By Haifa Jlassi, Senior Security Consultant, BT Middle East and North Africa.
The Middle East has been a conflict region for decades and its governments have invested a lot in protecting their boundaries.
The Gulf Cooperation Council (GCC) in particular — Saudi Arabia, Kuwait, Bahrain, Qatar, the United Arab Emirates and the Sultanate of Oman — has progressed quickly in terms of IT. The digital boundaries of these countries have become virtual and non-existent so the GCC states have found themselves prone to cyber attacks. Cyber criminals have new weapons to attack valuable assets like national reputation, government data and critical infrastructure.
So now GCC governments are fully aware of the cyber war. Their main objective is enhancing their visibility in order to protect themselves and react appropriately.
Dostal (2007) writes: “In the context of military command and control applications, situational understanding refers to the product of applying analysis and judgment to the unit’s situation awareness to determine the relationships of the factors present and form logical conclusions concerning threats to the force or mission accomplishment, opportunities for mission accomplishment, and gaps in information.”
Let’s look at this in the context of a cyber war.
The mission is to protect the reputation, data and critical IT infrastructure. The unit’s situation awareness is the information that we can gather around these environments:
- Assets location
- Value/criticality
- Vulnerabilities
- User access
- External threats and campaigns
- Internal threat and risks
- User application behavior
- Traffic analysis.
The accuracy of this information is vital — the fewer false positives and false negatives the better. Then the biggest challenge is making sense of all this information; the situational understanding.
BT Assure Cyber Framework has the answer to the GCC states’ objective. It details and integrates:
- different components in a business environment which help gather and ingest the information using data lakes, intelligence engines, malware analysis and risk modeling engines
- a modular approach which helps make sense of large amounts of data using super correlators, Big Data techniques and robust alerting engines
- components which help with smart decision-making using robust reporting and visual analytics.
Cyber security frameworks have to be built around a capable cyber security threat operational team using adequate processes and standards. These teams will handle incident and threat management as well as forensics. They need to work closely with risk management, compliance and strategy teams, security management teams, network design and architecture teams as well as legal and PR teams.
Situation awareness applies to the different teams also; in fact we can apply the Endsley and Jones model (2001) where four factors act to enhance global situation awareness:
- requirements
- devices
- mechanisms
- processes.
In order to complete the lifecycle, the performance has to be continuously measured to monitor the accomplishment of the identified goals and objectives, as well as their progress towards stated targets.
Once we explain this framework, be it based on BT Assure Cyber or an integration of different technologies, the GCC countries can focus on how they can respond, remediate and investigate.
