RSA Special: Trade and Investment

Dave Bittner: [00:00:03] In this CyberWire special report, we take a look back at RSA, specifically at international opportunities for trade and investment in cybersecurity.

Dave Bittner: [00:00:14] This podcast is made possible by the Economic Alliance of Greater Baltimore, helping Maryland lead the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities and proximity to key buyers. Learn more at greaterbaltimore.org.

Dave Bittner: [00:00:34] I'm Dave Bittner in Baltimore with a CyberWire special report on trade and investment. It's Thursday, March 10, 2016. And thanks for joining us.

Dave Bittner: [00:00:43] We had occasion at RSA to speak with representatives of several international firms and government trade missions. Some of the firms we've discussed in earlier posts. We offer a summary of our conversations with three others in today's edition.

Dave Bittner: [00:00:56] The United Kingdom was heavily represented at RSA, and we spoke at length with Andrew Williams, their cyber envoy to the United States. It's worth noting a few patterns in the U.K.'s very active presence in the cybersecurity market. The government has taken an active role in the incubation and promotion of cyber startups. There's an obvious alpha customer in the U.K., and British universities are also making a substantial contribution to research and development. We'll hear from Andrew Williams after the break.

Dave Bittner: [00:01:24] We had an opportunity to visit the German pavilion, as well, where we spoke with representatives of that country's Internet Industry Association. German firms exhibit a strong commitment to international business and a sophisticated understanding of the agreements, policies and regimes that shape it.

Dave Bittner: [00:01:40] The well-established, if dismal, principle that living in a bad neighborhood tends to produce innovative security products and technologies was borne out by what we learned in conversations with representatives from the Republic of Korea and Israel. South Korean companies are fueled by the necessity of coping with essentially continuous cyber mischief from their northern neighbor on the peninsula.

Dave Bittner: [00:02:01] We've been following developments there this week as South Korean intelligence services outline recent cyber espionage campaigns mounted by the DPRK and as the U.S. and the Republic of Korea move to make an already-tight cooperative relationship even closer. We spoke with Taeil Cho of the Korean Trade Investment Protection Agency (ph). He stressed the country's openness not only to exporting advanced technology, but also to partnering with international businesses. We also note that the U.S. Department of Commerce will be sending a trade mission to South Korea this May. The mission will visit Japan and Taiwan, as well.

Dave Bittner: [00:02:35] You can read about our discussions with SCADAfence, Fortscale and Secto - all of which operate in Israel - in today's special RSA retrospective on our website, thecyberwire.com.

Dave Bittner: [00:02:49] This podcast is made possible by the Economic Alliance of Greater Baltimore, helping Maryland lead the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities and proximity to key buyers. Learn more at greaterbaltimore.org.

Dave Bittner: [00:03:15] RSA is, of course, an international conference drawing attendees and exhibitors from around the world. Andy Williams is the U.K.'s cyber envoy. His mission at RSA was to spread the word about his nation's significant cyber capabilities to help facilitate business relationships with companies in the U.S. and to promote the technologies that U.K. companies were showing at the conference. Telesoft Technologies is one of those companies, and Matthew George is their CTO. He'll tell us about their effort to bring the speed of FPGAs to the market. And finally, we'll hear from Ezequiel Gutesman, director of research at Onapsis Research Labs. He'll share the findings from a Ponemon report on security within Germany's SAP. First up is Andy Williams, cyber envoy from the U.K.

Andy Williams: [00:03:59] We have a very strong position in the U.K. I think the U.K. is generally recognized as one of the top three leading countries in terms of providing cybersecurity capability globally. We have very strong heritage in cybersecurity going back to the Second World War and signals intelligence and obviously a very strong collaborative relationship with the U.S., which is another reason why U.K. companies are interested to engage in the U.S. market.

Dave Bittner: [00:04:26] The U.S. and U.K. have much in common, says Williams, making them a natural fit.

