Cyber Management and Situational Awareness Systems Fill Knowledge Gaps
Rafael unveiled its Cyber Situation Awareness (SA) and Cyber Management System (CyMng) at Milipol in Paris on 19 October, alongside the CYBER DOME and SCADA Dome cyber defence solutions.
The first two solutions are aimed helping governmental agencies fill identified knowledge gaps in cyber security strategies. Rafael draws on extensive experience with the Israeli government, offering a comprehensive approach to cyber threat monitoring and detection. The company believes nobody has yet proposed a nation-wide approach to SA in cyberspace – responses to a cyber attack are normally time-constrained and reactive to an event already in progress. Worse still, capability to assess the potential impact of a large-scale attack or virus infection is generally poor.
Cyber SA is a solution built to collect and aggregate information from multiple infrastructure networks – airports, railways, seaports and IT and OT operations networks – to create a comprehensive image of current cyber threats. The reporting mechanism takes into consideration the international nature of cyber threat and the software therefore constantly monitors global events from the customer perspective. Relevant events are detected and classified over time and ranked by sector (health, energy, transport, finance) and by threat (malware, ransomware, denial of service, etc). Cyber SA provides the client with a comprehensive picture of what is happening in cyberspace, and what phenomena might impact the country, in which sectors and at what order of magnitude.
CyMng is the natural complement of Cyber SA, as it allows for automated reactive and proactive information-gathering and incident response processes. Threats can be identified in advance, vulnerabilities can be detected and incident response metrics collected. By comparison, the system can reveal whether ongoing attacks are characterised by common techniques or sources as used in earlier events, thus helping the customer agency to understand where the attack comes from and what its potential impact on critical infrastructure might be.
In sum, compared to traditional products focused on self-protection of a single point or a single network, these Rafael solutions work at the highest level, providing decision-makers with national-level recognised SA and threat assessment capabilities. Naturally, products like CYBER DOME and SCADA DOME can be deployed as well, to reinforce the capability to protect critical infrastructure.
Marco Giulio Barone at Milipol for MON