Local Development of Cyber Security Products in KSA

Local Development

of Cyber Security

Products in KSA

Contents

Execu�ve Summary 1

Cyber Security:

A Prerequisite to Digital Transforma�on 2 Data Breaches:

A Deadlock for KSA & the Middle East 3 Data Diode:

Life of Cyber Security Ecosystem in KSA 4 A Next-Genera�on Data Diode Jointly

Developed by Saudi Aramco and AEC 5

Features of AEC’s Data Diode 6

Need for Developing Unidirec�onal

Networks in the Cyberspace 7

Localiza�on through Na�onal Programs

(NISS, NCSA & NTP) 8

Saudi Arabia’s Cyber Readiness 9

Industrial Relevance of Data

Diode Technology 11

Saudi Aramco’s In-Kingdom Total Value

Add (IKTVA) Program 12

Conclusion 13

Executive

Summary

Research by IMD World Compe��veness Center reveals that the Kingdom of Saudi Arabia ranks 7th on the global cybersecurity index, and this is a laudable achievement for the country’s security sector. The Saudi Arabi-an government has shown immense account-ability in strengthening the cyber readiness of the Kingdom. The introduc�on of the Na�onal Informa�on Security Strategy (NISS) in 2011, the Na�onal Cyber Security Strategy in 2013, and the Na�onal Transforma�on Program (NTP) in 2016 were landmark steps for improving the security posture of the Kingdom. The high incidence of data breach-es has led to the development of thbreach-ese na�onal authori�es that are making exten-sive efforts to strengthen the cyber readi-ness of the Kingdom.

The cyber security sector of Saudi Arabia has fallen under the purview of localiza�on schemes as the country looks to develop indigenous cyber security products. Data diode has emerged as the most u�litarian technology for ensuring security of communi-ca�ons within the cyberspace. Control networks and enterprise networks in the digital space are interconnected via a two-way flow of data and informa�on. This

exposes cri�cal infrastructure and control systems to a number of cyber threats. In this scenario, data diode that can enforce strict protocol for unidirec�onal communica�on between networks is impera�ve.[15] Local

development of data diode can be accelerat-ed by integra�ng this process with Saudi Aramco’s In-Kingdom Total Value Add (IKTVA) Program. The program lays op�mal focus on accentua�ng development of local content in the Kingdom, and Saudi Aramco (IT Engineering Department) and AEC have emerged as key local manufacturers within the IKTVA Program.

Saudi Arabia’s Vision 2030 and the

Na�onal Transforma�on Program

(NTP) are at the helm of Digital

transfor-ma�ons within the Kingdom.

Growth of Informa�on and Communica�on

Technology (ICT) is a direct outcome of digital

transforma�ons across KSA. The Kingdom

achieved 64% growth on the Na�onal ICT

Index in the year 2017.

The complexi�es of

ICT technologies necessitate the need for a

parallel framework for cyber resilience and

protec�on of digital infrastructure.

Device penetra�on, Internet of

Things (IoT), cloud technologies,

and ICT transforma�ons are

taking the Kingdom towards

digi-tal maturity.

In this scenario of

rapid digital growth, the need for

cyber readiness and security has

also increased.

Cyber Security:

A Prerequisite to

Digital Transformations

Data Breaches:

A Deadlock for KSA &

the Middle East

Increase in data breach cost for UAE and KSA since 2017. [6]

Spending on post data breach response for UAE and KSA:

$1.47 million

Causes of Data Breaches

Cyber a�acks in KSA

are substan�ally higher

than the global average

Avg. Data breach cost in UAE and KSA in 2018

7.1

$5.31

mn

$2.18 million

Saudi Arabia

And UAE

Globally

Malicious Or Criminal A�ack 61%System Glitch 21%

Human Error 18%

Malicious Or Criminal A�ack 48%System Glitch 25%

Human Error 27%

Probability of data breaches for

Data Diode:

Life of Cyber Security

Ecosystem in KSA

Companies and organisa�ons are required to segment their networks in order to counter cyber a�acks. Two of the most important nodes for network segmenta�on are firewalls and data diode. [25] Firewalls are two-way communica�on devices that remain vulnerable to a�acks

even if they are configured for one-way communica�on. [13] Henceforth, data diode, with its

inherent one-way data transfer protocol, has emerged as the centerpiece for growth and development in the domain of cyber security across Saudi Arabia.

Improved Compliance: The Middle Eastern regions have been focusing on segrega�ng OT and IT networks for improved compliance.

Protec�ve Network Monitoring: With increased use of physical monitoring systems such as CCTVs across Saudi organisa�ons, there is a dire need for separa�on between data collec�on nodes and central monitoring aggregates.