Andy Williams: [00:04:31] Actually, the U.K. is the most popular destination for U.S. cybersecurity companies who are seeking to enter the European market, you know, for all the obvious reasons around common language, similar business regulatory environment, et cetera. About 80% of all U.S. companies that decide to enter the European market originally set up in London, and they find that a very business-friendly environment. But also, there are already extremely strong links between the U.S. and the U.K. So if you're a U.S. company who's been doing business successfully in the U.S., you're likely to have clients that have some kind of operational presence in the U.K. already.

Dave Bittner: [00:05:12] Part of his team's responsibility is providing support for international companies that wish to do business in the U.K.

Andy Williams: [00:05:19] Yes. So particularly when you're entering a new market for the first time, building relationships is fundamental. So part of what the U.K. government does is help organizations that are coming in to understand who they need to meet with and what they need to know in order to accelerate the launch of their business in the U.K. We also help companies that set up in the U.K. that become incorporated as U.K. companies to export to other European markets. It's not only about helping them set up and establish in the U.K. But if they're targeting mainland Europe - or even the wider European, Middle East and African market - we have people in country that can help support them in those markets, as well.

Dave Bittner: [00:06:03] Mr. Williams also shared his view on the Safe Harbor privacy agreement.

Andy Williams: [00:06:07] We are actually supportive of the idea that the Safe Harbor agreement needs to be developed and made more relevant for the environment that we're living in today. More and more companies - particularly as cloud-computing, for example, develops - are needing to host customer data outside of the originating country. And our view is that that is absolutely vital for the development of global commerce. However, it needs to be done in a safe and secure way.

Andy Williams: [00:06:38] And obviously, the European Union and some of the efforts that it currently has underway will be effectively launching cyber harbor - Safe Harbor version 2, which will have built into it many more personal safeguards around how data is used, how it's stored, how an individual has rights to understand how that data is being stored and used in other countries. And we welcome that.

Dave Bittner: [00:07:05] He also highlighted some of the structural differences between the way the U.S. and the U.K. handle governmental cybersecurity.

Andy Williams: [00:07:12] In the U.S. right now, you have the Department of Homeland Security, which is an overarching agency. We don't have, currently, an overarching agency, so cyber is handled in a number of different ways in government. However, we are about to launch the new U.K. cybersecurity strategy in the next month or two, and that's one of the aspects that we're currently addressing. So we will be standing up a new national cybersecurity center that will become a focal point for all of the government's cybersecurity activity in the U.K., looking fairly similar in shape to what the DHS does here in the U.S. as that overarching agency that supports the whole of government on cybersecurity.

Dave Bittner: [00:07:55] The U.K. has substantial resources in place to help companies looking to explore the possibilities of doing business together.

Andy Williams: [00:08:02] We have a network of consulates all over the U.S. I'm personally based in Washington, D.C., but we have consulates in about 20 regions of the U.S. with staff who are trained and knowledgeable about helping U.S. companies even before they've decided to export on what they need to understand. Once they've gone past that stage, we can actually put them in touch with experts in the U.K. that can help manage the process of setting up - so for example, finding partners and, you know, being put in touch with professional services, experts that can handle the legal aspects of setting up in the country and a raft of other services. So that can be done both here in the U.S. and also in the U.K.

Dave Bittner: [00:08:57] Telesoft Technologies is one of the companies that Andy Williams is promoting, and Matthew George is their CTO. They're a hardware company leveraging the speed of FPGAs, field-programmable gate arrays.

Matthew George: [00:09:09] We've been about for 25 years. We've come from the CSP and secure government source sector, traditionally kind of looking at telephony and signal processing. And more recently, we've swung over to try and leverage that technology with a view to process packets and accelerate applications running on commodity hardware, with a view to helping people achieve total network visibility with a goal to improving their instant response.

Dave Bittner: [00:09:40] Telesoft uses the hardware of FPGAs to accelerate processes that traditionally ran in software.

