Local Development
of Cyber Security
Products in KSA
Contents
Execu�ve Summary 1
Cyber Security:
A Prerequisite to Digital Transforma�on 2 Data Breaches:
A Deadlock for KSA & the Middle East 3 Data Diode:
Life of Cyber Security Ecosystem in KSA 4 A Next-Genera�on Data Diode Jointly
Developed by Saudi Aramco and AEC 5
Features of AEC’s Data Diode 6
Need for Developing Unidirec�onal
Networks in the Cyberspace 7
Localiza�on through Na�onal Programs
(NISS, NCSA & NTP) 8
Saudi Arabia’s Cyber Readiness 9
Industrial Relevance of Data
Diode Technology 11
Saudi Aramco’s In-Kingdom Total Value
Add (IKTVA) Program 12
Conclusion 13
Executive
Summary
Research by IMD World Compe��veness Center reveals that the Kingdom of Saudi Arabia ranks 7th on the global cybersecurity index, and this is a laudable achievement for the country’s security sector. The Saudi Arabi-an government has shown immense account-ability in strengthening the cyber readiness of the Kingdom. The introduc�on of the Na�onal Informa�on Security Strategy (NISS) in 2011, the Na�onal Cyber Security Strategy in 2013, and the Na�onal Transforma�on Program (NTP) in 2016 were landmark steps for improving the security posture of the Kingdom. The high incidence of data breach-es has led to the development of thbreach-ese na�onal authori�es that are making exten-sive efforts to strengthen the cyber readi-ness of the Kingdom.
The cyber security sector of Saudi Arabia has fallen under the purview of localiza�on schemes as the country looks to develop indigenous cyber security products. Data diode has emerged as the most u�litarian technology for ensuring security of communi-ca�ons within the cyberspace. Control networks and enterprise networks in the digital space are interconnected via a two-way flow of data and informa�on. This
exposes cri�cal infrastructure and control systems to a number of cyber threats. In this scenario, data diode that can enforce strict protocol for unidirec�onal communica�on between networks is impera�ve.[15] Local
development of data diode can be accelerat-ed by integra�ng this process with Saudi Aramco’s In-Kingdom Total Value Add (IKTVA) Program. The program lays op�mal focus on accentua�ng development of local content in the Kingdom, and Saudi Aramco (IT Engineering Department) and AEC have emerged as key local manufacturers within the IKTVA Program.
Saudi Arabia’s Vision 2030 and the
Na�onal Transforma�on Program
(NTP) are at the helm of Digital
transfor-ma�ons within the Kingdom.
[1]Growth of Informa�on and Communica�on
Technology (ICT) is a direct outcome of digital
transforma�ons across KSA. The Kingdom
achieved 64% growth on the Na�onal ICT
Index in the year 2017.
[2]The complexi�es of
ICT technologies necessitate the need for a
parallel framework for cyber resilience and
protec�on of digital infrastructure.
Device penetra�on, Internet of
Things (IoT), cloud technologies,
and ICT transforma�ons are
taking the Kingdom towards
digi-tal maturity.
[2]In this scenario of
rapid digital growth, the need for
cyber readiness and security has
also increased.
Cyber Security:
A Prerequisite to
Digital Transformations
Data Breaches:
A Deadlock for KSA &
the Middle East
Increase in data breach cost for UAE and KSA since 2017. [6]
Spending on post data breach response for UAE and KSA:
$1.47 million
[7]Causes of Data Breaches
Cyber a�acks in KSA
are substan�ally higher
than the global average
Avg. Data breach cost in UAE and KSA in 2018
7.1
%$5.31
mn
Organisa�onal cost of business losses post data breaches for UAE and KSA:$2.18 million
[7]Saudi Arabia
And UAE
[7]Globally
[7]Malicious Or Criminal A�ack 61%System Glitch 21%
Human Error 18%
Malicious Or Criminal A�ack 48%System Glitch 25%
Human Error 27%
Probability of data breaches for
Data Diode:
Life of Cyber Security
Ecosystem in KSA
Companies and organisa�ons are required to segment their networks in order to counter cyber a�acks. Two of the most important nodes for network segmenta�on are firewalls and data diode. [25] Firewalls are two-way communica�on devices that remain vulnerable to a�acks
even if they are configured for one-way communica�on. [13] Henceforth, data diode, with its
inherent one-way data transfer protocol, has emerged as the centerpiece for growth and development in the domain of cyber security across Saudi Arabia.
