Last week's visit to CYBERUK, the UK government’s flagship cyber security event was certainly an insightful and thought provoking couple of days. Hosted by the National Cyber Security Centre (NCSC), it featured world-class speakers, solutions and had countless opportunities for myself and Tony Mannion, Sales Development Manager, hear the latest insights on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.
"If its not cyber secure then its not safe."
The event highlighted the impact of human/operational failings through examining the Triton attack process and the key factors that made the attack possible. Such as a network connected engineering workstation, a PLC left in program mode and not locked to run mode and a lack of monitoring.
It's key to tackle the easy to resolve issues and make these practices the social norm. A good example of this is email and the use of DMARC, Domain-based Message Authentication, Reporting & Conformance, an email authentication, policy, and reporting protocol which validates email messages before they are delivered to check validity.
It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
Like we're increasingly used to seeing with food sales with the Red, Amber, Green status for health, these RAG status' are looking likely to be included on IOT and other consumer devices in the first instance.
Supported by legislation, manufacturing is backing the need to make devices safer from the point of sale. A code of consumer practice has been created to remove poorly designed devices out of the supply chain. Its looking likely this will form into legislation to meet ‘Secure by design’ standards as highlighted in the NCSC 5 year plan by 2021.
NCSC has produced a free toolkit, Exercise in a box, for SMEs and a framework for CSO containing questions to ask security/technical teams. The Government is also supporting on guidance to make cyber security the norm.
Reviews have shown weakness in the supply chain, with big issues within sections C1 (security Monitoring), C2 (proactive security event discovery compliance) against the Cyber Assessment Framework (CAF) along with A2 (asset management). SolutionsPT are addressing these issues for our clients with Claroty.
It was suggested that the market growth and investment in cyber security broadly scoped at around 20%. Although this is predominantly seen to be delivered through technology partners and specialist and not organically grown from within local business units.
So, my overall summary of the key themes addressed at this year's CyberUK event are that; education to change social behavior, so security that is a part of everyday activities, is essential and that there is widespread support from industry and manufacturing to make products secure by default, for which the use of legislation will help to enforce this change within the supply chain.
It was really good to hear that the values of the event fully align with ours at SolutionsPT, ensuring systems and networks are secure by design. That monitoring and recovery are necessary and appropriate security controls and a belief in the importance of following trusted process, working inside of approved frameworks such as IEC 62443.