Cyber Security is not just for Giants
Large companies are aware of the dangers that cyber attacks can bring. It is common practice to set up cyber defence center (CDC) teams to counter and prevent adverse events. What is the CDC’s usual remit?
Andrzej Dalasiński: It is a common misconception that security is limited to confidentiality. After all, the most obvious consequence of a cyberattack is the theft of data. However, keep in mind that confidentiality is only one of the three aspects of security. The other two are accessibility and integrity. With this in mind, the natural tasks of security operation center teams are to monitor and manage security incidents. The Cyber defence center is nothing more than an extension of the SoC, and the CDC’s scope of tasks is extended most often to include vulnerability management, penetration testing, security intelligence, security audit and compliance. The above set are just examples, each organization should decide for itself on the centralization of functions that will allow solving security violations faster and more efficiently.
Who usually handles security in the organization?
A.D.: in my opinion, we have two key words here: cooperation and automation. In principle, there are no more IT-unsupported processes in organizations, so without cooperation between different cells and the IT department, it will not be possible to effectively conduct a security policy. It seems that the days when the security department was the internal police, detached from the rest of the organization, are over.
On the other hand, the amount of information we process is so huge that without automation, at least part of the analytical processes, we are not able to draw conclusions, report them and respond to them effectively. The challenge is to combine automation and collaboration, which are seemingly quite distant, require different tools and competencies, but together represent a huge value for the organization.
It looks like a costly operation. Is it profitable to get involved in cybersecurity?
A.D.: building a CDC is neither an easy nor a cheap process, but I find it hard to imagine running a risk-laden business while neglecting cyber security. Security uses a triangle known as project management: time-budget-quality. High-quality security cannot be ensured by limiting time and budget. If security is to be at the right level, it will take time and / or budget. The larger the project, the more technology, people and processes, and consequently, the greater the time and budget needs.
I currently work at Bosch, where as part of the IT competence center we provide software for the production of modern components, so the safety of our projects is of great importance to me. Failure to monitor this issue can have far-reaching, costly consequences. It is enough to imagine that the system controlling the stock in the factory will be maliciously changed so that instead of ordering several thousand accelerometers, several thousand photodetectors, or instead of sending several thousand sensors to Stuttgart, it will send them to the port of Hamburg.
Do accidents like this really happen?
A.D.: these aspects and the risks associated with them are not science fiction. It’s the real world and the real threats. Years ago, when an order was sent in the form of a paper document by fax or mail, at least one person signed the document and another person received it. It sometimes took several weeks and there was really a lot of time for correction. Currently, from noticing the need to replenish inventory to the departure of the completed order from the supplier, sometimes minutes pass. There is really little time for correction, so it is very important to ensure the security of the systems and data we are working on.
I believe that the direction we have chosen is a guarantee that Bosch products are created in an environment controlled by our experts, that unauthorized persons do not influence the design and production processes of our solutions. Also, the data of customers and users stored in our systems, both traditional ones and those that are part of the Bosch IoT cloud, are safer thanks to our work.
Is cybersecurity a topic reserved only for large companies?
A.D.: definitely not! Safety rules should be implemented regardless of the size of the projects and the scale of the enterprise, adapting the tasks of the CDC accordingly to its needs. Depending on the scale of the company and its organizational complexity, the lack of a dedicated security team threatens to slow down the response to threats. Today, we use cyber solutions in every area of business: human resources, accounting, logistics, manufacturing and its latest version-Industry 4.0, as well as the products themselves and the internet of things. It’s all connected somewhere. If, as a consequence of the threat, an attack occurs, a long response time basically means that it is not possible to defend or even detect that such an attack has occurred.
How to set up a cyber defense center in your company?
A.D.: it is necessary to start by defining clear goals and expectations for such a center. The next step is to check what security features we already have in the organization, and what we still need. It is possible that some of the functions already existing will be transferred to the CDC, leaving the rest in the existing teams. Once the answer to the question of what the CDC should do is known, the next question should be determined: with whom and for whom the team will perform these tasks, and what competencies and tools it should be equipped with.
There is a lot of responsibility on the CDC, so it is very important to plan properly and find the answer to the question of what the organization needs. However, I am convinced that with proper preparation, implementation will pay off quickly.
The interlocutor was Andrzej Dalasiński, Team Manager at Robert Bosch SP. z O. o