Last week's visit to CYBERUK, the UK government’s flagship cyber security event was certainly an insightful and thought provoking couple of days. Hosted by the National Cyber Security Centre (NCSC), it featured world-class speakers, solutions and had countless opportunities for myself and Tony Mannion, Sales Development Manager, hear the latest insights on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.
So what did we take-away from our visit to CyberUK:
Cyber security and operational safety are intrinsically linked:
"If its not cyber secure then its not safe."
The event highlighted the impact of human/operational failings through examining the Triton attack process and the key factors that made the attack possible. Such as a network connected engineering workstation, a PLC left in program mode and not locked to run mode and a lack of monitoring.
We need to target efforts to the initial sources of risk to reduce the high numbers and volumes of attacks:
It's key to tackle the easy to resolve issues and make these practices the social norm. A good example of this is email and the use of DMARC, Domain-based Message Authentication, Reporting & Conformance, an email authentication, policy, and reporting protocol which validates email messages before they are delivered to check validity.
It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
Security information needs to be simplified for the end users:
Like we're increasingly used to seeing with food sales with the Red, Amber, Green status for health, these RAG status' are looking likely to be included on IOT and other consumer devices in the first instance.
There is clear backing by manufacturing:
Supported by legislation, manufacturing is backing the need to make devices safer from the point of sale. A code of consumer practice has been created to remove poorly designed devices out of the supply chain. Its looking likely this will form into legislation to meet ‘Secure by design’ standards as highlighted in the NCSC 5 year plan by 2021.
Free help and support is available:
NCSC has produced a free toolkit, Exercise in a box, for SMEs and a framework for CSO containing questions to ask security/technical teams. The Government is also supporting on guidance to make cyber security the norm.
There have been challenges in the implementation of NIS Directive by operators of essential services:
Reviews have shown weakness in the supply chain, with big issues within sections C1 (security Monitoring), C2 (proactive security event discovery compliance) against the Cyber Assessment Framework (CAF) along with A2 (asset management). SolutionsPT are addressing these issues for our clients with Claroty.
Investment in Cyber Security is increasing:
It was suggested that the market growth and investment in cyber security broadly scoped at around 20%. Although this is predominantly seen to be delivered through technology partners and specialist and not organically grown from within local business units.
Summary and conclusion:
So, my overall summary of the key themes addressed at this year's CyberUK event are that; education to change social behavior, so security that is a part of everyday activities, is essential and that there is widespread support from industry and manufacturing to make products secure by default, for which the use of legislation will help to enforce this change within the supply chain.
It was really good to hear that the values of the event fully align with ours at SolutionsPT, ensuring systems and networks are secure by design. That monitoring and recovery are necessary and appropriate security controls and a belief in the importance of following trusted process, working inside of approved frameworks such as IEC 62443.
If you'd like to hear more about SolutionPT's approach to maintaining secure architectures why not register for our upcoming event in partnership with Datto, a world leader in business continuity, at their offices in Reading on the 23 May.