Kirsi

Operational Technology (OT)

In collaboration with our partner DNWP, we are raising awareness of cybersecurity in the industrial environment.

– Join the conversation throughout 2021 –

At the webinar in May we talked about Operational Technology (OT) and we had the honor of getting top experts to discuss the topic.

Hanna Pikkusaari, Smart Technology Advisor, Speaker and Educator, Osaango Ltd. https://www.osaango.com

Ivo Maritz, Senior Advisor, Monti Stampa Furrer & Partners AG, https://msfpartners.com

Antti Viro, Chief Technical Officer, Dedicated Network Partners Oy, https://www.dnwpartners.com

The webinar was moderated by Aapo Cederberg, CEO, Founder, Cyberwatch Finland

When organizations assess their security strategies, they sometimes overlook IT/OT convergence security, particularly the operational side. With the adoption of IoT devices that connect operational technology to the IT component of IT/OT convergence, this aspect of security must not be forgotten. “Julia Borgini”

I think we can all agree with Julia

Some observations

Thank you so much for generously sharing your time and expertise!

Enjoy!

Digital Security in the Public Sector

The Ministry of Finance hosted a webinar on 25 May as part of the Finnish Presidency year 2021 in the Nordic Council of Ministers.

The recording of the event has been completed and can be viewed for two weeks (2 weeks)

The webinar was opened by Minister of Local Government Sirpa Paatero, the keynote speaker was CEO Aapo Cederberg from Cyberwatch Finland and hosted by Kimmo Rousku, General Secretary, Finnish Digital Agency.

The webinar also included two panel discussions with high-level experts from the Nordic-Baltic countries.

The themes of the panel discussions were:

Central and local government collaboration on digital security, addressing the need for shared digital security services provided to the local government, as well as central government support to local government on competence development and cybercrime. 

The panelists were:

  • Mr Tommi Karttaavi, Director, Association of Finnish Municipalities, Finland
  • Mr Erik Ryd, Analyst information assurance and cyber security, Cybersecurity and Secure Communications Department, Civil Contingencies Agency, Sweden 
  • Ms Marie Wessel, Head of Division, Danish Agency for Digitisation, Denmark 

Digital security auditor accreditations and performance, addressing the experiences on national accreditation processes for digital security auditing agencies and initiatives for measuring their performance.

The panelists were:

  • Mr Ilmar Toom, Head of standards and supervision department, State Information System Authority, Estonia
  • Ms Johanna Erkkilä, Head of Assessment, Finnish Transport and Communications Agency, Finland
  • Mr Ari Uusikartano, Deputy Director General, Head of Information and Documentation Section, CIO, Ministry for Foreign Affairs of Finland, Finland
  • Ms Tuija Kuusisto, Senior Ministerial Advisor, Ministry of Finance, Finland

Closing remarks by Ms Anna-Maija Karjalainen, Director General, Public Sector ICT Dept, Ministry of Finance

Cyberwatch Finland magazine – 2/2021

With passion for a cybersafe world #together

Leaders in Finland and in Western countries have raised cybersecurity as one of their biggest concern and risk to business development.

Organizations are rushing to build their cyber defense more and more to response cyber attacks which we see every day. It is not only question of resources and best technologies but more importantly competence and cyber security culture. The absence of a robust cyber-resilient culture leaves the doors open for cybercriminals. The importance of a great cyber culture is growing day by day as it helps to minimize the occurrence and impact of cyber operations and ensuring business continuity.

A cyberresilient culture is a state of maturity in which all staff­ make conscious ef­orts to behave in ways that protect the organisation against cyber threats; and in which they are supported by appropriate mechanisms to inculcate the required behavioural changes

Thanks a Million to all the Amazing Authors!

Strategic Cyber Security by Aapo Cederberg
Diplomacy and Digital Technology by Janne Taalas
Russia’s Background in Cyber Warfare by Juha Wihersaari
Cyber Security challenges in Aviation and Maritime by Martti Lehto
The importance of operational technology in the built environment you operate in by Hanna Pikkusaari
Your power hangs by a bit by Julia Vainio
Telecoms New Normal by Mika Lauhde
Next step: Development of cyber security competence by Pertti Kuokkanen
Cyber Security Nordic returns live in October by Tarja Gordienko

Not forgetting the country outlook nor the Q1 reports

Have a Good Read!

