Project review and partnership meeting
October 27, 2017
The 27th October, Großwallstadt in Germany was guested by visitors from London, Stockholm and Brussels. The EU project coordinator from Brussels, Cathy Pouret, and the technical reviewer for the CyberWiz project from London, Steven Paul, came to conduct a review of the work and deliverables within the project together with the project coordinator from apsec, Monika Goedicke.
In conjunction with this, the CEO of foreseeti, Joakim Nydrén and the Head of Global Sales and Marketing, Frank Stolpe, flew in from Stockholm to assist in the review and discuss future partnership planes and sales activities together with the CEO of apsec, Frank Schlottke, the Head of Sales and Marketing, Helmut Oppitz, and Consultant for Information Security, Klaus Zoll.
The participants from the 27th of October – from left to right:
Klaus Zoll, Frank Schlottke, Frank Stolpe, Helmut Opptiz, Joakim Nydrén, Cathy Pouret, Steven Paul and Monika Goedicke.
CyberWiz project finishes successfully!
Summary of the context and overall objectives
Information & Communication Technology (ICT) is today central in our society. In critical infrastructures, ICT handle management of critical data as well as control of physical processes such as the power grid. Cyber security is thus crucial, and the number of cyber-attacks is rapidly increasing.
Managing cyber security is however very challenging. ICT architectures are typically composed of a large number of systems, processes and individuals connected to form a complex system-of-systems. Enterprise cybersecurity decision maker cannot be expected to have the deep understanding of all types of ICT security vulnerabilities and their dependencies that is needed in order to make insightful proactive decisions. As a result, they struggle to get an objective and fact-based overview of where they are more or less vulnerable and what investments to prioritize. This is where enhanced tool support - as securiCAD - can provide significant value to enterprises.
The purpose of this project is to help enterprise decision makers analyse their cybersecurity posture in a meaningful and understandable way. The project among other improves and adapts the tool securiCAD to the need of critical infrastructure operators, and test in realistic condition with two critical infrastructure operators in Germany. The project objectives have been structured in 3 key areas, supported by specific exploitable results:
- Adapt and improve the solution based on customer feedback
- Validate the practical value of the solution
- Develop best practices guidelines and methodologies and encourage widespread adoption of the solution
Work performed and results achieved
In summary, the project was a success. The software solution has been adapted and improved for the analysis of critical infrastructures, and has been packaged for various sales opportunities and for use by consultants. Additional value has been created by developing supporting material such as components, manuals, and documentation of guidance, best practices, and methodologies. The value of the approach and toolset has been shown and validated by two major pilot projects in the electric power generation and distribution industry. Further, a “Turing test” has validated securiCAD®’s ability to make security assessments as good as human security experts. As part of establishing commercial viability, various events with experts were performed. The approach of CyberWiz was very well received.
Project work has included the following:
Improving the solution, including both securiCAD® Professional and Enterprise Edition.
Demonstrating the practical value of securiCAD®. Two pilot projects in the energy sector were conducted. These were well received by the customers. Further, a Turing test of the securiCAD® software has been carried out to benchmark it with domain experts. It was found that securiCAD® performed at least as good as domain experts.
To support consultants in securiCAD® projects, a set of documents called “Guidance and best practice” were developed. Further, a partner certification scheme was developed. Being certified implies that the consultant knows how to properly leverage the securiCAD® solution and provide the outmost quality to the end customer.
A large number or communication activities were performed to ensure good dissemination about the project and the solution. This includes issuing press releases, writing and submitting articles in reputable magazines, attending conferences, driving social media communication, and more.
For commercialization activities, the project has developed and executed on a commercialization plan. Execution activities includes development of sales material and proof of concept, conducting customer sales meetings, defining processes for support, training, and delivery, attracting funding, and more.
Progress beyond state of the art
CyberWiz introduces a tool and methods with distinct advances compared to the commercial state of the art. In short, the tool is a threat modeling and proactive risk management tool based on the concepts of attack graphs and Bayesian Networks. A Bayesian Network is a graphical representation of cause-and-effect relationships within a problem domain. A Bayesian network is a powerful tool for security analysis, especially for the proactive, forward looking “what-if” analyses. However, it is not trivial to make it practical and valid. Challenges that have been solved in the tool, include setting the right taxonomy and model to make it practically viable, proving that the output is valid, providing the ability to model the uncertainty inherited in security analysis, and more. It employs a taxonomy that couple attacks and defenses to objects in a way end-users can easily model and understand and provide actionable decision support as output.
securiCAD for electronics industry with IoT and embedded systems
Elektroniktidningen - a magazine for the electronics industry - explores securiCAD in an article published here. A great article that explores the tangible values of using securiCAD in general and in an IoT and embedded systems environment in particular.
Professor Johnson speaks to Swedish Members of Parliament
Professor Pontus Johnson, Head of Cyber Security R&D / Technology at foreseeti, spoke to Swedish Members of Parliament on the vulnerability of the digital infrastructure during a lunch seminar at the House of Parliament organized by the Royal Academy of Engineering Sciences on Thursday, April 6.
Awarded the title as one of Sweden’s 33 hottest tech companies in 2017!
Today for the tenth anniversary of 33-listan the winners of 33-listan were presented at Münchenbryggeriet in Stockholm. It is now the second time that foreseeti has been awarded this prestigious title with the first time being in 2016.
The work to find tomorrow’s most promising tech companies started in January when the jury of 33-listan began touring the country. The jury was on the lookout for companies that offered an innovative product or service with great international potential – innovations that could become a game changer within the tech industry.
foreseeti’s CEO Joakim Nydrén comments: “I’m very pleased with foreseeti once again claiming the title as one of Sweden’s 33 hottest tech companies. This clearly indicates that we are on the cutting edge of our field and that our innovative products are highly competitive. A great continuation of a very exciting 2017.”
