__MAIN_TEXT__

Page 1

ISSN 2516-0087 (Print) ISSN 2516-0095 (Online)

Critical Infrastructure Protection Review Autumn 2018

CONFRONTING CHALLENGES POSED BY THE CHANGING NATURE OF THE SECURITY ENVIRONMENT HUMAN BEHAVIOUR AND DIGITAL TRUST:

HOW UNEXPECTED REWARDS CAN IMPROVE CYBERSECURITY, PROTECT CRITICAL INFRASTRUCTURE AND REDUCE COSTS

PROTECTIVE SOLUTIONS AGAINST RAMMING ACTS OF TERRORISM COGNITIVE BIASES IN INFORMATION SECURITY CAUSES, EXAMPLES AND MITIGATION QUANTUM COMPUTERS: CYBER SECURITY THREATS FOR CRITICAL INFRASTRUCTURE PROTECTING INDIAN RAILWAYS - THE NATION’S LIFELINE RISE - RESILIENCE INNOVATIONS SUMMIT AND EXCHANGE


2018

OLYMPIA LONDON, 28 – 29 NOVEMBER 2018

EVOLVING SECURITY THROUGH INNOVATION

350+

1,000+

200+

Exhibitors

Product Launches

FREE Educational Sessions

Free conferences & workshops Topics include: Protecting Crowded Places Major Events & Stadium Security Hotel and Retail Security Designing Out Terrorism Facilities Management and Security

NEW for 2018

Back by popular demand

Cyber, IT and Data Security Crisis Response & Business Continuity Critical National Infrastructure Security Transport & Border Security

Protecting Urban Spaces Immersive Demonstrator LPCB Physical Attack Live Testing Zone Drone Fly Zone ft Counter-IED UK Pavilion Co-located International Disaster Response Expo

INTERNATIONAL SECURITY EXPO

Hear from cities blighted by recent terrorist attacks

register online today for FREE and save £99 on the day: www.internationalsecurityexpo.com


EDITORIAL CONTRIBUTORS

Critical Infrastructure Protection Review Published by Delta Business Media Limited 3rd floor, 207 Regent Street London, W1B 3HH United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.criticalinfrastructureprotectionreview.com

ISSN 2516-0087 (Print) ISSN ISSN 2516-0095 (Online)

UPCOMING EVENTS

The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the publisher. While every care has been taken in the preparation of this edition, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š2018. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. criticalinfrastructureprotectionreview.com

3


CONTENTS

CONTENTS

IFC INTERNATIONAL SECURITY EXPO - ISE 2018 5

SECURITY AND COUNTER TERROR EXPO - SCTX 2019

7

EGYPT DEFENCE EXPO - EDEX 2018

8

2nd COUNTER UAS USA 2019

9 FOREWORD

By Martin Underwood

11 CWC DIGITAL OIL & GAS PARTNERSHIPS SUMMIT 12 CYBER INTELLIGENCE ASIA 2019 13 CONFRONTING CHALLENGES POSED BY THE CHANGING NATURE OF THE SECURITY ENVIRONMENT

By Matti Saarelainen, Director, the European Centre of Excellence for Countering Hybrid Threats

18 BEHAVIOURAL ANALYSIS 2019 19 HUMAN BEHAVIOUR AND DIGITAL TRUST: HOW UNEXPECTED REWARDS CAN IMPROVE CYBERSECURITY, PROTECT CRITICAL INFRASTRUCTURE AND REDUCE COSTS

By Chris A. Jones, George Runger and Jack Caravelli

25 CYBER SECURITY REVIEW 26 DELTA BUSINESS MEDIA 4

Critical Infrastructure Protection Review - Autumn 2018


www.sctx.co.uk

CNI PROTECTION

SCT

CYBER SECURITY POLICING AND COUNTER TERRORISM

SECURITY & COUNTER

MAJOR EVENTS AND CROWDED PLACES

TERROR EXPO

BORDER SECURITY

5-6 March 2019 Olympia, London

SERVICES

@SCTX19 sctx.co.uk/linkedin

OFFENDER MANAGEMENT

THE UK’S LEADING NATIONAL SECURITY EVENT Meet face to face with over 10,000 security professionals

