should you. Going in search of the ideal privileged access management platform — or ‘Perfect PAM’, if you’ll allow me — requires the same due diligence you would bring to any procurement exercise. Consider the total cost of ownership, accounting for time-savings associated with automation. Factor in direct and indirect costs as well as estimating the system’s time to value.

Also, how soon will you see improvements in your risk profile and the efficiency of security operations? Never forget that you are a growing enterprise. Is the PAM platform sufficiently scalable

to grow with you, adding things like SSH key management, DevOps secrets, and service or machine accounts? Will PAM integrate with IAM, service desk, SIEM, SOAR, and other elements of your cybersecurity ecosystem? In short, will PAM help you mature your threat posture, or will it impede your development?

The answer lies in whether it fulfils these six goals.

1 Control over identities

Perfect PAM must offer the means to automate discovery of privileged accounts and other credential types across the environment. There must be no place for an identity to hide because if there is, you can be sure it will not escape the notice of a determined threat actor. Human and non-human accounts must be placed under suitable management so they can pass muster with auditors. Many attacker inroads are rendered impassable with this simple approach and many others are made

“Going in search of the ideal privileged access management platform — or ‘Perfect PAM’, if you’ll allow me — requires the same due diligence you would bring to any procurement exercise”

difficult. And to be clear, when we say ‘suitable management’, what we mean is the enforcement of regular password changes and rules as to their strength.

2 Secure remote access

Perfect PAM should dispense with ‘all-or-nothing’ remote access. Employees, contractors, vendors, and others should have explicitly defined roles that dictate their access requirements. The ideal PAM platform must allow for granular, role-based access. Where practical, even allotted time slots should be assigned to each user, appropriate to the task they are performing. Organisations must use a privileged remote access solution that facilitates access while protecting systems and data. This solution must be capable of being hosted on premises — via a hardened physical or virtual appliance — or on a secure cloud.

3 Least privilege for Windows and macOS

Perfect PAM must remove local admin rights to Windows (a recent BeyondTrust vulnerabilities report found that around 75% of critical Microsoft vulnerabilities could have been mitigated by removing admin rights) and macOS systems and be capable of controlling and auditing admin access. It should be able to impose granular control over applications without hampering user

productivity. And it must be capable of removing privileges for those users while automating the enforcement of rules that allow elevation of application privileges during a session without elevating privileges for the user themselves.

4 Least privilege for Unix and Linux

Perfect PAM will give visibility and control to security teams for Unix and Linux, allowing them to implement least privilege and efficient delegation of privileges and authorisation on these OSes without exposing passwords for root or other accounts. The PAM platform must allow security teams to either eliminate password elevation tool sudo from the IT mix or layer functionality on top of sudo to resolve security and auditing deficiencies and make administration simpler and more accurate.

5 Integration for Unix and Linux into Windows

Perfect PAM would centralise authentication for Windows, Unix, and Linux environments. This is not just reducing complexity for its own sake.

A more homogeneous environment improves efficiency (fewer logins, for example, and hence, fewer helpdesk calls) and reduces risk. An Active Directory bridging solution can streamline identity management, allowing organisations to leverage their Windows Active Directory

infrastructure to deliver stronger identity security and audit capabilities. This will advance the organisation’s cyber maturity while boosting productivity for its technical and non-technical users.

6 Visibility and threat intelligence

Perfect PAM allows the SOC to proactively mitigate risk because the PAM platform grants rich, bird’s-eye views of identity ecosystems. This is an indispensable gift in the era of Tapestry IT, where multi-cloud and on-premises systems overlap, and multiple endpoints fall off the radar. Previously unseen risks come into view with Perfect PAM, and threat hunters can chase down attack paths that had thus far been obscured by tech sprawl. Data siloes are gone now, and identity hygiene reigns supreme, as PAM churns out actionable recommendations in time to prevent vulnerabilities becoming threats. Investigations are faster. Mitigations are proactive rather than reactive. Complex attack chains and their blast radii are laid bare for analysis, quickly leading security teams to compromised accounts.

