vulnerability assessment

The Role of Security in Automation

Prompted by a LinkedIn article written by our good friend James Chappell at Digital Shadows, entitled “The Role of Automation in Security” we thought that it would be a great idea to explore the converse of the concept and write about “The Role of Security in Automation” as this is exactly what we at Awen Collective are addressing.

Automation has almost always been for simplifying repetitive or dangerous tasks (or captivating imagination). This has been the case since the ancient Greek legends of automatons through to the contemporary physical robotics and digital assistants.

Homes, office buildings, factories, airports, national infrastructure, even entire cities are now being connected with systems providing advanced analytics to be able to enhance the efficiency of business and society, and to improve human-safety. However, with the inter-connectivity of physical systems comes the ever increasing ability to attack them. These systems are, for the most part, not IT-based technology (at least not entirely), they are Operational Technologies made with specific control and/or sensory processes in mind. Quite often there is a blend of legacy and contemporary technologies, often with no or limited embedded cyber-security out-of-the-box.

While some organisations are attempting to address this with active monitoring and intrusion detection technologies, they have had limited success due to the requirement of costly network reconfiguration to support these emerging technologies, and a lack of support for the legacy technologies still in use.

Awen Collective takes a different approach. With our experience performing digital forensics on these systems we have developed software (and accompanying techniques) which do not require a significant configuration overhaul. In fact, our software is specifically tailored to work on whichever network topology is in place, even if it is legacy, even if it is serial, even if it is messy and distributed. We give critical infrastructure, advanced manufacturers, smart cities and a whole load of other potential stakeholders the ability to understand the vulnerabilities of their operational networks and their cyber-physical systems. This allows them to better understand their cyber-risk and improve their cyber-security efforts, reducing their cyber-risk in a cost-effective manner and improving their compliance to a plethora of cyber-security related regulations & standards.

If you’re an owner or administrator of operational technologies or cyber-physical systems, ranging from industrial control systems (ICS, such as SCADA or IIoT), networked robotics, building control systems (including physical security and HVAC systems); then we are certainly able to help you improve your cyber-security, reduce your cyber-risks, and improve your compliance. We’re even able to assist post-incident with the necessary investigation and the reporting of the attack to relevant authorities.

Just get in touch, we’re always up for an exploratory chat. Email to schedule in a call or a face-to-face: hello@awencollective.com

We hope to hear from you soon.

Daniel - CEO & Cofounder, Awen Collective