Information Security award entry

The aim: To work with a well established critical national infrastructure security provider to create a cyber intelligence framework that would be used to raise the technical and intelligence capabilities around the critical national infrastructures of the major Middle East Governments.

 

Most of the telecoms infrastructure in this region is aged which makes it difficult to implement modern technical solutions designed to protect against modern attacks, such as spear phishing, DdoS, Ransomware, APT’s, impersonation and physical.

 

An integral part of any cyber security strategy is also the peronnel responsible for managing and responding to the risk; so, the technical solution would also have to enable modern knowledge transfer that provides the materials, methods and understanding required to educate and train local personnel in this field.

 

Above all, this needed to be completely secure and self-sufficient. In order for this to be achieved key intelligence and materials would need to be provided in local dialects of Arabic.

 

The Cyjax Digital Intelligence Framework is an in-house custom built platform that provides its own AppStore of intelligence applications that are designed to capture, process, visualise and disseminate contextualised information in a number of different ways ranging from simple risk based profiling to advanced and detailed technical outputs. For this project we would create a new unique implementation of the platform designed to enable the exchange of information between a number of different legacy devices and technologies, such as firewalls, servers, switches, routers, phone exchanges (PBX) and various embedded control and monitoring systems that can be found in power stations and water control facilities, with a modern cyber intelligence framework that would provide a number of essential modern capabilities that are designed to discover emerging risk, enrich operational information and inform responses and strategic planning.

Modern capabilities that are essential would include but not be limited to brand based exposure in the global mainstream press across all languages simultaneously; sentiment analysis of social media exposure for the company; digital profile monitoring of all staff which includes their social media profiles and visible online interactions and activities to help assess any information disclosures that could be associated with risk, such as too much personal information or company sensitive information that could be used by an attacker as leverage in an attack or bribery attempt; company assets including all known brands, staff and executive risk and exposure; all websites; all email and communication systems and all files; a digital sweep that involves all of the above actions and a subsequent monitoring framework around their entire supply chain and affiliate network to ensure that when risk emerges in the form of a threat, such as an attack or a data theft, they are kept informed in real-time; a darknet monitoring and intelligence capability in both public and closed source areas of the various darknets, including forums and invite only communities; critical vulnerability montitoring of their entire software and hardware infrastrcuture which must include every version of every bit of software and hardware they are operating throughout the entire infrastruicutre and, the ability to monitor and view the logs of their internal processes for the purpose of behavioural analysis to discover abnormal patterns in internal network traffic; finally, the situational awareness of what is happening around them. Terrorism is a major factor in this region and cyber toolkits are essential in the capture and dissemenation of related threat intelligence.

 

One of the challenges in this region is the language barrier, and while everyone speaks great English, a self-sufficient solution must be localised to be considered a sucess. Also, it is important that we are able to provide information natively if it is to be used for training and educational purposes.

Due to the skills shortage in this field, we took a slightly different approach to recruitment in specific areas of our business. We recruit native language speaking cyber security PhD students from Oxford University, whom we have fostered a relationship with over the past two years. We regularly run seminars and training sessions that provide a platform of engagement with very talented students who are approaching the end of their PhD. We train them before assigning them contracts.

This approach has proven to be an extremely popular strategy with our partners in the Middle East, as they are keen on developing talent in the region alongside the capability we were helping to create.

 

We continue to provide data and knowledge to the Middle East through this platform and have helped to greatly modernise the capabilities that are now protecting the critical national infrastructures in the Middle East.

By successfully implementing our intelligence capability and vision, we have helped to raise the level of security around critical national infrastructure in the region. Information that was previously inaccessible, such as firewall attack analysis, log data from multiple phone exchanges and legacy control systems is now being processed in a central intelligence hub that has enabled fast analysis, enrichment, fast response, and automated delivery of risk mitigation information throughout the Middle East.

