Overcoming and understanding cyber-security challenges
Posted: 23 October 2019 | Yael Mor | No comments yet
Famously, Frank Sinatra did it his way, but when Yael Mor joined Israel Railways, she learned that if she wanted to build and incorporate an effective cyber ‘attitude’ for the organisation, she would have to do it the ‘rail’ way. Here she discusses three major cyber-security challenges that she has identified as Israel Railways’ Chief Information Security Officer (CISO).
Today cyber-defence around the world is more crucial than ever. Threats to the international cyber arena are increasing every day and overcoming challenges between the physical world and the virtual world are what a CISO in any organisation deals with every day.
Challenge 1: Change prejudice about the Operational Technology (OT) team
My first challenge at Israel Railways was to change my own prejudice about the OT employees. I could have easily overlooked the OT team, looking at OT as the past and myself as the future.
Fortunately, this prejudice did not last long, and I quickly became aware of just how valuable that team is for our organisation. Prejudice gave way to admiration.
I realised that for them, the railway is not just what they do for work, but it is a way of life. For most of them, trains and railways have been an obsession since childhood. They visit train museums on their vacations. Many of them have worked for Israel Railways for several years, and they aim to always stay a vital part of the organisation being committed to their jobs for as long as there is air in their lungs and strength in their muscles.
So, my challenge, which I identified early on was an opportunity, to understand that these people are the pillars of the organisation. I realised that if I can make them as knowledgeable and interested in cyber-security risks, while at the same time encourage them to educate me about operational technologies and risks, we would all gain a lot.
This change of perspective enabled not only the design of an award-winning cyber-strategy for Israel Railways, but also meant that we were able to implement the strategy thoroughly and comprehensively across the entire organisation.
Everyone in our organisation must work together in order to protect the organisation. Attackers’ lateral movements across different systems and networks tell us that attacks can pivot from IT to OT and vice versa; IT and OT are in this together. IT and OT are both part of the same enterprise. We must work together if we want to solve our problems and do so in a manner that anticipates the next cyber-attack or human error, whether intended or unintended.
We must promote cross-functional knowledge on IT and OT and encourage cross-functional security and safety knowledge exchange between them and other teams.
This attitude influences the entire organisation. I found that the Cyber Unit must be involved in all projects. The cyber domain is complex and if we want to be part of the process in each project, we have to identify the relevant key employees and make them ‘cyber-trustees’ – which means they are the operational arm of the Cyber Unit, and they play a key role across the entire organisation.
A trustees’ responsibility is to ensure that cyber procedures are in place within their unit. That means that trustees play a huge role in being cyber-aware in each and every project or process, acting as the agents empowering and spreading the awareness of cyber-security throughout the organisation.
Challenge 2: Integrating cyber-security with ongoing projects
In an operational oriented organisation such as Israel Railways, we award long-term contracts that remain in place for many years. It is therefore critical that all relevant functions – the vendors, the organisation employee’s experts that are involved in the project, and the cyber-security personnel – cooperate and conduct a cyber-security assessment for detecting potential vulnerabilities in order to enable an effective cyber-defence solution.
The cyber-security personnel must learn how the product operates and have the capabilities to decide how it can be protected, all while keeping the flow of the project and maintaining a reasonable budget.
The major purpose is to detect the risks and minimise them. Managers and decision-makers must understand the topics in order to make the right decision and appropriately allocate resources.
Above all, we must find a way to apply business needs and not be hindered by security. This is the only way to really make things happen.
Challenge 3: Establishing a united CSOC for IT and OT systems
The Cyber Security Operational Center (CSOC) allows us to have better visibility, capabilities and processes and enables continuous improvement. When we monitor, we have capability to detect and respond to threats in a timely manner, blocking cyber-criminals’ abilities to infiltrate systems or remain hidden for long.
The main challenge for us was the integration of the OT systems into the CSOC.
OT systems come with unique security challenges. An OT SOC needs people who specialise in operational systems.OT employees hold main roles in our SOC’s team and OT experts have deep understanding and vast knowledge. To establish a SOC in an organisation, first you have to map all systems that require monitoring, and then understand the network architecture.
The next step is to collect ‘syslogs’ from each system with the united CSOC (the SIEM), which gives us the ability to monitor, analyse and control any attack as soon as we can and not letting the attack control us. The main purpose is to collect everything in real-time.
In order to bring IT and OT to work together in the same CSOC, all parties must have excellent communication and a unified ‘top down’ culture must be enforced. The rules must be clear, the teams should go through joint exercises and get to know each other, understand the risks and challenges of each system and to prioritise the playbooks. The speed and agility of the team ultimately determines the success of the CSOC.
The future
Challenges make us think. Challenges make us upgrade our products. Challenges make us better. We must understand that technology is advancing, and we can’t stay still – we must progress towards the future.
As CISO of Israel Railways, I encounter new challenges every day, understanding that the CISO role is not just about having good information security knowledge, but equally important are attributes such as flexibility and excellent communication skills.
My job is to guide the implementation of new technology in a fast, safe and secure way. My vision is the ‘rail’ way.
Glossary
- IT (Information Technology): Refers to all hardware and software used for storing, retrieving or transmitting information
- OT (Operational Technology): Refers to all hardware and software that monitors or triggers changes in physical devices
- CSOC: The Cyber Security Operational Center
- SIEM (Security Information and Events Management): The CSOC’s main system