The current IT mix is awash with identities, each of which is a timebomb if not properly managed. Privileged access management is now a sink-or-swim proposition. Perfect PAM is your life raft. www.beyondtrust.com

IDIS is transforming video surveillance with an advanced choice of edge cameras, AI box appliances, servers, and software - innovations that make it easy for you to supercharge your operations without the burden of ongoing maintenance agreements or device connection costs.

Whatever the size or type of your business, whatever your operational priorities, IDIS makes it affordable to harness the power of AI video, with solutions that give you optimized security and safety plus actionable business intelligence – all with industry-beating accuracy.

And our expanding AI video range upholds the IDIS promise of plug-and-play installation, robust performance, and a low total cost of ownership.

www.idisglobal.com

Navigating challenges and charting a secure future

Paul Lawson, Executive Director, Cyber Defense, CPX, takes us through insights and best practices from a recently launched whitepaper looking at the cybersecurity implications of AI adoption

The surge in AI adoption, exemplified by the widespread use of generative AI technologies and tools like ChatGPT, is further underscoring the urgent need for robust cybersecurity strategies. The intersection of AI and cybersecurity presents both unprecedented opportunities and complex challenges, necessitating the creation of a unified and trusted resource. With this, the recently launched whitepaper by the UAE Cyber Security Council and CPX, Securing the Future: A Whitepaper on Cybersecurity in an AI-Driven World, helps to serve as a roadmap, guiding individuals and organisations through the challenges they will inevitably face as they integrate AI into various aspects of their lives and business operations.

The whitepaper transcends theoretical frameworks to reflect the real views and experiences of cybersecurity experts. The following are insights and best practices derived from the whitepaper, for governments, organisations, and individuals to follow, as they navigate the intricate dynamics of AI and cybersecurity.

1. Strong authentication and access control

It is critical to limit access to AI systems and data. This can be achieved through

the use of stringent multi-factor authentication for AI applications or infrastructure access. Access controls should also be updated regularly, with employees only having access to what is necessary to perform their job. For example, an AI system used for medical scans should have in place different permissions for radiologists, nurses, researchers, IT staff, and other employees. Permissions should also be updated frequently as employees change roles or leave the organisation.

2. Regular security audits and updates

AI systems need to be consistently monitored for vulnerabilities, risks, and potential threats. Comprehensive audits of all components of the AI system should be performed frequently by independent experts. Based on these audits, vulnerabilities can be addressed, and software can be updated to prevent security issues. Any identified security issues can also be promptly taken care of.

3. AI security and awareness training

Continual learning should be in place for all employees, from data scientists to business leaders, to play their part

“To achieve unhindered growth and innovation, AI integration must go hand-in-hand with rigorous security measures.”

in effectively countering emerging AIpowered threats. This should involve tailored awareness and training programmes, that are specific to the role of each employee. For example, AI developers should learn how to build secure machine learning models and software, and all employees should be trained on how to properly interact with AI technologies.

4. Collaboration between AI developers, researchers, and security experts

A multi-disciplinary approach is required for the development of the most comprehensive and effective solutions. AI developers and researchers should work alongside security teams to address security issues and vulnerabilities proactively, rather than having issues arise later. For instance, security experts can advise on risks to consider as machine learning models are created and deployed. The collaboration between these parties should also continue after AI systems are in place, to allow for knowledge sharing and joint problemsolving.

5. UAE collective effort

Promoting a more cyber-aware culture on both an individual and institutional level is vital to combat evolving threats. National initiatives such as Cyber Pulse can promote this, encouraging individuals to be socially responsible and keep their nation cybersafe. This aims to ultimately immunise society from the risk of cyber-attacks.

The strategic imperative

Various cybersecurity challenges have already begun to arise that organisations will continue to face, such as the potential consequences of overlooking comprehensive policies and measures around AI and cybersecurity. The stark reality is that the development of malicious AI could outpace the collective ability to counter it, resulting in farreaching repercussions such as financial losses and threats to public safety.

Another primary challenge identified is the scarcity of skilled cybersecurity talent, particularly within the domain of AI. It has become evident that effective collaboration between public and private sector stakeholders is essential to addressing the dynamic landscape of

AI-driven threats. This collaboration is crucial for the development of a workforce equipped to tackle the evolving challenges posed by sophisticated cyber threats.