Matthew George: [00:09:47] If you were to ask me, you know, kind of what's at the core of Telesoft Technology, there's a bunch of very clever guys coding VHDL and creating FPGA binary images that we use, and we custom those images to accelerate application. So things like Bro, Suricata - you know, things that integrate with Splunk and other kind of seams and things like that to give these instant response teams a real kind of leg-up to help them look at the internal traffic within their network. A lot of these security teams - they have really good kind of protection at the boundary of their network. But quite often, the interior of their network is, A, kind of much higher throughput. It's a lot more packets flying around. It's harder to kind of - for them to get a grasp on what's going on within their network. So we've chosen to accelerate open source applications because they present less of a monolithic, black-box product for people to get their heads around. So, you know, people might be taking perimeter care from kind of FireEye or Palo Alto or whoever. But really, when they're - when you've got these dedicated teams working full time to look at data within their network and respond to incidents and work out root causes, et cetera, they really need a product that they can get their heads around, maybe talk to the development team - you know, that sort of level of involvement.

Dave Bittner: [00:11:17] According to Matthew George, the advantages of using hardware over software are speed and scalability.

Matthew George: [00:11:23] When you want to scale to extreme data rates - and typically, when you're looking inside your network, your traffic is going to be, you know, an order of magnitude bigger than your perimeter traffic, right? So at that point, will software scale? Maybe. I mean, can you run DPI on kind of a hundred gig of trafficking software? You know, that's going to be a real challenge, right? Can you produce unsampled net flow on a hundred gig of data? Again, you know, that's going to be a real challenge if you're just using software.

Matthew George: [00:11:52] So I think, you know, the power of FPGA is its ability to process every packet at line rate. You can't sample. You have to look at every packet, you know? And that's where FPGAs come into their own, right? You can kind of - you know, you're coming straight off the wire, straight into an FPGA. And then we're passing the packets up to software. And - but we're adding a real kind of, you know, kick in the pants from a performance perspective.

Dave Bittner: [00:12:36] You can learn more about Telesoft at telesoft-technologies.com.

Dave Bittner: [00:12:36] Onapsis Research Labs sell a security platform that works with products from German business software giant SAP. Ezequiel Gutesman is director of research at Onapsis, and they sponsored a Ponemon Institute research survey on SAP's cybersecurity.

Ezequiel Gutesman: [00:12:51] Well, basically, we interviewed more than 600 IT practitioners, and we came up with really interesting numbers. The most interesting things came up when most of the interviewed people really understood that they haven't had a problem and lack of visibility in terms of SAP security. They really don't know how to tackle that. The patching windows for SAP systems are huge. So you're facing to the problem of deciding when to apply a patch. And sometimes we had customers that couldn't apply that patch for eight months since the patch was available. So basically, since the moment we discovered a vulnerability, it has been - there have been some cases where 12 or 24 months, in some cases, of exposure were there. So what we try to do is reduce that window and give visibility to the people responsible for the security.

Ezequiel Gutesman: [00:13:48] Also, from the report, there's no clear ownership - who owned SAP security, whether it was the IT security teams or the SAP application teams. Also, part of our work is bringing those teams together and give them the information they need and what they need to patch, help them prioritize and plan their security practice.

Dave Bittner: [00:14:07] The study found that in many companies, there was a knowledge gap at the executive level.

Ezequiel Gutesman: [00:14:11] Most of the data here expresses that people - the senior management doesn't really know - for example, there was a question where our senior leadership knows what data resides in our company SAP systems. Only 23% said that they did. And that's surprise because SAP systems are responsible for carrying all the business information, financial and - integrations with financial endpoints. And then the lack of visibility they have for the security of those platforms since - a few years ago, you would ask about SAP security, and they would say, well, but that's in our internal network. But nowadays, that's - there is no such thing as the internal network. They are interconnected with mobile devices and external applications and external services. So you really need to have a fresh look at how SAP securities is evolving. The speed in which vulnerabilities are discovered is way faster than the speed that customers can patch.

Dave Bittner: [00:15:12] You can read the complete Ponemon report on security within SAP systems at onapsis.com.

Dave Bittner: [00:15:17] And that wraps up our RSA 2016 special coverage. Thanks again to everyone who visited us at our booth and helped us spread the word about the CyberWire and the CyberWire podcast. We're growing like gangbusters, and we couldn't do it without you. So thanks.

Dave Bittner: [00:15:36] The CyberWire is a production of CyberPoint International, and our editor is John Petrik. I'm Dave Bittner. Thanks for listening.