Business Con�nuity: The rapidly-transforming Saudi economy requires business con�nuity in mul�ple sectors. Hence, data diode is essen�al for preven�ng cyber a�acks that affect the opera�ons, integrity, and performance of organisa�ons.

Relevance of Data Diode in Business and Public Sector

Average Number of Breached Records for UAE and KSA (2018) :

36,451

Detec�on and Escala�on Costs

for UAE and KSA :

$1.36 Million

Average per capita cost of a data breach in

the UAE and KSA :

Func�on

Ensuring unidirec�onal transfer of data to provide high-end security to organiza�onal networks.

Intrusions and Cyber A�acks

In the contemporary business environment, digital pla�orms have become vulnerable to cyber a�acks, hos�le network intrusions, and data-destruc�on through network infiltra�on.

How Data Diode Helps?

Data diode establishes one-way data transfer protocol for all the networks through physical and electrical separa�on of the host and the des�na�on. This prevents hos�le malware from affec�ng your networks, accessing your systems, or making harmful changes.

What is the Basic Principle for Data Diode Technology?

Businesses, governments, and organiza�ons are o�en required to send sensi�ve informa�on to sources outside of their network. This makes the host network vulnerable to cyber a�acks and malicious threats from the external source. To prevent this, data diode creates a one-way channel that can send data to the des�na-�on without a pathway for receiving any form of informades�na-�on.

A Next-Generation

Data Diode Jointly Developed

by Saudi Aramco and AEC

Features of

AEC’s Data Diode

01

02

1 GBs Speed Supports mul�ple protocols -Syslog, SFTP, FTP, and SCP

03

04

Supports HDMI,

USB, Ethernet Sends/processesreal-�me data

05

06

Manages

financial systems Protects valuable informa�onfrom the�, tampering, or destruc�on

07

08

Eliminates human errors Supports mul�ple formats -SCADA systems, PLCs, & sensors

Data Diode

Market Players in KSA

Total

Market Size

Owl - USA | Fox-IT - The Netherlands

BAE Systems - UK | Tresys - USA

Need for

Developing Unidirectional

Networks in the Cyberspace

LIMITATIONS OF FIREWALLS

Firewalls are meant to build barriers between the internal network and a non-trusted external source. However, configura�on errors in firewalls can lead to insecure access to internal networks. A�ackers can use encrypted tunnels to bypass firewalls which could in turn harm the integrity of source data. [15] Data diode, on the other hand, inhibits all forms of

malicious components and network-based a�acks directed at the host network.

MAINTAINING INTEGRITY OF

INFRASTRUCTURE

Data diode cannot be reconfigured for insecure access, and this eliminates the possibility of online a�acks, tampering, so�ware malfunc�ons, or human errors. [19]

NEED FOR RELIABLE DATA TRANSFER

Data diode u�lizes packe�zed transfer techniques with sequenced headers for near absolute data assurance and integrity. [21]

Localization

through National Programs

(NISS, NCSA & NTP)

Enhancing capabili�es of Saudi Informa�on security

researchers, prac��oners, and entrepreneurs. [8]

Using capabili�es of Saudi women to meet KSA’s cyber security requirements.

Employment of young people with sound computer skills. [8]

Training over 56,000 Saudi youths on key ICT skills through talent development programs and

partnerships with global IT companies.

Se�ng up of Na�onal Informa�on Training Academy in collabora�on with Saudi Aramco to develop and train Saudi talent. [9]

Suppor�ng and funding public universi�es for research in cyber security and ICT.

The following objec�ves can be met by combining the joint synergies of the

Na�on-al Informa�on Security Strategy (NISS), the Na�onNa�on-al Cybersecurity Authority

(NCSA), and the Na�onal Transforma�on Program (NTP)

:

Saudi Arabia’s

Cyber Readiness

In 2017, under the direc�ves of King Salman, the Na�onal Cyber Security Center (NCSC) of KSA was deemed as the focal point for cyber security in the Kingdom. [3]

The Na�onal Cyber Security Index (NCSI) is a global index that measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI is also a database with publicly available evidence materials and a tool for na�onal cyber security capacity building. [23] 100 57% 100% 100% 17% 17% 33% 20% 100% 78% 83% 60% 80 60 40 20 0 Cyber Security Policy Cyber Threat Analysis & Educa�on And Professional Contribu�on To Global Cyber Protec�on Of Digital Protec�on Of Essen�al Services E-iden�fica�on And Trust Services Cyber Incidence Response Cyber Crisis Management Fight Against Cyber Crime Military Cyber Opera�ons