Improved Compliance: The Middle Eastern regions have been focusing on segrega�ng OT and IT networks for improved compliance.
Protec�ve Network Monitoring: With increased use of physical monitoring systems such as CCTVs across Saudi organisa�ons, there is a dire need for separa�on between data collec�on nodes and central monitoring aggregates.
Business Con�nuity: The rapidly-transforming Saudi economy requires business con�nuity in mul�ple sectors. Hence, data diode is essen�al for preven�ng cyber a�acks that affect the opera�ons, integrity, and performance of organisa�ons.
Relevance of Data Diode in Business and Public Sector
[14]Average Number of Breached Records for UAE and KSA (2018) :
36,451
[7]Detec�on and Escala�on Costs
for UAE and KSA :
$1.36 Million
[7]Average per capita cost of a data breach in
the UAE and KSA :
Func�on
Ensuring unidirec�onal transfer of data to provide high-end security to organiza�onal networks.
Intrusions and Cyber A�acks
In the contemporary business environment, digital pla�orms have become vulnerable to cyber a�acks, hos�le network intrusions, and data-destruc�on through network infiltra�on.
How Data Diode Helps?
Data diode establishes one-way data transfer protocol for all the networks through physical and electrical separa�on of the host and the des�na�on. This prevents hos�le malware from affec�ng your networks, accessing your systems, or making harmful changes.
What is the Basic Principle for Data Diode Technology?
Businesses, governments, and organiza�ons are o�en required to send sensi�ve informa�on to sources outside of their network. This makes the host network vulnerable to cyber a�acks and malicious threats from the external source. To prevent this, data diode creates a one-way channel that can send data to the des�na-�on without a pathway for receiving any form of informades�na-�on.
A Next-Generation
Data Diode Jointly Developed
by Saudi Aramco and AEC
Features of
AEC’s Data Diode
01
02
1 GBs Speed Supports mul�ple protocols -Syslog, SFTP, FTP, and SCP
03
04
Supports HDMI,
USB, Ethernet Sends/processesreal-�me data
05
06
Manages
financial systems Protects valuable informa�onfrom the�, tampering, or destruc�on
07
08
Eliminates human errors Supports mul�ple formats -SCADA systems, PLCs, & sensors
Data Diode
Market Players in KSA
Total
Market Size
(approx.)Owl - USA | Fox-IT - The Netherlands
BAE Systems - UK | Tresys - USA
Need for
Developing Unidirectional
Networks in the Cyberspace
LIMITATIONS OF FIREWALLS
Firewalls are meant to build barriers between the internal network and a non-trusted external source. However, configura�on errors in firewalls can lead to insecure access to internal networks. A�ackers can use encrypted tunnels to bypass firewalls which could in turn harm the integrity of source data. [15] Data diode, on the other hand, inhibits all forms of
malicious components and network-based a�acks directed at the host network.
MAINTAINING INTEGRITY OF
INFRASTRUCTURE
Data diode cannot be reconfigured for insecure access, and this eliminates the possibility of online a�acks, tampering, so�ware malfunc�ons, or human errors. [19]
NEED FOR RELIABLE DATA TRANSFER
Data diode u�lizes packe�zed transfer techniques with sequenced headers for near absolute data assurance and integrity. [21]
Localization
through National Programs
(NISS, NCSA & NTP)
Enhancing capabili�es of Saudi Informa�on security
researchers, prac��oners, and entrepreneurs. [8]
Using capabili�es of Saudi women to meet KSA’s cyber security requirements.