200+ Free-to-attend seminar sessions

350+ Exhibitors - Explore the latest products and solutions

Benchmark strategies with the security experts from over 100 countries

VISIT SCTX.CO.UK TO REGISTER FOR THE SHOW Part of UK Security Week

WORLD COUNTER TERROR CONGRESS

Ambition THE EPRR EXPO

Organised by

FORENSICS EUROPE EXPO


CONTENTS

27 PROTECTIVE SOLUTIONS AGAINST RAMMING ACTS OF TERRORISM

By Zsuzsanna Balogh, PhD, Hungarian Ministry of Defense

36 3rd NEXT GENERATION CYBER SECURITY FOR UTILITIES 2019 37 COGNITIVE BIASES IN INFORMATION SECURITY CAUSES, EXAMPLES AND MITIGATION

By Veselin Monev, information security and compliance practitioner

44 ENFORCE TAC 2019 45 QUANTUM COMPUTERS: CYBER SECURITY THREATS FOR CRITICAL INFRASTRUCTURE

By Roderick Hodgson, Director Secure Chorus

50 PUBLIC SAFETY INDONESIA 2019 51 PROTECTING INDIAN RAILWAYS - THE NATION’S LIFELINE

By Colonel H R Naidu Gade - Indian Army Veteran

59 INTERNATIONAL DEFENCE INDUSTRY FAIR – IDEF 2019 60 DEFENCE & SECURITY 2019 61 RISE - RESILIENCE INNOVATIONS SUMMIT AND EXCHANGE

By Michael W. Lowder, Michael W. Lowder & Global Associates, LLC

65 COUNTER-IED REPORT IBC BAHRAIN’s PREMIER INTERNATIONAL TRI-SERVICE DEFENCE SHOW – BIDEC 2019 6

Critical Infrastructure Protection Review - Autumn 2018


HELD UNDER THE PATRONAGE OF HIS EXCELLENCY, PRESIDENT ABDEL FATTAH EL-SISI THE PRESIDENT OF THE ARAB REPUBLIC OF EGYPT, THE SUPREME COMMANDER OF THE EGYPTIAN ARMED FORCES

3-5 DECEMBER 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE

JOIN EGYPT’S FIRST TRI-SERVICE DEFENCE EXHIBITION IN 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE 3-5 DECEMBER 2018 300+

EXHIBITORS

10,000+ VISITORS

@egyptdefenceexpo

FULLY-HOSTED VIP

DELEGATION PROGRAMME /egyptdefenceexpo

www.egyptdefenceexpo.com Platinum Sponsors

sales@egyptdefenceexpo.com

Gold Sponsors

VIP Lunch Sponsor

Official Carrier

Bronze Sponsors

Silver Sponsors

Supported by

Ministry of Defence

@visitedex

Media Partner

Egyptian Armed Forces

Ministry of Military Production

Organised by


March 12-14, 2019 Washington, D.C.

DETECT IDENTIFY DEFEAT Expert presentation from the military, government, law enforcement, and international military & government. COUNTERUAS.IQPC.COM


FOREWORD

FOREWORD By Martin Underwood

E

xactly what constitutes Critical Infrastructure may vary from nation to nation, but the common aspects would be the major impact upon essential services, national security or the functioning of the state resulting from any disruption to it. The threats to critical infrastructure that are the most obvious are those that may be instigated by malicious acts, whether by criminals, terrorist and insurgent groups of malign state actors, but natural disasters must not be ignored. The devastation caused recently by sweeping forest fires in California, floods in major Italian cities and the earthquake and tsunami in Indonesia show that nature can be every bit as damaging as deliberate attacks on infrastructure. The massive leap in communications and information technology in the past quarter century or so has made delivery of systems and services greatly more efficient and effective, but has also exposed the critical infrastructure to cyber-attack. Targeting of critical information systems becomes more common year on year and the challenge to defend our systems and infrastructure more complex. We see in Roderick Hodgson’s fascinating analysis of the growth of quantum computing, how this exciting technological enhancement may further revolutionise our lives, but

holders of private data need to follow to ensure that they provide the best protection. This not to say that the bureaucratic measures are unnecessary, but simply to highlight additional costs to business at all levels. This theme of “Human Behaviour and Digital Trust” is explored in detail by Chris Jones, George Runger and Jack Caravelli, where they explain how trust in digital systems can be lost in an instant, but takes months or years to regain. Digital trust refers to the interconnection of people, data and networks and their article looks at how breaches of this trust can be rapidly identified, quantified and corrected. A key element to this being the importance of having the right people at critical points of the system – including anyone who enters data into the system – and how to motivate security aware behaviours. Related themes are addressed by Veselin Monev in his analysis of how human factors are crucial to addressing information security, including the need to finds ways to overcome natural cognitive biases. One of the themes common to most of the articles in this edition is planning. The further ahead that we can address security provisions within critical infrastructure and design the infrastructure and its associated systems the more likely we will be able to

