Katherine Ziesing | Canberra
The centre will help train and equip cyber security professionals, perform advanced analytics and serve as Boeing’s regional cyber security centre of excellence. Boeing will hire and train cyber security professionals in Singapore to staff the centre.
“We are taking our Singapore partnership to a new level with this Cyber Analytics Centre aimed at boosting cyber security in the city-state and beyond,” Skip Boyce, president of Boeing Southeast Asia, said.
“Boeing already has a strong business presence here, comprising commercial airplane and defense procurement, aircraft maintenance and research and technology work.”
A key feature of the facility will be the ability for customers to share timely and actionable information.
The centre will also provide a collaborative environment for security professionals to work with industry partners, customers and academia to solve complex, cyber security challenges.
“We’ve established this centre to address current and evolving cyber security challenges in the Asia-Pacific region,” Per Beith, director of Boeing’s Information Security Solutions, said.
“The risks to critical infrastructure and governments worldwide continue to grow, and this centre demonstrates Boeing’s – and Singapore’s – commitment to addressing the cyber threat.
The centre is due to start operations in early 2015.
“The reality is we’ve really been in the security and cyber security business long before we all started using this cool term called cyber because it’s a necessity for everything that we do,” Beith explained to ADM.
“It’s critically important that all our platforms are secure from a physical security standpoint and a cyber security standpoint so that the things we do as the Boeing company in connecting people and places and things are protected.
“In today’s world what’s really important and has a lot of value is information.
"So our ability to move information across the planet and into space and down and protect that information, means we must make sure it’s secure.
"But we also know that we’re all under attack.
Like any Defence prime, Boeing is attacked on a regular basis by adversaries either trying disrupt business operations or trying to steal intellectual property.
Beith and his team have identified five major themes that the cyber side of the Boeing business is trying to address both internally and along their global supply chain.
1. The rapid transition to smart technology.
It’s more available, it’s smaller, it’s cheaper, and everybody has devices that are connected to the internet.
The trend has created an ecosystem that everybody relies on.
And a lot of these devices don’t need human interaction.
Many programs run in the background, such as GPS and information gathering cookies on browsers to help your search results when web surfing.
2. Proliferation into the cloud.
“Data is moving into the cloud, everybody is putting information in cloud structures,” Beith said.
“There’s business models centred around the cloud and it’s a way to organise and categorise information more rapidly and you’re really relying on somebody else to provide the protection of all that information.
"Part of that is because the current protection schemes aren’t as effective so we’re willing to rely on other third parties to protect our information.”
3. Over-reliance on the internet.
All manner of communications and interactions happen in a space that was not designed with security in mind.
“We are not near as secure as we think we are,” Beith warns.
4. Users versus cyber experts.
There is a massive knowledge gap between the everyday IT user and a cyber security expert.
It’s the human in the system that is more likely to click on an interesting link that leads to a vulnerability.
“One of the challenges that every organisation has is education,” Beith said to ADM.
“In Boeing’s case, in the government’s case, in industry’s cases, educating the workforce to be really smart users, to have exceptionally good cyber security hygiene.
"It’s kind of like brushing your teeth on a regular basis; the regular good disciplined hygiene that we follow in our personal life we have to follow in our professional life to be cyber secure.”
5. Expanding cyber attacks.
The threat continues to get more sophisticated.
“The velocity, the speed of these attacks continues to grow.
"So every time a new technology comes on board and let’s say we as a company or governments implement this new technology, the adversaries are buying that same technology, reverse engineering it, finding the vulnerabilities in that technology and the cycle starts all over again.”
As a global player, Boeing relies on a vast supply chain of other companies of all sizes.
Maintaining security along each step can be hard for companies that perhaps don’t share the same sense of cyber security hygiene.
“Well we certainly encourage our suppliers to have very good strong hygiene but we don’t today want to be in the business of dictating exactly the policies and practices all our suppliers have to implement to do business with Boeing,” Beith said to ADM.
“We certainly make some recommendations on things they can do.
"In some cases we will help our suppliers but for us, we really look internally and say what do we need to make sure that we do to protect ourselves against the threats.”
Another major consideration in this space is the fierce competition for skilled people.
The US government recently announced that it needs about 6,000 cyber security specialists.
And that is a drop in the ocean compared to the numbers that industry is seeking.
Both industry and government are struggling about how to create these people over the coming years.
“You don’t just send them through college and you hire them,” Beith said.
“You have to capture hearts and minds before they ever enter college or technical school.
"Working with high school level students, even grammar school level to really create an excitement around the discipline of information security and cyber security.
“We’re very active in working with the academic community but we’ve also built a training capability.
"We’ve partnered with some companies like, root9b, that we announced earlier this year; it’s a US based company doing of cyber security training for the US government.
"We’ve partnered with them to have add cyber training content that we’re putting on our cyber range in a box.”
The cyber range in a box is a platform that allows for easy configuration for simulation and modelling in dealing with cyber threats and experimentation.
When trying to explain the concept to the uninitiated, Beith compares it to a flight simulator but for cyber.
You can try out all the ideas and concepts in a safe space without the crashing and burning in real life.