NCSI Fulfilment Percentage

58%

88%

67%

69%

34

Na�onal Cyber Security Index

13

Global Cybersecurity Index

54

ICT Development Index

33

Networked Readiness Index

Saudi Arabia’s

Cyber Readiness

7 57%

General Cyber Security Indicators

1. Cyber Security Policy Development

5

9

100%

2. Cyber Threat Analysis And Informa�on

100%

3. Educa�on And Professional Development

6 17%

4. Contribu�on To Global Cyber Security

5 20%

Baseline Cyber Security Indicators

5. Protec�on Of Digital Services

6 100%

6. Protec�on Of Essen�al Services

9

7 78%

7. E-iden�fica�on And Trust Services

4

0 0%

8. Protec�on Of Personal Data

6

5 83%

Incident and Crisis Management Indicators

9. Cyber Incidents Response

5

3 60%

10. Cyber Crisis Management

9

3 33%

11. Fight Against Cyber Crime

6

1 17%

12. Military Cyber Opera�ons

1

1

Oil and Gas Sector :

Saudi Arabia’s oil and gas sector holds tremendous relevance for the world, and this sector is highly vulnerable to cyber a�acks. Data breaches in the oil and gas industry across KSA could cause a severe economic and social backlash. Hence, the use of data diode technology in the Kingdom’s oil and gas industry is gathering swing in recent �mes. [16]

Energy Sector :

The Kingdom of Saudi Arabia is also deploying data diode technology at power genera�on sites, desalina�on water facili�es, and petrochemical opera�ons. [17]

Industrial Automa�on and Control Systems (IACS) :

With growth in the ICT and digital sectors, the Kingdom of Saudi Arabia has assimilated automa�on in the industrial sector. Key IACS func�onal-i�es such as system state monitoring, data replica�on, remote backup monitoring, and patch management can be accomplished via data diode technology. [18]

Military and Aerospace Sector :

The military and aerospace sector maintains a database of its inventories to track deficit in stocks. When the inventory gets low, informa�on from the database is sent to the vendors. Data diode helps in ensuring that the informa�on-sharing networks are protected from external threats. [24]

Industrial Relevance of

Data Diode Technology

Saudi Aramco’s

In-Kingdom Total Value

Add (IKTVA) Program

Saudi Aramco’s IKTVA program is aimed at genera�ng domes�c value, driving economic growth, and s�mula�ng diversifica�on to support the rapidly transforming Saudi economy. In this context, local development of data diode at AEC has a valuable connec�on to the program. [10]

Saudi Aramco collaborates with local suppliers to generate 5-year plans that will drive prosperi-ty, local capabili�es, strategic self-sufficiency, and domes�c value for the Kingdom.

Under the aegis of Saudi Aramco, AEC has conducted groundbreaking research and develop-ment in the field of cyber security to develop ‘Data Diode’, one of its flagship products.

IKTVA Localiza�on and Job Crea�on Objec�ves

70%

Local Content

500,000

Exports

30%

Saudi Aramco is creating value

for the Saudi economy by supporting

localization initiatives, and the company

has made key efforts in fortifying AEC’s

data diode technology.

Conclusion

The cyber security posture of the Kingdom of Saudi Arabia has undergone key improvements over the past decade. The investment index of the Kingdom in the domain of cyber security has also improved, and this has given a push to business growth, value crea�on, and local manufacturing within the Kingdom. Saudi Aramco’s IKTVA program is ac�vely contribu�ng towards for�fica�on of local content produc�on in key industries including security, comput-eriza�on, and electronics.

The Kingdom of Saudi Arabia is aver�ng cyber a�acks under its C.I.A. objec�ves (Confiden�ali-ty, Integri(Confiden�ali-ty, and Availability). Data diode has emerged as a key alterna�ve to other data trans-fer technologies due to one-way communica�on protocol of the former. Besides this, the abili-ty of unidirec�onal data diode to protect secrets as well as assets has also led to the populari-ty of this technology.

Saudi Aramco and AEC, with their in-house data diode technology, align with the goals of local content development within the IKTVA program. The growth of KSA’s economy will largely depend on its localiza�on endeavours in the domain of cyber technologies.

References

1. “Transforming the Economy of Saudi Arabia by Going Digital.” Cequens.Com, 2019, www.cequens.com/story-hub/transform-ing-the-economy-of-saudi-arabia-by-going-digital.

2. Deloi�e. Na�onal Transforma�on in the Middle East A Digital Journey.

3. Hathaway, Melissa, et al. KINGDOM OF SAUDI ARABIA CYBER READINESS AT A GLANCE. 2017.

4. Cyber Readiness Index. “Cyber Readiness Index.” Potomac Ins�tute, Potomac Ins�tute, www.potomacins�tute.org/academ-ic-centers/cyber-readiness-index.

5. Ministry of Communica�ons and Informa�on Technology. “Na�onal Cyber Security Strategy of Saudi Arabia.” Europa.Eu, 2013,ww-

w.enisa.europa.eu/topics/na�onal-cyber-security-strategies/ncss-map/na�onal-cyber-security-strategy-of-saudi-arabia/.