Employment of young people with sound computer skills. [8]
Training over 56,000 Saudi youths on key ICT skills through talent development programs and
partnerships with global IT companies.
Se�ng up of Na�onal Informa�on Training Academy in collabora�on with Saudi Aramco to develop and train Saudi talent. [9]
Suppor�ng and funding public universi�es for research in cyber security and ICT.
The following objec�ves can be met by combining the joint synergies of the
Na�on-al Informa�on Security Strategy (NISS), the Na�onNa�on-al Cybersecurity Authority
(NCSA), and the Na�onal Transforma�on Program (NTP)
[22]:
Saudi Arabia’s
Cyber Readiness
In 2017, under the direc�ves of King Salman, the Na�onal Cyber Security Center (NCSC) of KSA was deemed as the focal point for cyber security in the Kingdom. [3]
The Na�onal Cyber Security Index (NCSI) is a global index that measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI is also a database with publicly available evidence materials and a tool for na�onal cyber security capacity building. [23] 100 57% 100% 100% 17% 17% 33% 20% 100% 78% 83% 60% 80 60 40 20 0 Cyber Security Policy Cyber Threat Analysis & Educa�on And Professional Contribu�on To Global Cyber Protec�on Of Digital Protec�on Of Essen�al Services E-iden�fica�on And Trust Services Cyber Incidence Response Cyber Crisis Management Fight Against Cyber Crime Military Cyber Opera�ons
NCSI Fulfilment Percentage
[23]58%
88%
67%
69%
34
thNa�onal Cyber Security Index
13
thGlobal Cybersecurity Index
54
thICT Development Index
33
rdNetworked Readiness Index
Saudi Arabia’s
Cyber Readiness
[23]7 57%
General Cyber Security Indicators
KSA’s Readiness Grade Op�mal Grade1. Cyber Security Policy Development
5
9
100%
2. Cyber Threat Analysis And Informa�on
100%
3. Educa�on And Professional Development
6 17%
4. Contribu�on To Global Cyber Security
5 20%
Baseline Cyber Security Indicators
5. Protec�on Of Digital Services
6 100%
6. Protec�on Of Essen�al Services
9
7 78%
7. E-iden�fica�on And Trust Services
4
0 0%
8. Protec�on Of Personal Data
6
5 83%
Incident and Crisis Management Indicators
9. Cyber Incidents Response
5
3 60%
10. Cyber Crisis Management
9
3 33%
11. Fight Against Cyber Crime
6
1 17%
12. Military Cyber Opera�ons
1
1
Oil and Gas Sector :
Saudi Arabia’s oil and gas sector holds tremendous relevance for the world, and this sector is highly vulnerable to cyber a�acks. Data breaches in the oil and gas industry across KSA could cause a severe economic and social backlash. Hence, the use of data diode technology in the Kingdom’s oil and gas industry is gathering swing in recent �mes. [16]
Energy Sector :
The Kingdom of Saudi Arabia is also deploying data diode technology at power genera�on sites, desalina�on water facili�es, and petrochemical opera�ons. [17]
Industrial Automa�on and Control Systems (IACS) :
With growth in the ICT and digital sectors, the Kingdom of Saudi Arabia has assimilated automa�on in the industrial sector. Key IACS func�onal-i�es such as system state monitoring, data replica�on, remote backup monitoring, and patch management can be accomplished via data diode technology. [18]
Military and Aerospace Sector :
The military and aerospace sector maintains a database of its inventories to track deficit in stocks. When the inventory gets low, informa�on from the database is sent to the vendors. Data diode helps in ensuring that the informa�on-sharing networks are protected from external threats. [24]
Industrial Relevance of
Data Diode Technology
Saudi Aramco’s
In-Kingdom Total Value
Add (IKTVA) Program
Saudi Aramco’s IKTVA program is aimed at genera�ng domes�c value, driving economic growth, and s�mula�ng diversifica�on to support the rapidly transforming Saudi economy. In this context, local development of data diode at AEC has a valuable connec�on to the program. [10]
Saudi Aramco collaborates with local suppliers to generate 5-year plans that will drive prosperi-ty, local capabili�es, strategic self-sufficiency, and domes�c value for the Kingdom.