Stay tuned and stay safe!

Cyberwatch Finland team

We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI

DNWP allies with Cyberwatch Finland

Dedicated Network Partners and Cyberwatch Finland have joint forces to raise awareness over industrial cybersecurity in 2021.

Together, we will raise awareness of cybersecurity in an industrial environment

The cooperation intents to share timely and unbiased information over cyber threats and protection methods especially for critical communications decision makers and professionals working for utilities.

Building an industrial cybersecurity community

DNWP has during the recent years observed a clear call for discussion over cybersecurity especially from an industrial viewpoint. Members of the private network community are present in various industries such as power plants, oil & gas pipes, transportation such as railways, highways and airports as well as public security and safety field. 

What is common in between all these service providers is that they are considered to serve the basic human needs. This caters the universal demand across the critical communications community to stay alert over cybersecurity topics and advance cybersecurity practices.

To this identified need, Cyberwatch Finland’s services bring expertise and know-how on the cyber world, its phenomena, trends and their interdependencies, as well as their impacts in our operating environment.


Technology drives the underlying cybersecurity themes in critical communications

An influencing theme for the industrial cybersecurity discussion in critical communications is the currently ongoing network technology upgrade from SDH (classic) towards the MPLS-TP (next generation) platforms that enable IP based services. This transformation marks a culmination point for the network security as the network design complexity multiplies. There are important decisions to be made when considering the shift e.g., related to connectivity and access to protect the communications stream from hazardous external factors. 

From a strategic cyber security perspective, it would now be paramount to integrate the cyber strategy into the company’s strategy, conduct a comprehensive cyber risk analysis and concrete robust and sustainable operating models.

Our first joint webinar addressed the topic Industrial cyber threats are real

Jouko Päivinen – Managing Director – Dedicated Netwoork Partners with Harri Sundvik – Senior Advisor – Communication & Cyber Technologies and Aapo Cederberg – Managing Director – Cyberwatch Finland






Submarine Communication Cables and Cyber Security Threats

The submarine communication cables form a vast network on the seabed and transmit massive amounts of data across oceans. They provide over 95% of international telecommunications—not via satellites as it is commonly assumed. The global submarine network is the “backbone” of the Internet, and enables the ubiquitous use of email, social media, phone and banking services.

In present day, no technology other than submarine cable systems, have not had such a strategic impact on our society without being known as such by the people. This also means that it is at the same time a very interesting target for hackers, cyber attackers, terrorist and state actors. They seek to gain access to information that travels through the networks of the continents that are connected to each other with sea cables.

The Figure below, presents how different parts of the world, today, are connected to each other by optical submarine cables.

(Source: Reddit)

Submarine Communication Cables

Submarine communication cables have been important for strategic communication since the mid-19th century, and fibre optics in the 1990s made modern sea cabling even more critical. Nowadays sea cables transfer nearly all our global telecommunications data. Questions concerning national security and cyber security have always been relevant from the perspective of the development of submarine communication networks. Security concerns have not only affected decisions concerning the route and landings, but also used as arguments when, in different stages of history, the role of cable networks and wireless solutions have been debated. Furthermore, security concerns have hindered, for example, plans aiming at the utilisation of submarine fibre-optic infrastructure for scientific purposes.


The figure above is a simplified model of the submarine cable network.

Every cable landing station has been built in the same way, depending on the beach area, of course, which is the delivery site for the submarine optical cables. When using large capacity systems and new types of modulation technology in submarine cable systems, the best possible cable tapping points for cyber attackers are after every optical repeaters or amplifiers.

Between continent cable station sites, the branching points and other submarine cable system ends, there are many optical amplifiers every 50 km. In some parts of cable systems, there are also equalisers (passive or active).

Dense Wavelength Division Multiplexing (DWDM) is an optical multiplexing technology used to increase bandwidth over existing fibre networks. DWDM works by combining and transmitting multiple signals simultaneously at different wavelengths on the same fibre. The device and components used in DWDM technology cause some form of crosstalk in one form or another. Devices used in DWDM technology include filters, wavelength multiplexers and demultiplexers, switches, and optical amplifiers. Crosstalk is also caused by the fibre itself due to its non-linearity. Therefore, eavesdropping over the cable cannot be prevented.