To achieve unhindered growth and innovation, AI integration must go hand-in-hand with rigorous security measures. Vigilance and preparedness are requirements in the face of today’s evolving cybersecurity challenges. The field of cybersecurity must also embrace AI, to allow for unprecedented development and to be able to effectively counter new threats and malicious AIpowered attacks.

This is no longer a discussion of mere precaution, but a strategic imperative for any digital landscape that strives to be not just innovative but inherently secure.

In an era where AI is redefining industries, industry leaders must take crucial steps toward safeguarding the ever-evolving digital landscape. Companies across the Middle East need to be committed to contributing to this discourse and working towards a future where AI and cybersecurity coexist seamlessly, ensuring a safer, more resilient digital future for all.

www.cpx.net

Unified security, unlimited possibilities.

Securing your organization requires more than video surveillance. To be successful, you need access control, intercom, analytics, and other systems too. This is why our Security Center platform excels. It delivers a cohesive operating picture through modules that were built as one system. So, whether you’re securing an airport, a parking structure, a multi-site enterprise, public transit, or an entire city, you can access all the information you need in one place.

To learn about the benefits of unifying your security operations visit genetec.com

Threat Horizon 2024 –A global perspective

Dan Norman takes us through the ISF’s last two-year forecast – made in 2022 – to determine how accurate they were, and the measures organisations may need to take

Every year the ISF provides a detailed, scenario-based, two-year threat forecast to its member organisations – a unique model, whereby the combined intelligence from 500 companies, governments and academics contribute towards what they believe the next few years will bring, and the impact it will have on information security and cyber risk management.

Threat scenarios are workshopped, tested and validated globally, and a detailed action-orientated report is provided to the community. However, when we reach the year in question, the ISF provides access to organisations outside of the membership to help them prepare.

In 2022, the ISF made bold predictions about the world through the lens of the PESTLE model… 2024 is finally upon us and the research is frighteningly accurate:

Economic Predictions

Despite a mix of rosy forecasts and warnings of economies sleepwalking into recession, the economic outlook in 2024 will be defined by uncertainty due to the pandemic. Organisations must be pragmatic in their responses to shifting economic prospects. Supply chain disruption is expected to continue because of labour and equipment shortages. The interconnected nature of contemporary markets and their associated fragility was exposed in the East by the instability of housing giant Evergrande. The potential time bomb of a Chinese recession would

cause global economic, political and social shockwaves.

How accurate was this?

There has been a real power shift in terms of investment from Middle Eastern countries like the UAE, Saudi Arabia and Qatar. The GCC has seemingly weathered a global recession, with considerable diversification into building GIGA cities, tourism, entertainment and sport. The war in the Middle East and the Russia/Ukraine conflict could continue to tip Europe, the US and Africa into a spiralling recession, with inflation rising globally due to the fragility of supply chains. Geopolitical risk has caused significant economic uncertainty, which governments and banks are continuing to grapple with.

Social Prediction

The long shadow of the pandemic will continue to fall over all aspects of society. Whilst the primary effects, such as loneliness, family separation and undisputed health impacts are well documented secondary effects are brewing. Social disillusionment will be high, and decreasing trust and support of government policies will whip up support for political violence. Ethical considerations will be a driving factor in all aspects of social life. Organisations will face difficulties incorporating differing expectations across generations. To ensure this new approach translates

across relationships between technology and people, global spending on data protection and compliance technology is expected to reach $15bn by 2024.

How accurate was this?

There has been tremendous societal disruption from the wars in the Middle East, Eastern Europe, North Eastern Africa and in the South China Sea in terms of physical protests and shifting political opinions. Populist politicians with divisive agendas have gained power in many countries, including Argentina, Italy, and potentially the US once again. Social media platforms are fighting an existential battle for freedom of speech with governments globally, with the major tech billionaires being targeted and fined by governments for the impact they are having on politics and society. The Middle East, however, has significantly raised investment in society. Much of the GCC has a robust vision due for implementation in 2030 – healthcare, education, tourism and entertainment designed to raise quality of life of people in the region, all underpinned by significant investment in technology. This is a major step-change in terms of the risk landscape.