Under the aegis of Saudi Aramco, AEC has conducted groundbreaking research and develop-ment in the field of cyber security to develop ‘Data Diode’, one of its flagship products.
IKTVA Localiza�on and Job Crea�on Objec�ves
[10]:70%
Local Content
500,000
JobsExports
30%
Saudi Aramco is creating value
for the Saudi economy by supporting
localization initiatives, and the company
has made key efforts in fortifying AEC’s
data diode technology.
Conclusion
The cyber security posture of the Kingdom of Saudi Arabia has undergone key improvements over the past decade. The investment index of the Kingdom in the domain of cyber security has also improved, and this has given a push to business growth, value crea�on, and local manufacturing within the Kingdom. Saudi Aramco’s IKTVA program is ac�vely contribu�ng towards for�fica�on of local content produc�on in key industries including security, comput-eriza�on, and electronics.
The Kingdom of Saudi Arabia is aver�ng cyber a�acks under its C.I.A. objec�ves (Confiden�ali-ty, Integri(Confiden�ali-ty, and Availability). Data diode has emerged as a key alterna�ve to other data trans-fer technologies due to one-way communica�on protocol of the former. Besides this, the abili-ty of unidirec�onal data diode to protect secrets as well as assets has also led to the populari-ty of this technology.
Saudi Aramco and AEC, with their in-house data diode technology, align with the goals of local content development within the IKTVA program. The growth of KSA’s economy will largely depend on its localiza�on endeavours in the domain of cyber technologies.
References
1. “Transforming the Economy of Saudi Arabia by Going Digital.” Cequens.Com, 2019, www.cequens.com/story-hub/transform-ing-the-economy-of-saudi-arabia-by-going-digital.
2. Deloi�e. Na�onal Transforma�on in the Middle East A Digital Journey.
3. Hathaway, Melissa, et al. KINGDOM OF SAUDI ARABIA CYBER READINESS AT A GLANCE. 2017.
4. Cyber Readiness Index. “Cyber Readiness Index.” Potomac Ins�tute, Potomac Ins�tute, www.potomacins�tute.org/academ-ic-centers/cyber-readiness-index.
5. Ministry of Communica�ons and Informa�on Technology. “Na�onal Cyber Security Strategy of Saudi Arabia.” Europa.Eu, 2013,ww-
w.enisa.europa.eu/topics/na�onal-cyber-security-strategies/ncss-map/na�onal-cyber-security-strategy-of-saudi-arabia/.
6. Bridge, Sam. “Revealed: The Cost of Saudi, UAE Data Breaches.” ArabianBusiness.Com, 2017, www.arabianbusiness.com/technolo-gy/401429-wkd-revealed-the-cost-of-saudi-uae-data-breaches.
7. IBM. 2018 Cost of Data Breach Study Global Overview. 2018.
8. The BusinessYear. “ICT Infrastructure Targeted in 1,000 Cybera�acks in 2016.” The Business Year, 14 Aug. 2017, www.thebusiness-year.com/saudi-arabia-2017/eng-abdullah-al-swaha-minister-communica�ons-informa�on-technology/vip-interview.
9. MCIT Saudi. Developing Na�onal Informa�on Security Strategy for the Kingdom of Saudi Arabia. 10. ITU. “Developing Na�onal Informa�on Security Strategy for the Kingdom of Saudi Arabia.” MCIT, 2013. 11. IKTVA. In-Kingdom Total Value Add (Iktva) Program 5-Year IKTVA Plan Format Guide.
