October was Cyber Security Awareness month, established across the European Union, USA and in other nations with various events and initiatives to promote general cyber security best practices. If you participated in an event, we hope you enjoyed it and feel free to let us know your experiences.

November, this month, is Infrastructure Security month, and this was established in the USA by the Department of Homeland Security (DHS) - although its goals are certainly honourable enough to be recognised internationally. Let us know if you will be participating in some way, and how.

The goal of Infrastructure Security Month 2019 is to “enhance resilience through preparedness and exercises and promote smart, secure investment in resilient national infrastructure.”

Let’s try to explain that goal in ways that we can understand:

• Enhance resilience in this context, means that infrastructures are reliable and strengthened, but if you/they receive some incident then you/they will be prepared to go through incident response processes

• Preparedness means that organisations will need to know exactly what is on systems, that everything is patched and protected, and there is an incident response plan in place

• Exercises are for the people side - do employees know what to do, what to approach, how to respond? There might be external players involved to audit against standards, to perform penetration tests or to bring in outside expertise during “table top” exercises. All this should be mapped out in case of emergency

• Promote smart, secure investment - means:

  1. Ensuring that cyber is on the agenda at board-level, and a consideration in the Operational Technology engineering teams

  2. Promoting those organisations which follow not only regulation but good-practice standards such as ISO27001 and the NCSC Cyber Assessment Framework (CAF)

  3. Spending cyber security budget in the right places. First make sure that the risk profile is fully understood, then improve the cyber security resilience, and then consider what the best approaches will be. Be practical, be pragmatic

• National infrastructure includes a variety of sectors (defined in different ways in different countries): electricity, oil & gas, water, transportation, chemicals, communications, defence, dams, food & agriculture, financial sector, healthcare & pharmaceuticals, critical manufacturing, government and emergency services

Thankfully at Awen we were founded specifically to address all the points above:

• Profile ensures that critical national infrastructure is not only are aware of compliance levels to particular cyber security regulation in industrial organisations, but also ensures that improvements are being made - even with tight budgets in mind

• Dot provides much needed clarity over the assets and vulnerabilities in the Operational Technology (OT) systems found on the factory floor and in building automation & control systems. It gives much finer granularity of detail within a risk profile, so that budget can be spent wisely in order to improve cyber security and general resilience

If this sounds of interest, and you would like to have a chat do just contact us by sending over an email to hello@awencollective.com and we would be happy to schedule a call or meet face-to-face. We never “hard sell”.

The concepts of safety and security are quite well defined to those who speak English as a first language, or with sufficiency. They are distinct concepts and distinct terms:

• Safe comes from the Latin word salvus, which means “whence whole” and indicates that something is not in danger of being harmed or broken up. We would often talk about people being safe from harm. Safety is strongly linked with integrity. An image search for safety" will return pictures of hard hats and boots.

• Secure comes from the Latin word securus, meaning “free from care” and indicates more of a protection to enable something to be free to exist. We would often talk about assets being secure (although interestingly we might store something securely in a safe). An image search of security will return pictures of locks and CCTV cameras.

However, if we translate safety and security into other contemporary languages we often get the same word meaning both (in no particular order):

• Welsh: Diogelwch

• Spanish (Castilian): Seguridad

• Basque: Segurtasun

• German: Sicherheit

• French: Sécurité

• Swedish: Säkerhet

• Italian: Sicurezza

Of course, this is not the case in every language (Arabic for example), and even those where safety and security are translated to the same word there may be other words which could be used to differentiate the two subtle meanings.

However, we highlight this to show that when we talk about cyber security it is often to easy to talk about the protection of things. Too little thought is sometimes given to the safety and integrity aspect of cyber security.

This is especially important in our domain of cyber security of industrial control systems (ICS) / operational technologies (OT), where a cyber threat to these systems can cross from the digital into the physical. Actual physical damage could be caused to machinery, property or even human life. We have seen cases of this before, and it provides us at Awen Collective drive to do what we do. We want to protect people and businesses from cyber attacks, when the manifest in just the digital world, or in both the digital and the physical.

Contact us today if you are owners/administrators of industrial control systems or operational technologies. We would like to discuss with you how to dissipate any fears you might have regarding cyber threats to your environment.

Mission

The mission of Awen Collective is to reduce the costs of cyber-threats to critical national infrastructure and advanced manufacturing.

Rationale

Cyber attacks are able to cross digital/virtual boundaries into the physical world. These attacks have the potential to shut down our water, electricity and gas supplies, stop train travel, or cause havoc on our roads and at our airports.

Awen exists to reduce the risk of these attacks happening, and to minimise the disruption they can cause.

Values

There are four central pillars to Awen Collective:

Agility in our working. We acknowledge that requirements are not always well defined, and we adapt to the ever evolving needs of the market.

Warmth towards all. Empathy is powerful, and often overlooked in the world of technology. We strive to show the highest levels of empathy towards those inside and outside of the company.

Equality is essential. We believe that all people should have the same fundamental rights and opportunities. We do not judge or discriminate based on identity or background.

Next-level innovation. We are always innovating, thinking about the future needs of the market. Innovation is at the heart of everything that we do.

These are the values of Awen Collective, as founded in 2017, and right here and now.

From the 20th - 21st November 2019, Awen Collective will be exhibiting at the Basque Industry 4.0 Meeting Point event in the Bilbao Exhibition Centre.

Our CEO will be in attendance representing both Awen and also the Cyber Wales ecosystem, with support from the Basque Cybersecurity Centre. For those attending he will be able to share details of the products and services on offer by Awen, which are uniquely tailored to improving the cyber security of industrial organisations whether they have the latest Industry 4.0 technologies, legacy industrial control system networks, or a mix of old and new.

The Basque Country is a great place for us as it has a great industrial environment, with many small, medium and large manufacturers and critical national infrastructure providers having facilities in the region. We have some interest from various organisations in País Vasco / Euskadi, and the surrounding area, and so this will be an opportunity for us to begin working with those organisations.

The Meeting Place event itself will see around 2000 attendees, over 130 exhibitors and around 100 speakers talking about Industry 4.0, connecting industrial organisations to suppliers of additive manufacturing, collaborative robotics, cyber-physical systems, augmented reality, cloud computing, big data, virtual reality and cyber security.

It will be a great two days, and we are looking forward to meeting some great new people and companies from the Basque Country, Spain and the wider Iberian Peninsula.

On the 24th September 2019, our CEO had the pleasure to pitch to HRH The Duke of York Prince Andrew, a distinguished panel of judges and a packed lecture hall at Pitch@Palace 12.0 on Tour which took place at the University of South Wales Newport Campus.

It was a pleasure to meet the Duke of York, and hear about his perspectives on entrepreneurship, pitching and innovative business. He officially refereed the panel, and took a genuine interest in every single pitch.

The pitch by CEO Daniel gave an overview of the problems and pains that industrial organisations (energy, water, transportation and manufacturing) face in regards to cyber security, it also covered how Awen is providing solutions with Profile, Dot and our planned future software products. Finally, the audience members were asked for any introductions that they may be able to offer in these industries, to ensure that cyber security is on the board-level and managerial-level agenda.

The day also included inspirational talks from the Cofounder of Just Eat UK, David Buttress, and the Cofounder of Coffee#1, James Shapland. Breaks in the day provided not only needed refreshments, but also opportunities to network with various professionals. Plus, the entrepreneurs received some nifty goodies:

I’d recommend anyone thinking of Pitch @ Palace to go for it. It is a great opportunity to meet some exciting people and showcase some of the UK’s most innovative companies.