Technological Prediction

Nations will explore deeper into cyber space, competing for technological and scientific supremacy as it becomes a key

metric for international power. Beyond Earth, a technological arms race is brewing as the space race shifts from being a matter of national pride to a way to exhibit genuine strategic advantage. For example, private space endeavours will be key to NASA’s plan to return humans to the moon by 2024. As all nations race to establish themselves off-planet, the emergence of low orbital debris will begin to impact further advancements as humans risk trashing a new arena for exploration and exploitation.

How accurate was this?

Technological advancement has not been as dramatic as predicted, in terms of commercial use cases regarding quantum computing. However, technology has played a significant role in the progress of human life. From generative AI and landing spacecraft on moving asteroids, to implanting a chip in the human brain to reintroduce motor function and the use of AI-backed technology is playing a crucial part in society. The ethical and political discussions regarding use cases for technology will differ region by region – and the risks associated with technological supremacy threaten to exacerbate geopolitical ties and existing political structures further.

Legal Predictions

The constant rate of technology change continues to create a game of

cat and mouse between innovation and legislation. By 2024, however, technological advancements will have expanded this disparity even more. Governments will extend the scope of legal obligations and constraints affecting how organisations use and process data to protect individual human rights. Having realised the pervasive power of data, there will be a concerted effort for legislative reform that goes beyond data privacy. These efforts will reassess the use of artificial intelligence (AI) techniques and Internet of Things (IoT) devices to reduce the exponential growth of cyber attacks.

How accurate was this?

The legal ramifications of generative AI have caused a media storm – from Hollywood to the World Economic Forum, all walks of society have been (or expect to be) impacted. Governments around the world are working to design AI acts and managing the impact on the job market and beyond. Data privacy regulations continue to be fragmented – with the Middle East paying particular attention to data residency for cloud providers.

Environmental Predictions

By 2024 the world is expected to have breached the 1.5°C limit set out in the 2015 Paris Agreement causing widespread disruption and an alarming loss of biodiversity. Yet, inciting widespread frustration, reform to tackle environmental

change will remain a political talking point rather than concrete action. Environmental change will become a motivating factor as organisations demonstrate their environmentally safe behaviours to appease customers and to remain attractive to investors. As extreme weather events increase, it will become essential to ensure that the potential for environmental disaster is woven into organisational strategy.

How accurate was this?

The environmental disasters that have happened worldwide have been catastrophic. From wildfires in Central Europe, to hurricanes and monsoons across Asia and the US. The damage is arguably irreversible. We accurately predicted that nation states would communicate a lot, but act little. The COP28 climate conference achieved little, but none of the GCC committed to reducing oil and gas outputs. However, many organisations are focusing on reducing their carbon footprint by restricting travel. Environmental protesters are becoming a significant nuisance globally, disrupting supply chains and using cyber attacks as a mechanism to affect target companies.

Access the full report and recommended actions: https://www.securityforum.org/ solutions-and-insights/threat-horizon2024-the-disintegration-of-trust/

Industry interview

This issue, Meshal Aljohani, CPP, PSP, PCI, Security Group Supervisor, Aramco speaks with Atallah Al Sinani, PSP, PMI-RMP, Country Security Manager for Saudi Arabia and Yemen, ABB

Describe your experience in the security industry?

I began my journey in the field of industrial security in 2007 at SABIC, immediately after graduating from college. I started in security operations for the Western Region and later moved to work in the company’s Security Center of Excellence. In 2023, I decided to embark on a new experience and join the ABB company to broaden my expertise and contribute my experiences in industrial security.

Working in the field of industrial security is an enjoyable and advanced job which helped me develop myself on the personal and practical levels.

What do you think is Saudi Arabia’s most pressing industrial security challenge?

Ensuring the security of critical infrastructure, particularly oil and gas facilities, stands out as one of Saudi Arabia’s most pressing industrial security challenges. These sites are crucial not only for the country’s economy but also for global energy stability. Protecting them from physical attacks, cyber threats, and other vulnerabilities is paramount to maintaining stability and functionality.