at the potential cost that its use for criminal purposes will be harder to protect against. A loss of public confidence in the data security provided by banks and social media companies, among others, takes time to rebuild and has a knockon effect on the type and quality of data that we are prepared to share – and in the bureaucracy that all

achieve protection. Michael Lowder’s report on the Resilience Innovations Summit and Exchange in the transportation infrastructure sector neatly summarises this with the line “To be effective resilience must be ‘built-in not bolt-on’.” His report emphasises the value of traditional table-top exercises to resilience planning, bringing together transport regulators, providers

criticalinfrastructureprotectionreview.com

9


FOREWORD

and users to reflect upon the interconnectivity of transportation infrastructure and systems and to develop resilience in them. Although it is often easy to focus on the cyberthreat to our data systems, the threat to physical infrastructure could be just as devastating, if not more so. The vastness and complexity of the Indian Railway system is described in a wonderfully descriptive article by Colonel HR Naidu Gade. The miles and miles of track, some 145,000 bridges, tunnels and signalling systems that comprise “The Nations Lifeline” are vulnerable not only to the massive failure of control and ticketing systems, but to physical attack in a country with a complex ethnic and religious makeup that sadly some minorities want to destabilise. Of course, the threats to the railways in India are equally valid from natural threats. The investment by the Government of India to replace and upgrade the network in the coming years will improve resilience and emphasises the planning element to this task. Reading Colonel Gade’s article took this writer back to happy times travelling on the Indian Rail network some years ago! In Europe, Australia and the United States the use of vehicles as weapons to attack city centres and other places where crowds accumulate to enjoy leisure time, or to go about their daily business has been a sad phenomena in recent years. LTC Zsuzsanna Balogh notes that this attack strategy is nothing new, as similar methods were used in the Assyrian War as long ago as 750 BC – it is just the technology that changes. Physical protection can reduce the impact of ramming attacks, but this is much more effective when introduced at the planning stage in city centre modernisation and the 10 Critical Infrastructure Protection Review - Autumn 2018

construction of new buildings, rather than trying to retrofit after an attack has taken place. The hybrid threats that we now face are nothing new. People have always exploited the weaknesses of others, and it is a constant battle between the technology available to the attacker and that available to the defender. Matti Saarelainen discusses how every country needs to understand its own strengths and weaknesses and how these complex threats (not forgetting the natural threats) may impact on society, the economy and national security. Whatever the nature of the critical infrastructure, physical or data, decision makers need to take a holistic approach, recognise the key vulnerabilities and plan accordingly. Investment in the early stages will make infrastructure more secure and present significant cost benefit in the longer term. ■

ABOUT MARTIN UNDERWOOD Martin Underwood is the Managing Director of Tonanti Limited and an independent consultant in Defence, Security and related matters. His main area of expertise is in ammunition and explosives and he has worked as a Technical Advisor on countering the IED threat, both as a British Army Officer and subsequently as a civilian in the NATO Counter-IED community. He was Technical Advisor to the NATO Counter-IED Capability Monitor and Secretary of the NATO Counter-IED Task Force for two years, advocating the treatment of Improvised Explosive Devices as weapon systems and the exploitation of technical intelligence and evidence from their use to identify and disrupt wider threat networks.


To receive a full version of the Critical Infrastructure Protection Review, please complete the Subscription Form. Please provide a valid corporate, government or academic email address. We reserve the right to refuse to accept any subscription at our discretion. If you have any queries, please email to: editorial@deltabusinessmedia.com

www.criticalinfrastructureprotectionreview.com

Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com

Profile for Delta Business Media Limited

Critical Infrastructure Protection Review Autumn 2018  

Critical Infrastructure Protection Review, the go-to destination for the latest news and expert knowledge, which will assist governments, an...

Critical Infrastructure Protection Review Autumn 2018  

Critical Infrastructure Protection Review, the go-to destination for the latest news and expert knowledge, which will assist governments, an...

Advertisement