by Stephen Kines, chief operating officer, Goldilock
At Goldilock, we rounded off a successful September by participating in the UK Maritime Cyber Security Trade Mission (MCTM) and the Atlantic Future Forum (AFF) in New York. This was an opportunity to showcase Goldilock’s innovative Drawbridge technology and deep industry expertise to a North American audience – and we were delighted to build relationships and share insights with an exclusive, but diverse, range of Euro-Atlantic allies.
Our trade mission began aboard HMS Richmond in New York Harbour, with attendance at the MCTM. Goldilock was one of only eight companies chosen to present to a high-level delegation put on by the Department for International Trade (DIT) and British Embassy, taking a spotlight role in the forum to discuss our vision of the future of maritime cyber security.
Our selection was a real testament to Goldilock’s alignment to key strategic objectives for both UK Government and private sector. From our origins in Staffordshire to being accepted into the National Cyber Security Centre’s #NCSCForStartups programme, our launch in Southeast Asia, and milestone move to the West Midlands, our achievements over a short space of time reflect a growing global need for a new approach to cyber defence and a move away from only software-centric solutions.
Goldilock then joined Atlantic Future Forum in New York for their exclusive and invitation-only event. Onboard HMS Queen Elizabeth, we had a special breakfast meeting with Juliette Wilcox, the new Cyber Security Ambassador for UK Defence and Security Exports at the DIT. This was followed by a meeting with Kemi Badenoch, the Secretary of State for International Trade, and Emma Wade-Smith, His Majesty’s Trade Commissioner for North America and Consul General New York.
It was a great meeting of minds between senior politicians, policymakers, military leaders, business leaders, and entrepreneurs. Goldilock is proud to have played a key role in discussing the shifting security landscape and the future technologies which will define the next decade and beyond. A vibrant Q&A session with Eric Schmidt, former CEO of Google, and General Sir Patrick Sanders, Chief of the General Staff (UK), on technology-enabled strategies for new defence requirements gave us a further opportunity to showcase our expertise in front of an influential audience.
The forum came at a timely moment for maritime security. Recent geopolitical events have highlighted how important it is for like minded democratic nations to come together to protect maritime trade and ensure that shipping routes are resilient and secure. But with cyber attacks on port systems increasing at an unprecedented rate, the maritime industry is faced with a significant challenge to gain control over an ever-increasing attack surface.
Goldilock understands the challenges. Shipping ports are made up of many separate IT systems and Operational Technology (OT), often owned by distinct entities and managed by an even more disparate group of third parties. Physical objects (e.g., pumps, valves, sensors), which often have controls linked to programmable logic controllers (PLCs) are operated from within OT networks, but there are some that transmit data to or are connected with IT assets (e.g., data storage, enterprise software) which are in turn, connected to the internet. This convergence of information and operational technology (IT and OT) makes every valve, switch, and pump potentially accessible to the internet, vastly increasing the challenge of securing them and makes them part of the attack surface exposed to malicious adversaries
These security gaps and weaknesses led to the US Cybersecurity and Infrastructure Agency advising in August: “Maintain offline (i.e., physically disconnected) backups of data… ensure the backup keys are kept offline as well… implement network segmentation to separate network segments based on role and functionality”.
Enabling network segmentation and then dynamically enabling access, or shutting it off, is exactly what Goldilock’s patented technology does. In New York, we showcased our Drawbridge solution, demonstrating how Maritime operators can control their mission critical assets and infrastructure without continuously exposing it to external attack. Those who we demonstrated to also saw the clear advantage of controlling physical network segmentation without using the internet so it remains out of view of potential attackers.
Bringing the benefits of physical network air-gapping with the convenience of modern trigger methodology to a North American audience was a moment of pride for us all, and we are looking forward to growing the relationships we have formed with our Euro-Atlantic allies.