6. Bridge, Sam. “Revealed: The Cost of Saudi, UAE Data Breaches.” ArabianBusiness.Com, 2017, www.arabianbusiness.com/technolo-gy/401429-wkd-revealed-the-cost-of-saudi-uae-data-breaches.

7. IBM. 2018 Cost of Data Breach Study Global Overview. 2018.

8. The BusinessYear. “ICT Infrastructure Targeted in 1,000 Cybera�acks in 2016.” The Business Year, 14 Aug. 2017, www.thebusiness-year.com/saudi-arabia-2017/eng-abdullah-al-swaha-minister-communica�ons-informa�on-technology/vip-interview.

9. MCIT Saudi. Developing Na�onal Informa�on Security Strategy for the Kingdom of Saudi Arabia. 10. ITU. “Developing Na�onal Informa�on Security Strategy for the Kingdom of Saudi Arabia.” MCIT, 2013. 11. IKTVA. In-Kingdom Total Value Add (Iktva) Program 5-Year IKTVA Plan Format Guide.

12. Bell, Jennifer. “KSA Must Become More Resilient against Cybera�acks.” Arab News, Arabnews, 22 July 2018, www.arab-news.com/node/1343151/saudi-arabia.

13. “How Data Diode Cybersecurity Is Being Used to Protect Cri�cal Infrastructure in the Middle East : Owl Cyber Defense.” Owlcyber-defense.Com, 2018,

www.owlcyberdefense.com/blog/2018/10/11/data-diode-cybersecurity-protect-cri�cal-infrastructure-middle-east.

14. PLC, NCC Group. “Private Sector Cyber Resilience and the Role of Data Diodes.” Nccgroup.Trust, 2019, www.nc-cgroup.trust/uk/our-research/private-sector-cyber-resilience-and-the-role-of-data-diodes/.

15. Okhravi, Hamed, and Fredrick Sheldon. Data Diodes in Support of Trustworthy Cyber Infrastructure.

16. Owl Cyber defense. Global Oil & Gas Company Enables Secure, One-Way Produc�on Data Transfer to HQ Company Overview. Owl Cyber Defense.Owlcyberdefense.Com, 2018, h�ps://owlcyberdefense.com/wp-content/uploads/2019/05/owlcy-berdefense-use-case_global-oil-gas.pdf

17. Owl Cyber Defense. “How Data Diode Cybersecurity Is Being Used to Protect Cri�cal Infrastructure in the Middle East : Owl Cyber Defense.” Owlcyberdefense.Com, 2018, owlcyberdefense.com/how-data-diode-cybersecurity-is-be-ing-used-to-protect-cri�cal-infrastructure-in-the-middle-east/.

18. SANS. “SANS Ins�tute: Reading Room - Firewalls & Perimeter Protec�on.” Sans.Org, 2018, www.sans.org/reading-room/whitepa-pers/firewalls/paper/36057.

19. “Electrical Monitor :: Data Diode Technology Can Help Solve Complex Smart Grid Cyber Security Issues.” Electricalmonitor.Com, 2012, www.electricalmonitor.com/Ar�cleDetails.aspx?aid=1206&sid=11.

20. “A Strategy for Smart Meters and Smart Grids in the Kingdom of Saudi Arabia.” Ecra.Gov.Sa, 2019, www.ecra.gov.sa/en-us/ECRAS-tudies/Pages/study2.aspx.

21. Owl Cyber Defense. “Data Diodes : Firewalls.” Owlcyberdefense.Com, 2019, owlcyberdefense.com/wp-content/up-loads/2019/05/19-OWL-DataDiodes-Firewalls.pdf.

22. NTP. “Na�onal Transforma�on Program | Saudi Vision 2030.” Vision2030.Gov.Sa, Vision2030.gov.sa, 2019, vision2030.gov-.sa/en/programs/NTP202.0.

23. Na�onal Cyber Security Index. “NCSI :: Saudi Arabia.” Ncsi.Ega.Ee, 2019, ncsi.ega.ee/country/sa/.

24. Owl Cyber Defense. PROTECTING USAF ICS USAF MAINTENANCE FACILITY SECURES AND AUTOMATES PARTS MANAGEMENT COMMUNICATIONS COMPANY OVERVIEW. Owl Cyber Defense, 2018. h�ps://owlcyberdefense.com/wp-content/up-loads/2019/05/owlcyberdefense-use-case_protec�ng-air-force-ics.pdf

25. Lerner, A. (2019). Network Segmenta�on. [online] Andrew Lerner. Available at: h�ps://blogs.gartner.com/andrew-lern-er/2017/11/09/network-segmenta�on/

/AECSaudiArabia

+966112201350 info@aecl.com

Advanced Electronics Company

King Khalid International Airport Industrial Estate

P.O. Box 90916,