Background
Awen and Vortex have known each other for a while. We are both small but growing enterprises in South Wales. Vortex approached us at the beginning of 2022 to help reduce the risk of cyber attacks to the devices that they were developing as part of a 5G applied project called Continuous Urban Scanner (CURBS) in collaboration with National Express, BT and Thales NDEC. The project was part-funded by Innovate UK and used the West Midlands 5G test facility which is supported by UK Government DCMS.
Urban scanning of the built environment. Image by Vortex
The CURBS device was developed to help monitor the built environment and automatically highlight any issues on the road or kerbside. These updates to the status of the roads and built environment are then accessible to the relevant authorities (e.g. local councils) who can then more rapidly respond as appropriate. The CURBS device is intended to be mounted upon vehicles, and, as the name indicates, continuously scans the environment. For the CURBS project, the proof of concept was on National Express owned and managed buses. Awen joined the project as a full collaboration partner.
What was the problem?
Vortex had developed their device using off-the-shelf hardware components, with bespoke software. The devices were connected via 5G/4G with Wi-Fi backup (for times when the buses might be in the depot).
As the CURBS device takes photographs of public spaces; ensuring privacy through cyber secure means was a particular concern to Vortex and their stakeholders otherwise they may have been at odds with the General Data Protection Regulation (GDPR).
Also, as the CURBS device was built for the transportation sector (both in the fact that it was mounted on buses, and that it is scanning road conditions) then Vortex are a supplier to a British critical national infrastructure sector, and are therefore recommended to be working towards the Cyber Assessment Framework (CAF) as developed by the UK National Cyber Security Centre (NCSC).
What was the solution?
The Care by Awen service was initiated to perform a hands-off cyber risk assessment on the CURBS hardware, the software running on it, the network configuration and the software development processes.
The result of the service to Vortex during the project was a report about the cyber security maturity of the CURBS device, and a list of advisory next steps. These steps included suggestions to work to the Cyber Assessment Framework using Profile, to get a full penetration test on the device (of which we have partners who provide this service) and to use Dot on the managed network of these devices to ensure that vulnerabilities are continuously monitored and the risk of cyber threat are reduced.
What did Vortex say about the Care by Awen service?
Adrian Sutton, CEO of Vortex said “We were delighted with the service that Awen gave us during our Continuous Urban Scanner project. It has helped our privacy-critical product and service become a more cyber secure product and service.”
If this is of interest, and you would like to learn more about this project, our products, our early cyber risk assessment service or our partners then you can get in touch today for a no-obligation friendly chat.