Probabilistic is the way to go
PwC recently publish the "Operation Cloud Hopper" report. From the report we learn: "This report is an initial public release of research PwC UK and BAE Systems have conducted into new, sustained global campaigns by an established threat actor against managed IT
service providers and their clients..."
In order to convey their confidence in their assements, they have resorted to use probabilistic language as can be seen in the picture above. We at foreseeti are determined that this is the right way to go, and advocates the of use probablistics to quantify threat modelling.
Security testing of SCADA systems with foreseeti
On the 4th of April you will have the opportunity to participate in a sought after advanced course about security testing of SCADA systems together with foreseeti and F-Secure. For half a day you will receive new and practical knowledge that you will have great use of when you want to identify and mitigate security flaws in your SCADA system. The advanced course also gives a unique opportunity to discuss your questions with likeminded people that have an extra interest in SCADA security and security testing.
To learn more about the conference and to participate in the advanced course visit - http://insightevents.se/events/scada/
Have you seen our new product movies? Find out how securiCAD Professional works on - https://www.foreseeti.com/products
Breakfast Seminar - March 17 Register now!
Welcome to our first breakfast seminar with the theme: "2017 - the year of the cyber security technology leap"
Our purpose with this cost free breakfast seminar is to share community knowledge and leading research that benefits us all. During this morning we will be listening to leading experts from different areas in cyber security.
Breakfast will be served from 08:30 and we start the talks at 09:00.
After the seminar you are all welcome to join us at our office next doors to a touch and feel session together with our experts.
The friends at foreseeti
foreseeti at KTH Tech Talk
Listen to the KTH Tech Talk where Robert Lagerström and Jacob Henricson explain what securiCAD is and what foreseeti is about.
foreseeti announces SEK 9 million in funding led by experienced entrepreneurs and InnoEnergy
foreseeti announce a 9 million SEK in funding led by experienced entrepreneurs and investors Michael Lantz and Simon Josefsson together with InnoEnergy.
“ We are excited to bring in Michael and Simon as investors and board members. Their expertise is perfectly in line with our road ahead; Michael has built Accedo, a global B2B software business with pioneering products, from scratch to a turnover of +300 MSEK, and Simon is one of the key persons behind the global cyber security success company Yubico. In addition, this funding round includes InnoEnergy, a leader in innovation in energy market, experienced venture capitalists Patrik Westerberg and Anders Ösund and company employees. In short, a perfect mix of skilled capital that, together with our innovation and commercialization funding, will provide a very solid ground for our continued growth journey in the strategic niche of the cyber security market”, says Joakim Nydrén, CEO and co-founder, foreseeti.
“foreseeti has a unique, leading solution which perfectly responds to a huge and fast growing market need. Furthermore, the team has a very strong mix of deep technical skills, including professors, PhDs and military security experts, as well as extensive commercial market knowledge and experience, including business strategists, operational IT security executives and cyber security consultants ”, says Michael Lantz. “I am thrilled to invest and contribute to their future success.”
”The need of foreseeti’s solution is immense” says, Simon Josefsson. “Managing cyber security in a proactive and business minded way is extremely challenging in a world of complex and interconnected systems of systems. The devils are both in the details and in the large. Today, this work is typically done through manual expertise, which is scarce, expensive, and subjective. securiCAD® boost your organization with automated, objective capabilities, improving your security work in the same revolutionizing way as CAD tools have improved work in other engineering domains.”
DIDigital recognizes the foreseeti investment round
foreseeti researchers attend conference and workshop
During the period September 5-9, the 11th TEAR workshop was organized in conjunction with IEEE EDOC 2016, in Vienna, Austria. Prof. Pontus Johnson from foreseeti attended the workshop where he presented an article.
Assoc. Prof. Robert Lagerström from foreseeti attended the PICMET '16 Conference "Technology Management for Social Innovation" September 4 - 8, Honolulu, Hawaii, USA. At this conference, he presented four articles where of three with regard to cyber security.
Learn more about securiCAD®? - Check out this film!
foreseeti published in Swedish security magazine ”Aktuell Säkerhet”
foreseeti has been published in the Swedish security magazine ”Aktuell Säkerhet”. The article refers to foreseeti securing a 250 000 SEK investment prize from Almi Invest in conjunction with the 33 hottest tech companies 2016 event.
Congress for IT-Security
April 20, 2016
On Wednesday 20.4.2016 Cyberwiz and SecuriCAD will be presented on the 12th Congress for IT-Security (https://www.it-trends-sicherheit.de). Michael Goedicke will present the work of Cyberwiz (https://www.it-trends-sicherheit.de/vortraege/vortragdetail.html?vortrags_id=71).
One of Sweden’s 33 hottest tech companies 2016
April 12, 2016
We are proud to announce that foreseeti one of the members of the CyberWiz consortium together with apsec and paluno, is one of Sweden’s 33 hottest tech companies 2016 according to Swedish magazines NyTeknik and Affärsvärlden. foreseeti was also awarded the largest add-on prize in the event.
Yesterday, for the ninth year in a row, the winners of 33-listan were presented at Münchenbryggeriet in Stockholm. The work to find tomorrow’s most promising tech companies started in January when the jury of 33-listan began touring the country. The jury was on the lookout for companies that offered an innovative product or service with great international potential – innovations that could become a game changer within the tech industry.
In addition, foreseeti was awarded the biggest add-on prize in the event; the prize from Almi Invest. A great honour.