Cybersecurity case studies from TNO, KPN, KPMG and Honeywell

Read the Dutch version here, Lees de Nederlandse versie hier

IMMovator and Amsterdam Innovation Arena organised the second edition of Powering The Future - The Network Sessions in the Amsterdam ArenA on 15 January. The theme of this edition was cybersecurity. What kind of cyberattacks are currently being developed? And how to combat and prevent a cyberattack? TNO, KPN, KPMG and Honeywell experts provided high-profile examples of best practice.

TNO: Anticipating cyber threats

In the recently opened Cyber Threat Intelligence Lab (CTI Lab), TNO is experimenting with new technologies and developing cybersecurity innovations. Allard Kernkamp calls the lab a proof-of-concept. CTI is a relatively new field which is still in its infancy. Cyber Threat Intelligence enables governments and companies to gain insight into the methods hacker groups use and the characteristics of specific types of malware. This enables them to anticipate cyber threats at an early stage and prevent damage to their systems

The sooner a cyber threat is detected, the less damage an attack can cause. CTI therefore revolves around collecting, analysing and placing in context (large quantities of cyber threat information).

By training algorithms with large datasets, trends in the data were discovered. Algorithms learned to distinguish between trends/hot topics and topics that are not. In addition to training algorithms, we also looked at what the CVE reports are in a certain timeframe and what they look like per platform.

KPN: Cybercrimes in a connected city

A smart city is a city in which modern ICT and IoT technologies are used to manage and control the city. The aim of a smart city is to improve the quality of life of citizens and organise the city more efficiently.

Mark de Groot, team leader ethical hacking at KPN, mentioned a number of challenges that smart cities are facing. For example, the management of vulnerabilities is becoming increasingly important, because all this technology must also remain up-to-date. There are millions of components connected via a network of sensors, internet and state-of-the-art technological devices powered by IoT. Therefore it is an important question to ask who is responsible for which part of this chain. According to Mark de Groot, because of that responding to incidents is also a challenge

Mark de Groot says that a cyberattack consists of three phases. In the first phase, cybercriminals will explore; e-mail, social networks and ports will be scanned. On this basis, the weapon is selected and delivered. In the second phase, the weapon is activated and installed. Next, the cybercriminal gets access and the objective can be achieved. After that, the cybercriminal starts again at phase one to get deeper and deeper into the victim's network.

KPMG: The implementation of Data Governance

Data quality remains a point of attention for many organisations. Big data analysis requires data governance. The Amsterdam Innovation Arena has a platform on which a wide range of data is stored. Nick Martijn (KPMG) told how Data Governance is handled.

KPMG is doing several things to ensure that the 'data lake' remains safe and to reduce safety issues. For example, there is a data governance manual, data transfer and user participation agreements, an authorisation matrix, and the data lifecycle processes are traced. Guidelines have also been drawn up, such as the directive that it must be clear who data are and that the management of data is managed centrally.

Honeywell: Analysing a cyber attack

Last but not least, there was an interview with Marty Knopert and Lermin Coban (Honeywell) about cyberattacks. Honeywell makes their customers' system safer by using new architecture, among other things. They start by analysing the organisation. In this way, they know which market the organisation operates in and what the most common attacks are there. On that basis they draw up a mediation plan. This states what they can do to make the system safer. 

According to Marty Knopert, sometimes too much is thought in solutions.

“Cybersecurity is not a single plan, but rather a programme that you have to work on every day.” - Marty Knopert

It turns out that it is often not known where the attacks on an organisation come from, nor how often they succeed. However, Honeywell can report that 38% of the attacks on their customers are caused by USB. This is an easy method because these organisations still work with USB sticks on a regular basis. This percentage shows that isolating the Internet alone is not enough to be safe.

“Even if you have a strong security system, an attack can still succeed because your employees are not trained and are not accurate with information.'' - Lermin Coban

With the advent of the GDPR, there will soon be binding rules that organisations will have to comply with. In that case, organisations can no longer be allowed to keep a successful cyberattack in quiet. In any case, this ensures that more is known about cyber-attacks and the success rate of these attacks.

The attacks that are now most popular use ransomware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Honeywell expects these attacks to remain popular for some time.

About Powering the Future - The Network Sessions

The Amsterdam Innovation Arena connects a community of innovators who collaborate to create the most innovative stadium in the world, powered by the Amsterdam ArenA. The ArenA brings together the network once a month to exchange ideas. The Network Sessions bring in experts from the Netherlands and beyond, for an exchange of ideas in an informal setting. The events are free of charge.

During the session photos were taken by Goos van der Veen. View the pictures here.