12. Bell, Jennifer. “KSA Must Become More Resilient against Cybera�acks.” Arab News, Arabnews, 22 July 2018, www.arab-news.com/node/1343151/saudi-arabia.
13. “How Data Diode Cybersecurity Is Being Used to Protect Cri�cal Infrastructure in the Middle East : Owl Cyber Defense.” Owlcyber-defense.Com, 2018,
www.owlcyberdefense.com/blog/2018/10/11/data-diode-cybersecurity-protect-cri�cal-infrastructure-middle-east.
14. PLC, NCC Group. “Private Sector Cyber Resilience and the Role of Data Diodes.” Nccgroup.Trust, 2019, www.nc-cgroup.trust/uk/our-research/private-sector-cyber-resilience-and-the-role-of-data-diodes/.
15. Okhravi, Hamed, and Fredrick Sheldon. Data Diodes in Support of Trustworthy Cyber Infrastructure.
16. Owl Cyber defense. Global Oil & Gas Company Enables Secure, One-Way Produc�on Data Transfer to HQ Company Overview. Owl Cyber Defense.Owlcyberdefense.Com, 2018, h�ps://owlcyberdefense.com/wp-content/uploads/2019/05/owlcy-berdefense-use-case_global-oil-gas.pdf
17. Owl Cyber Defense. “How Data Diode Cybersecurity Is Being Used to Protect Cri�cal Infrastructure in the Middle East : Owl Cyber Defense.” Owlcyberdefense.Com, 2018, owlcyberdefense.com/how-data-diode-cybersecurity-is-be-ing-used-to-protect-cri�cal-infrastructure-in-the-middle-east/.
18. SANS. “SANS Ins�tute: Reading Room - Firewalls & Perimeter Protec�on.” Sans.Org, 2018, www.sans.org/reading-room/whitepa-pers/firewalls/paper/36057.
19. “Electrical Monitor :: Data Diode Technology Can Help Solve Complex Smart Grid Cyber Security Issues.” Electricalmonitor.Com, 2012, www.electricalmonitor.com/Ar�cleDetails.aspx?aid=1206&sid=11.
20. “A Strategy for Smart Meters and Smart Grids in the Kingdom of Saudi Arabia.” Ecra.Gov.Sa, 2019, www.ecra.gov.sa/en-us/ECRAS-tudies/Pages/study2.aspx.
21. Owl Cyber Defense. “Data Diodes : Firewalls.” Owlcyberdefense.Com, 2019, owlcyberdefense.com/wp-content/up-loads/2019/05/19-OWL-DataDiodes-Firewalls.pdf.
22. NTP. “Na�onal Transforma�on Program | Saudi Vision 2030.” Vision2030.Gov.Sa, Vision2030.gov.sa, 2019, vision2030.gov-.sa/en/programs/NTP202.0.
23. Na�onal Cyber Security Index. “NCSI :: Saudi Arabia.” Ncsi.Ega.Ee, 2019, ncsi.ega.ee/country/sa/.
24. Owl Cyber Defense. PROTECTING USAF ICS USAF MAINTENANCE FACILITY SECURES AND AUTOMATES PARTS MANAGEMENT COMMUNICATIONS COMPANY OVERVIEW. Owl Cyber Defense, 2018. h�ps://owlcyberdefense.com/wp-content/up-loads/2019/05/owlcyberdefense-use-case_protec�ng-air-force-ics.pdf
25. Lerner, A. (2019). Network Segmenta�on. [online] Andrew Lerner. Available at: h�ps://blogs.gartner.com/andrew-lern-er/2017/11/09/network-segmenta�on/
/AECSaudiArabia
+966112201350 info@aecl.com
Advanced Electronics Company
King Khalid International Airport Industrial Estate
P.O. Box 90916,