Cybersecurity: supporting the transformation of Belgium's critical infrastructure providers
With the Network Security and Information (NIS) directive due to come into effect in 2018, Belgium is getting ahead of the game so that the country's critical infrastructure providers comply with all the security requirements of this European directive. As a long-standing partner of the Belgian authorities and a world leader in cybersecurity, Thales is in a strong position to help the country meet the deadline.
French law already obliges critical national infrastructure providers to put specific security measures in place and protect themselves from cyber attacks. But in Belgium's case, ensuring compliance with the new European NIS directive is one of the country's first moves to systematically strengthen the security policies of its critical service providers.
Networks without borders
The NIS directive stipulates the measures needed to provide a high level of security for the information systems and IT networks in use in the European Union. It also lays down the security obligations of "operators of essential services" and "digital service providers".
Countless companies and administrations inside the EU rely on digital networks and infrastructure for their essential services. As a result, network and data security incidents can have a major impact, jeopardising service availability and potentially preventing these organisations from operating.
In addition, as the EU internal market grows, these information systems and IT networks increasingly transcend national borders, so an incident in one country can have an impact on another country, or even across the entire EU.
Raising awareness
With Belgium's relatively loose legislative framework on cybersecurity, critical infrastructure providers are looking for guidance. A number of seminars have been organised by government agencies and security professionals, and Thales has played an active role in these informational events. We are an established provider of sovereign cryptographic and operational support solutions for crisis management centres and critical networks, and a technology provider to ASTRID[1], the operator of the national radio communications, paging and dispatching network for emergency and security services in Belgium. In addition, we are a long-standing partner of the Belgian defence ministry. These credentials in Belgium and as a world leader in cybersecurity make Thales a partner of choice for critical infrastructure providers as they step up to the challenge of tighter security policies and new measures to counter the growing threat of cyber attacks.
On high alert
There is an even more pressing need to address these challenges in the wake of the terror attacks in Brussels in early 2016. In addition to its background in defence and security, Thales has a growing ground transportation business serving the road and rail markets, and is a leading player in the air transport sector. Smart solutions from Thales, for example, help to make public transport networks both safer and more efficient.
These transport networks are prime targets for terrorists. Critical components of their information systems are all vulnerable —automatic train control systems for metros, energy management and surveillance systems, control and supervision centres — and call for solid security measures. Thales brings to the table a unique set of skills and a record of success on critical infrastructure security projects around the world.
Our expertise in data analytics is another strength. Our Big Data solutions, for example, are capable of sensing weak signals on Internet forums and social media to help detect terrorist activity. This is another avenue of investigation in our partnership with Belgium and part of the broader cooperation between national and international agencies to step up the fight against terrorism and keep citizens safer.
Tailored solutions for critical infrastructure providers
With 130 experts dedicated to critical communications and information systems and cybersecurity in Belgium, Thales proposes a comprehensive, modular set of solutions and services covering the entire system life cycle — design, development, integration, deployment, operation and maintenance — to meet the specific security requirements of critical infrastructure providers.
Thales proposes an extensive range of products, services and expertise with a distinctive Europe-wide dimension. This includes CERT services, Cybersecurity Operations Centres, Rapid Reaction Teams, security auditing and risk assessment, network encryption devices, sovereign probes, data centres and IT security consultancy. This breadth and depth of the Thales offering is recognised throughout the world and enables us to tailor each solution to the specific needs and issues faced by each customer.
To raise awareness and offer support to critical infrastructure providers, Thales is running a special seminar about the digital transformation on 24 June to coincide with an event organised by the Belgian defence ministry[2]. The seminar will be structured around the four pillars of the Thales offering for critical infrastructure providers: prevention (security auditing and risk assessment), protection and detection (encryption, supervision, etc.), reaction (Rapid Reaction Team, crisis management), and operation (security maintenance). The seminar will be an opportunity for participants (mainly IT and information security managers) to gain insight on three major topics:
- Cyber attacks: every organisation is a potential target, but few are prepared (focus on DDoS attacks in partnership with Radware)
- The NIS directive: local case study, implementation in other EU countries
- Safeguarding your sensitive data (future-generation security and sovereignty solutions)
The Thales European Centre for Security & Information Systems (ThereSIS) is Thales’s IT and cybersecurity research lab, working constantly to enhance security solutions and services for customers and to minimise the risk of obsolescence caused by the emergence of new technologies.
The research conducted at ThereSIS is structured around key domains, including:
- Cybersecurity: visualisation techniques and advanced static methods to detect abnormal behaviour in real time
- Applications security: smart solutions to support IT system supervision and control
- Cloud computing: secure hybrid cloud environments with dynamic configuration and automated resource supply and management
- Real-time embedded systems: software architectures incorporating multiple technologies to solve security problems and provide additional flexibility.
Fast prototyping and co-design methodologies are the key to the success of the solutions developed by ThereSIS researchers, who work in partnership with numerous Belgian research organisations:
- Autorité Nationale de Sécurité (ANS)
- Université Catholique de Louvain (UCL)
- University of Leuven – KU Leuven
- Faculté Polytechnique de l'Université de Mons (FPMs-UMons)
- Université Libre de Bruxelles
- Université de Namur (FUNDP)
- CETIC (national applied research centre for enterprise level IT and communications technologies)
- Multitel (Research Centre in Telecommunications, Signal and Image Processing)
- Skywin (Belgian Aerospace Competitiveness Cluster)
To find out more:
Enhanced cybersecurity solutions for essential operators