This whole system also needs electrical energy. Energy input to the system can be made from one or more earth points. We also need to take care of power supply systems so that we can be certain that they do not have any vulnerabilities that an attacker can take advantage of, and in this way gain access to our systems.

Cyber Threats Against Submarine Communication Cables

There are many possibilities from which cyber attackers could get access into the submarine optical cable systems and to its management and control systems. From the following table, we can see the upper level conceptual submarine cable cyber threat segment matrix. We also have a good indication that cyber attackers, hackers and terrorists can use artificial intelligence to enable them to use vulnerabilities in submarine optical cable systems, in order to penetrate systems and its services. After that, they also have the possibility to attack the data centres, which are located around the world. Submarine optical cable systems on land and beach areas, are the easiest areas for attackers to penetrate systems. 


Threat impact level in colors:  Green = Low; Yellow = Medium; Red = High

The table illustrates the upper level conceptual Submarine Cable Cyber Threat Matrix based on threats to submarine cable communications. The Matrix shows that different attackers have different capabilities to influence the submarine cable.

Cyber intelligence against submarine communication cables

During the early days of the history of submarine cables, the terrestrial links and coastal segments were considered as the weakest and most vulnerable parts vis-à-vis the external security threats. However, the underwater cables, which cannot be kept under constant surveillance, have been targeted by intelligence services since the beginning of the 20th century. As a part of operations, military has cut the cables of the opposing side to redirect the information flow into cables that were being monitored by their own intelligence service.

Intelligence collection from submarine cables can be done by eavesdropping (tapping), side channel eavesdropping, exploiting optical overflow or hacking control systems of cables (side channel attacks)

Eavesdropping of the cables

Tapping means connecting/installing tapping device(s) i.e., an intelligence collection device to the cable or to the fibre pair either on the ground, at a landing point, in points where the traffic is amplified or in the seabed.

The exploitation of optical overflow can be done either in the cross-connection points of the fibre pairs/cable or from one fibre pair to another.

The geographical location of the installation of a tapping device depends on the depth of the sea and the distance of the installation place from the mainland. Deep sea complicates the installation of tapping devices. The distance from the tapping device to the mainland, where the remote-control unit and the selectors are, should be as short as possible for practical reasons. 

The superpowers have the intention and need, technical equipment, skills and practice to collect intelligence from submarine cables also in the demanding environment. Cable collection is technically possible in the bottom of the sea and in the points, where the cable is not in the sea, i.e. on the ground. In practice, it is also possible at points where the traffic is amplified or where there is another physical access to the cable (for example in tele operator facilities).

According to open source reports, the modified Seawolf-class submarine USS Jimmy Carter is almost certainly ableto tap the submarine communication cables. In the USS Jimmy Carter, there is a constructed multi-mission platform, which enables the use of a Remotely Operated Underwater Vehicle (ROV). ROV can be used for installing tapping devices to submarine communication cables. Even if this is technically possible; some experts consider this kind of intelligence collection too risky and expensive.

Russia´s Defense Ministry Main Directorate of Deep-Sea Research (Russian abbreviation GUGI), Military Unit 40056 is responsible for Russian ‘underwater engineering’. The task of this unit is to bug communications cables, install movement sensors, and collect the wreckage of ships, aircraft, and satellites from the seabed. These divers work at depths of 3000-6000 meters in miniature submarines. One of the ships of GUGI is a special purpose intelligence collection ship Yantar. Yantar’s equipment and devices are designed for deep-sea tracking, as well as for connecting to top-secret communication cables.

The home port of Yantar is Severomorsk in Kola Peninsula.  Yantar can act as a mothership to Rus- (AS-37) and Consul- (AS-39) class deep diving submersibles, which can operate at depth up to 6000 meters. Yantar can also be used as a mothership for ARS-600 deep diving manned submersible, which can operate at 600 meters.