The first successful implementation in the region was inside a government water control facility. It was met with such high praise that the team responsible were promoted to create a new technology innovation department for the entire government in that particular part of the Middle East.

The key element in our technology is its ability to collect and distribute information between multiple different systems of varying age and complexity. We enable this capability by combining modern application programming interface technology (API, such as REST, which allows remote computer systems to present, query or collect information using a unified language, similar to XML) with a set of serialisers we designed for communication with older legacy devices and systems that do not have traditional or modern API functionality. The serialisers act as a reverse API, providing a custom connection remote programming interface (RPI), allowing our platform to draw information out of, and push information back into these systems. The serialisers are also responsible for translating the information into a modern API format (such as JSON), to enable interaction with other technologies as described above, and of course to then translate new information back to the legacy formats prior to distribution.

You need patience to work in the Middle East, things do not happen as quickly as we are used to in the West; however, once your project gets into full swing you will be rewarded with the friendship and the trust of some truly intelligent and innovative individuals. A very rewarding experience overall.

An entry for you to assess

2017 Submission: Heading
This is the main picture that will appear at the top of your entry. At least 1200 pixels wide is recommended.
Maximum upload size: 2.1MB
Please use the internet address of a picture (it should end in .png or .jpg or similar) that will be visible to people outside your organisation until after the awards end.
No more than 10 words please.
No more than 25 words please

Save this tab if you have made any changes

Another organisation

Please provide the internet address of the organisation's logo
For inclusion in our publicity about this entry if nominated
Information will be required about the start and end date of, size of investment in and geographical scope of your initiative where appropriate

About your Entry

The information you provide here will help determine the suitability of your submission and the best shortlist for your entry if nominated

implementation
implementation
implementation
implementation
implementation
implementation
The investment on this initiative from its initial conception to now, excluding elements that would have been required for other reasons anyway, and excluding aspects that do not impact this entry. We may use this when finalising the shortlists to split a popular category into two categories by project size. Also judges take this into account when assessing Impact, and so if you can disclose this information it can only be helpful for both of these processes.
initiative's focus
Which region(s)?
Which nation?
Covering which countries?

Confidentiality

Let us know here if you would like some aspects of your entry kept confidential
We may wish to include your entry in publicity about shortlisted entries.
If you would like the candidate's organisation's name to not be mentioned by us then please ensure that it is also not mentioned in your text, images, videos or PDFs included in your entry.

Save this tab if you have made any changes

Your Entry

Here you describe your initiative or strategy; what you did and why you did it, how it was successful and what your fellow professionals could learn from your experience. You can use a mix of text, pictures, video and PDFs etc. to convey your ideas and engage the interest of judges. We recommend that you include a concise overview for judges spending less time reviewing entries, with greater depth also provided for those that wish to know more. You will be able to fine-tune (edit) your materials up until the time that judging starts.

Any background or confidential information that you would like the organisers to take into account when considering this entry for nomination. This will not be published.
Your entry in full.
If you have a video you would like included with your entry description, upload it to YouTube and paste the link here
Maximum upload size: 2.1MB
If you have a PDF you would like included with your entry description, upload it here

About the following

These input blocks for Impact, Innovation and Inspiration are provided in case you would wish to provide additional information for the judges, to help them understand the strength of your submission in terms of each of our three judging criteria.

The difference made in target communities and benefits to the organisation - good anecdotal or metric evidence of real outcomes rather than reams of stats.
If you have a video you would like included with your impact statement, upload it to YouTube and paste the link here
What's distinctive about this entry and how being creative has helped you overcome challenges - a good idea that your fellow professionals might not have thought of.
If you have a video you would like included with your innovation statement, upload it to YouTube and paste the link here
Hints and tips from your real experience to help your fellow professionals (the judges) adopt your good ideas and apply them to suit their circumstances.
If you have a video you would like included with your inspiration statement, upload it to YouTube and paste the link here

Save this tab if you have made any changes