Tackling the threat
Hamed Diab, Regional Director-Middle East, McAfee, speaks to Infrastructure ME on the significance of cybersecurity for a critical national industries
Hamed Diab, Regional Director-Middle East, McAfee, speaks to Anoop K Menon on the significance of cyber-security for a critical national industry like oil & gas
With critical infrastructure becoming the target of cyber-attacks, there is a feeling that cyber-security for these assets needs a lot of more focus and spend than has been the case so far. Why have we become increasingly vulnerable to cyber-attacks?
Thanks to the explosion of connectivity, it is expected that by 2020, there will be 50 billion IP addresses in the world. This equates to nine different IP addresses per head for a global population of six billion. We think we have seen the explosion of the internet, but with the Internet of Things (IoT), which is the new wave, you will also have to deal with the problem of big data and information flows going over the net.
The dimension of the problem, it goes without saying, is big. All this connectivity was built without considering the security of the information. It was architected without considering the security aspects of these information flows.
The next question is: how does security really work? If I have a firewall and antivirus on my end-point, am I secure? The reality is that the attacks are getting increasingly sophisticated. Unless you are really cohesive, and able to connect, correlate and check all the data that comes into your enterprise network, you will not able to make sense of the attacks or the threats.
Security is important because when you are attacked or under attack, the time taken to respond becomes critical. Whether it is banks, oil & gas assets or even the government, the cost of stoppage of work due to cyber-attacks can run into billions. Where these sectors are revenue earners for the country, the impact is much higher. Security thus becomes important because of the need for business continuity.
That’s where McAfee, as part of Intel Security, can play a major role because of the breadth and depth of technologies at our disposal. You can correlate and understand what is happening, whether from end-point, data centre or cloud, on a real-time basis. The important thing is to have all of this information talk to each other, cohesively, on a real-time basis.
Could you elaborate on how McAfee and Intel Security can help key economic sectors like oil & gas secure themselves against cyber-attacks?
Intel Security is driving the trend in terms of coming up with new ways of correlating all the information. We are building new infrastructure for the internet to work in a bus architecture. Today, there are bottlenecks in internet connectivity because a lot of people build APIs to connect or make adjustments to connect different devices or foreign devices. With bus architecture, you are helping everybody dump all the information in a way that they understand the same language.
If the threats came through the end-point, then the end-point can correlate the information in the same language that your network device can understand, whether it is an intrusion prevention system (IPS) or a firewall. That type of information flow is important in the next generation of security. We call it McAfee Threat Intelligence Exchange.
It is part of the evolution, if you like, of what Intel and McAfee have done together, and now forms a part of our new identity under Intel security.
In your view, are traditional industries like oil & gas more aware of the risks posed by cyber-attacks than before?
As a matter of fact, we have seen innovations from the region, especially around digitising the security around the oil & gas industry. For example, the operations network supporting SCADA and DCS systems were always kept separate from the enterprise networks, and still are, but with more attention being paid to how to architect that into a new way of utilising security to their advantage and make sure they are enabling this.
This is important because of the nature of the attacks. For example, the Night Dragon attack systematically targeted the enterprise networks of major energy companies in the US and Europe and stole proprietary data, over a period of three years. Whatever the reason for these attacks, the intention was definitely malicious. The bottom line is how to protect the network.
The new innovations and architecture we are building in the Middle East with the help of entities here is something great, because it is utilising the latest technologies in the areas where it can ensure the success of these entities.
Is cybersecurity the priority it deserves to be?
In fact, it is no longer an option. They have to factor cybersecurity into their priorities. Most of the Chief Information Officers (CIO) are changing their attitudes towards security and approaching it in a more holistic way. Rather than focus on the technical, it is about how important security is, what is most critical and what can keep him or her awake at night.
Even on a personal level, you have to worry about whether your Facebook or WhatsApp has been penetrated. Security is a major part of connecting the world.
That’s where McAfee, as an Intel Security company, has built a broad portfolio – not only from a technological standpoint but also from consultancy and people perspectives – to help customers enhance their security operations based on best practices.
You can bet that we will always be ahead of the game. The more accessible the devices, the more the vulnerabilities. With the wave of mobility, you will have a major gap because of the prevalence of open source applications that are most vulnerable to attacks.
How do you see governments reacting to these threats?
The governments in the region are aware of the threat. In fact, the UAE is the first in the region to propose laws against security breaches. They are looking at it seriously, and I expect others to take their cue from that.