Eight cyber security principles needed to protect the public - Gulf Business
Now Reading
Eight cyber security principles needed to protect the public

Eight cyber security principles needed to protect the public

Why it is important to protect the ‘digital aqueducts’ of society

In August this year, authorities in the UAE announced the deployment of an advanced cyber security network to 35 federal entities with the aim of protecting government institutions from advanced persistent threats (APTs).

Officially named as the Federal Network (FEDNet), the sweeping upgrade was introduced by the UAE’s Telecommunications Regulatory Authority (TRA) and is designed to serve as a common infrastructure for federal entities. The network allows interconnection and data exchange between all local and federal government entities, verifying the pattern of any e-content, be it an email or a website. The system then assesses any suspicious patterns in how the data is dealt with, helping protect against zero day attacks.

This latest government-led cyber security initiative follows the launch of a cyber security strategy by Dubai earlier this year, aimed at strengthening the city’s position as a world leader in innovation, safety and security and managing cyber security risks.

The strategy focuses on five main domains; the first being the cyber smart nation, which aims to raise public awareness on the importance of cyber security and ensure the development of a society that is fully aware of the potential dangers of cyber crime. The goal of this directive is also to invest in the skills
and capabilities necessary to manage cyber security risks among government and private institutions and individuals in Dubai.

The second domain relates to innovation in the field of cyber security and the establishment of safe and secure cyber space, so as to encourage further innovation in Dubai.

The objective of the third domain is to secure cyber space by establishing controls to protect the confidentiality, integrity, availability and privacy of data.
The fourth domain focuses on establishing and maintaining cyber resilience, ensuring the continuity and availability of IT systems in a digital environment.

Authorities in Dubai believe these objectives can only be achieved through national and international collaboration among different sectors, and, as such, the fifth domain is related to cyber security cooperation and information exchange.

It is impressive and formidable that local and federal governments like those of the UAE, Abu Dhabi and Dubai, together with others in the region, are taking a pro-active stance to securing public digital infrastructure with the view to safeguarding their societies’ digital futures.

Investment in cyber security, and more importantly what we refer to as cyber resilience, is as important to building and sustaining modern society as protecting the delivery of clean, running water through a complex network of aqueducts in the burgeoning cities of Roman times. From their inception and widespread use nearly 2,500 years ago, aqueducts fuelled a higher quality of life for citizens through improved health, which in turn boosted their ability to conduct commercial activities such as farming and trade.

If an enemy was looking for an effective way to destabilise a city ecosystem in those times, compromising its aqueduct-supplied water resources was a highly effective option, and the parallels with today’s digital networks as lifelines to modern society are uncanny.

In many ways, modern digital transformation is akin to the introduction of aqueducts in Roman times, with construction of these ingenious water delivery channels offering impressive and sustainable improvements to the quality of life for all city inhabitants and beyond. However, in a similar way in which polluting or disrupting the water supply of a city reliant on aqueducts in ancient times jeopardised the very existence of that community, cyber incidents today attack the very foundations on which our modern existence is based.

It has become abundantly clear in our modern societies that the rate of new cyber attacks, and the often bruising impact such incidents wreak across all facets of life, are rising exponentially. The cyber threat surface is widening and often the media portrays targets of such attacks as hapless victims, with limited options to protect themselves from further incidents beyond just hoping it does not happen again.

Paradigm shift

We believe the proactivity being shown by national leadership in the UAE and other parts of the world should and must be implemented by private sector institutions — large and small alike — in order to reel back the growing cyber threat surface. Mindsets need to evolve, viewing a heightened level of cyber security posture — cyber resilience — as a central theme for continued digitisation.

Cyber resilience references the adoption of a security lifecycle spanning the planning, prevention, detection and protection and response to cyber incidents on a continuous and real-time basis. Entities need to assume a state of breach and develop processes and invest in capabilities to mitigate any incidents that may arise.
Digital transformation is opening up a fantastic new world of opportunities, and maintaining the optimal and secure operation of networks and interconnected devices and sensors they support is one of the greatest responsibilities for the sustainability of modern existence.

A prime example of the need to consider the risks opened up by the unrelenting march of digital innovation, and plan for them, is the recent move by the UK’s Department for Transport, in conjunction with the Centre for the Protection of National Infrastructure, to publish a list of key principles for automated vehicle use throughout the sector.

The report points to how essential it is that all parties involved in the automotive manufacturing supply chain, from designers and engineers, to retailers and senior level executives, are provided with a consistent set of cyber security guidelines that support the global industry for automated vehicles.

The new rules include eight points the government proposes are necessary, from a cyber security perspective, in order to best protect the public from the consequences of cyber incidents as automated vehicles gain traction. These proposals resonate highly across digital innovations and are worth recounting:

Principle 1: Organisational security is owned, governed and promoted at board level.
Principle 2: Security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain.
Principle 3: Organisations need product aftercare and incident response to ensure systems are secure over their lifetime.
Principle 4: All organisations, including sub-contractors, suppliers and potential third parties, work together to enhance the security of the system.
Principle 5: Systems are designed using a defence-in-depth approach.
Principle 6: The security of all software is managed throughout its lifetime.
Principle 7: The storage and transmission of data is secure and can be controlled.
Principle 8: The system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail.

Although specified for automated vehicles, these are good guiding principles for the wider spectrum of Internet of Things (IoT) devices.

Leo Cole is vice president of marketing at DarkMatter


Scroll To Top