Hacking of the Cables

Hacking is the other way to collect intelligence from the submarine cables. All the main intelligence services have access to submarine cable system by hacking remote controlled network manage systems. Equipment like Reconfigurable Optical Add/Drop Multiplexers (ROADM) in control facilities of submarine cable systems can be remotely manipulated for either intelligence collection or malicious activity (malware etc.) such as cutting the connection in the cable. In addition, some non-state actors might have the capability to intrude the submarine communication cable at least in the landing stations.

If attackers hack the submarine optical cable systems, they will also have access to the submarine optical cable management system, and after that they have the opportunity to do what they want and what suits their purpose.

The International Maritime Law Does Not Protect Against Cyber Attacks

The international maritime law does not give an opportunity to enact laws and regulations for the protection of submarine cables outside territorial sea, including using new technologies, as well as against new threats with using unmanned and autonomous cyber weapon systems. The international maritime law only consider damage to s submarine cable as a crime. Although, it is possible to conduct operational action within the framework of a criminal investigation or the prevention of a crime. Taking in an account the specifics of maritime zones which are located outside of state sovereignty, it is not enough to ensure and build an effective system for the protection of submarine cables outside the territorial waters of the state against all types of threats, including cyberattacks, unmanned and autonomous weapon systems.

International law will be applying the right to self-defence or collective security operations authorised by the Security Council in the case of cyberattacks, including the necessary requirements for its implementation, and establishes the necessary standards of evidence to justify the use of force. The momentum and anonymity of cyberattacks makes proving State responsibility and distinguishing between the actions of terrorists, criminals and nation states difficult. However, international law does not have the tools to carry out the identification of the attacker, especially in the case of cyberattacks, because it is not a purpose for the international law.

Summary

Because submarine cable systems have had such a considerable strategic impact on our society, that also means that it is a very interesting target for hackers, cyber attackers, terrorist and state actors. We need to look at potential adverse threats as the submarine optical cable routes are extensive and run under water. In addition, there are many countries who have the ability to join (tapping) fibre optic cables under water or at a landing station to eavesdrop information or hacking or sniffing the cables. All the states that are in the area, which the cable is running through, have interest, motivation and technical capabilities to collect intelligence information from these cables at least in the points, where the cable is on land. Real point-to-point encryption is the only way to fight against the cyber intelligence in submarine communication cables.

Technology may help in cyber security. High capacity systems, nowadays, have the capability to use a measurement system like Coherent Optical Time Domain Reflectometry (COTDR). The use of COTDR should be investigated more carefully as it is used for searching for faults and may also be used to detect tapping via cable connections.

Furthermore, Artificial intelligence (AI) tools and methods will be solutions to protect submarine fibre-optic cable systems. AI based systems using Neural Networks and Deep Learning are, even today, capable of detecting and preventing the threats of different cyber-attacks.

The submarine cable system is technically very complicated, and in the future, there will be many new technical solutions to meet the required transmission rates and the usability and quality requirements. This places considerable demands on the management and control of the system as well as on the organisation in charge of its maintenance. We should also take into consideration the long-life cycle of submarine optical cables, which is about 25 years, in security design.

Martti Lehto
Professor in Cyber Security
University of Jyväskylä

This article based on the research made in the University of Jyväskylä: Martti Lehto, Aarne Hummelholm, Katsuyoshi Iida, Tadas Jakstas, Martti J. Kari, Hiroyuki Minami, Fujio Ohnishi ja Juha Saunavaara, Arctic Connect Project and cyber security control, ARCY, Faculty of Information Technology, publication No. 78/2019

Cyberwatch Finland magazine – 1/2021


Welcome to 2021, we hope that the year that has begun will be a year of success
!

Is it Possible to Predict how the Cyber Year 2021 will Unfold?

We believe that predicting the future is essential to prepare for future cyber challenges and secure the new normal digital “post-Covid” era. Competence development and new innovations are essential to provide a good precondition in meeting future challenges.

Thanks a Million to all the Amazing Authors!

These and many other topics are covered in our latest magazine: The Challenge of Countering Hybrid Threats, Strategic Cyber Security Situational Awareness, Holistic Approach Is Necessary to Solve the Security Issues of This Decade, Cyber espionage: the problem that isn’t, 5 things to focus on in 2021 to cybersecure your business

Have a Good Read!

Stay tuned and stay safe!

Cyberwatch Finland team

We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI