UAE Critical National Infrastructure Security Project

Integration of CYJAX Threat Intelligence Platform

[maybe-frm-field-value field_id=4685 user_id=current entry=7666 equals=”Anonymous during judging stage”]

Information Security award entry for the “[4721]” category

[/maybe-frm-field-value] [maybe-frm-field-value field_id=4685 user_id=current entry=7666 not_equal=”Anonymous during judging stage”]

Information Security award entry from for the “[4721]” category

[/maybe-frm-field-value]

The aim: To work with a well established critical national infrastructure security provider to create a cyber intelligence framework that would be used to raise the technical and intelligence capabilities around the critical national infrastructures of the major Middle East Governments.

 

Most of the telecoms infrastructure in this region is aged which makes it difficult to implement modern technical solutions designed to protect against modern attacks, such as spear phishing, DdoS, Ransomware, APT’s, impersonation and physical.

 

An integral part of any cyber security strategy is also the peronnel responsible for managing and responding to the risk; so, the technical solution would also have to enable modern knowledge transfer that provides the materials, methods and understanding required to educate and train local personnel in this field.

 

Above all, this needed to be completely secure and self-sufficient. In order for this to be achieved key intelligence and materials would need to be provided in local dialects of Arabic.

 

The Cyjax Digital Intelligence Framework is an in-house custom built platform that provides its own AppStore of intelligence applications that are designed to capture, process, visualise and disseminate contextualised information in a number of different ways ranging from simple risk based profiling to advanced and detailed technical outputs. For this project we would create a new unique implementation of the platform designed to enable the exchange of information between a number of different legacy devices and technologies, such as firewalls, servers, switches, routers, phone exchanges (PBX) and various embedded control and monitoring systems that can be found in power stations and water control facilities, with a modern cyber intelligence framework that would provide a number of essential modern capabilities that are designed to discover emerging risk, enrich operational information and inform responses and strategic planning.

Modern capabilities that are essential would include but not be limited to brand based exposure in the global mainstream press across all languages simultaneously; sentiment analysis of social media exposure for the company; digital profile monitoring of all staff which includes their social media profiles and visible online interactions and activities to help assess any information disclosures that could be associated with risk, such as too much personal information or company sensitive information that could be used by an attacker as leverage in an attack or bribery attempt; company assets including all known brands, staff and executive risk and exposure; all websites; all email and communication systems and all files; a digital sweep that involves all of the above actions and a subsequent monitoring framework around their entire supply chain and affiliate network to ensure that when risk emerges in the form of a threat, such as an attack or a data theft, they are kept informed in real-time; a darknet monitoring and intelligence capability in both public and closed source areas of the various darknets, including forums and invite only communities; critical vulnerability montitoring of their entire software and hardware infrastrcuture which must include every version of every bit of software and hardware they are operating throughout the entire infrastruicutre and, the ability to monitor and view the logs of their internal processes for the purpose of behavioural analysis to discover abnormal patterns in internal network traffic; finally, the situational awareness of what is happening around them. Terrorism is a major factor in this region and cyber toolkits are essential in the capture and dissemenation of related threat intelligence.

 

One of the challenges in this region is the language barrier, and while everyone speaks great English, a self-sufficient solution must be localised to be considered a sucess. Also, it is important that we are able to provide information natively if it is to be used for training and educational purposes.

Due to the skills shortage in this field, we took a slightly different approach to recruitment in specific areas of our business. We recruit native language speaking cyber security PhD students from Oxford University, whom we have fostered a relationship with over the past two years. We regularly run seminars and training sessions that provide a platform of engagement with very talented students who are approaching the end of their PhD. We train them before assigning them contracts.

This approach has proven to be an extremely popular strategy with our partners in the Middle East, as they are keen on developing talent in the region alongside the capability we were helping to create.

 

We continue to provide data and knowledge to the Middle East through this platform and have helped to greatly modernise the capabilities that are now protecting the critical national infrastructures in the Middle East.

By successfully implementing our intelligence capability and vision, we have helped to raise the level of security around critical national infrastructure in the region. Information that was previously inaccessible, such as firewall attack analysis, log data from multiple phone exchanges and legacy control systems is now being processed in a central intelligence hub that has enabled fast analysis, enrichment, fast response, and automated delivery of risk mitigation information throughout the Middle East.

The first successful implementation in the region was inside a government water control facility. It was met with such high praise that the team responsible were promoted to create a new technology innovation department for the entire government in that particular part of the Middle East.

The key element in our technology is its ability to collect and distribute information between multiple different systems of varying age and complexity. We enable this capability by combining modern application programming interface technology (API, such as REST, which allows remote computer systems to present, query or collect information using a unified language, similar to XML) with a set of serialisers we designed for communication with older legacy devices and systems that do not have traditional or modern API functionality. The serialisers act as a reverse API, providing a custom connection remote programming interface (RPI), allowing our platform to draw information out of, and push information back into these systems. The serialisers are also responsible for translating the information into a modern API format (such as JSON), to enable interaction with other technologies as described above, and of course to then translate new information back to the legacy formats prior to distribution.

You need patience to work in the Middle East, things do not happen as quickly as we are used to in the West; however, once your project gets into full swing you will be rewarded with the friendship and the trust of some truly intelligent and innovative individuals. A very rewarding experience overall.