Another critical industrial security challenge for Saudi Arabia involves diversifying its economy. Reducing overreliance on oil-related industries requires developing and securing new sectors, such as technology, manufacturing and tourism. This diversification creates challenges of knowing the development of the possibility of security threats (physical and cyber) and controlling/mitigating the consequences of security risks and enhancing and developing the human element (security personnel).

What kind of security strategies are used within the industrial security sector in Saudi Arabia?

There’s a strong emphasis on:

1. Risk Assessments and Continuity Planning: Conducting thorough risk assessments to identify vulnerabilities and develop comprehensive continuity plans to ensure business operations can continue in case of any security breach or disruption.

2. Regulations and Compliance: Adherence to local and international standards is mandatory. Regulatory bodies enforce guidelines to ensure security measures are in place and followed by industrial entities.

3. Physical Security Measures: This includes robust perimeter security, surveillance systems, access control, and security personnel to protect critical infrastructure and assets.

4. Investment in Technology: Embracing advanced technologies such as AIbased monitoring systems, biometrics, and intrusion detection systems to enhance overall security.

5. Training and Awareness: Regular training programmes and awareness campaigns for employees to understand security protocols and be vigilant against potential threats.

6. Public-Private Partnerships: Collaboration between government entities, private sector industries, and security agencies to enhance information sharing, response capabilities, and security posture.

7. Emergency Response and Crisis Management: Developing protocols and response strategies to address various emergency scenarios, including natural disasters, cyber incidents, or terrorist threats, to minimise potential damage and ensure swift recovery.

8. International Cooperation: Participation in global initiatives and partnerships to exchange best practices, information, and technologies, enhancing security preparedness and response capabilities.

How do you anticipate industrial security in Saudi Arabia evolving in the coming years?

The evolution of industrial security in Saudi Arabia involves considering technological advancements, increased security measures, collaborations with international partners, and ongoing efforts to address emerging threats. Likely, there will be a focus on enhancing infrastructure, implementing stricter regulations, and utilising AI and IoT for comprehensive security solutions. Additionally, the country invests in workforce training to combat security threats and maintain robust protection for critical industries.

Given Saudi Arabia’s commitment to diversifying its economy, it’s likely that industrial security will become increasingly sophisticated and tailored to protect various sectors, such as energy, manufacturing, and technology.

2024

MARCH

4–7 March

LEAP

Riyadh Exhibition and Convention Centre onegiantleap.com

5–7 March

World Police Summit

Dubai World Trade Centre, UAE worldpolicesummit.com

20–22 March

SECON 2024

Hall 3-5, KINTEX, Korea seconexpo.com

APRIL

MAY

JUNE

OCTOBER

9–12 April

ISC West 2024 Venetian Expo, Las Vegas, US

discoverisc.com

23–25 April

GISEC Global Dubai World Trade Centre cyber.gisec.ae

30 April–2 May

The Security Event NEC, Birmingham, UK thesecurityevent.co.uk

14 May

Security Middle East Conference

The InterContinental, Riyadh, Saudi Arabia securitymiddle eastconference.com

15–16 May

Disasters Expo Europe

Messe Frankfurt, Germany

disasterexpoeurope.com

21–23 May

International Exhibition for National Security and Resilience ADNEC, Abu Dhabi isnrabudhabi.com

4 June

ENBANTEC Cybersecurity Conference & Exhibition

Radisson Blu Hotel, Sisli, Istanbul, Turkey enbantec.com

SEPTEMBER

1–3 October

Intersec Saudi Arabia

Riyadh International Convention & Exhibition Center intersec-ksa. ae.messefrankfurt.com

2–5 September

Special Operations Forces Exhibition and Conference (SOFEX)

Aqaba International Exhibition & Convention Center, Jordan sofexjordan.com

17–18 September

MENA Information Security Conference

Riyadh, Saudi Arabia menaisc.com

Please check the event websites for the most up-to-date details as dates can change all the time.

Magnet AXIOM Cyber is a robust digital forensics solution that enables you to quickly and easily investigate cybersecurity incidents to minimize their impact and protect your business. Using AXIOM Cyber, you can locate and analyze digital evidence across a diverse set of data sources: computer, cloud, mobile, and IoT devices.