digest
June 27

Monthly Digest. 2024 / 06

Welcome to the next edition of our Monthly Digest, your one-stop resource for staying informed on the most recent developments, insights, and best practices in the ever-evolving field of security. In this issue, we have curated a diverse collection of articles, news, and research findings tailored to both professionals and casual enthusiasts. Our digest aims to make our content is both engaging and accessible. Happy reading

unpacking with more detail (PDF)

Follow on TG & Boosty

A. Maritime Security

Maritime cyber-security is an increasingly important area of concern for the maritime industry, as emerging technologies such as the Internet of Things (IoT), digital twins, 5G, and Artificial Intelligence (AI) are becoming more prevalent in the sector. The convergence and digitization of Information Technology (IT) and Operational Technology (OT) have driven the transformation of digital supply routes and maritime operations, expanding cyber-threat surfaces.

1) Key Points

· Increased marine traffic and larger ships with more capacity have led to challenges in maneuvering in existing channels and seaports, lowering safety margins during cyber-incidents. Today's ships are also more heavily instrumented, increasing the threat surface for cyber-attacks.

· The US Coast Guard reported a 68% increase in marine cyber-incidents, and recent studies show that cyber risks within marine and maritime technology are present and growing as new solutions are adopted.

· While digitization in shipping offers productivity gains, physical safety, lower carbon footprints, higher efficiency, lower costs, and flexibility, there are vulnerabilities in large CPS sensor networks and communication systems.

· A survey of mariners found that 64% of respondents believed that a port had already experienced significant physical damage caused by a cyber security incident, and 56% thought a merchant vessel had already experienced significant physical damage caused by a cyber security incident.

2) Secondary Points

· Emerging Technologies: The maritime sector is adopting new technologies across offices, ships, seaports, offshore structures, and more. These technologies include the Internet of Things (IoT), digital twins, 5G, and Artificial Intelligence (AI).

· Supply Chain Digitization: Supply chains are also using more Information Technology (IT), introducing digital vulnerabilities. The convergence of IT and Operational Technology (OT) is transforming digital supply routes and maritime operations, expanding cyber-threat surfaces.

· Cyber Threats: Nation-state actors and organized crime have the resources and motivation to trigger a cyber-attack on Critical National Infrastructure (CNI), such as large-scale Cyber-Physical Systems, which include maritime operations.

· Cyber-Physical Systems: The integration of physical processes with software and communication networks, known as Cyber-Physical Systems, is a significant part of the maritime sector's digital transformation. However, it also introduces new cybersecurity challenges.

· Impact of Cyber-Attacks: Cyber-attacks on maritime infrastructure can have significant economic impacts, affecting not only the targeted seaport but also the broader global maritime ecosystem and supply chains.

B. Choosing Secure and Verifiable Technologies

The document "Choosing Secure and Verifiable Technologies" provides comprehensive guidance for organizations on procuring digital products and services with a focus on security from the design phase through the lifecycle of the technology. It emphasizes the critical importance of selecting technologies that are inherently secure to protect user privacy and data against the increasing number of cyber threats. It outlines the responsibility of customers to evaluate the security, suitability, and associated risks of digital products and services. It advocates for a shift towards products and services that are secure-by-design and secure-by-default, highlighting the benefits of an approach, including enhanced resilience, reduced risks, and lower costs related to patching and incident response.

1) Audience

· Organizations that procure and leverage digital products and services: This encompasses a wide range of entities known as procuring organizations, purchasers, consumers, and customers. These organizations are the main focus of the guidance provided in the document, aiming to enhance their decision-making process in procuring digital technologies.

· Manufacturers of digital products and services: The document also addresses the manufacturers of digital technologies, providing them with insights into secure-by-design considerations. This is intended to guide manufacturers in developing technologies that meet the security expectations of their customers.

· Organization Executives and Senior Managers: Leaders who play a crucial role in decision-making and strategy formulation for their organizations.

· Cyber Security Personnel and Security Policy Personnel: Individuals responsible for ensuring the security of digital technologies within their organizations.

· Product Development Teams: Those involved in the creation and development of digital products and services, ensuring these offerings are secure by design.

· Risk Advisers and Procurement Specialists: Professionals who advise on risk management and specialize in the procurement process, ensuring that digital technologies procured do not pose undue risks to the organization.

C. Europol Cybercrime Training Competency Framework 2024

The Europol Cybercrime Training Competency Framework 2024 encompasses a wide range of documents related to cybercrime training, competency frameworks, strategies, and legislation. These materials (as compilation by Europol) collectively aim to enhance the capabilities of law enforcement, judiciary, and other stakeholders in combating cybercrime effectively.

· Purpose of the Framework: The framework aims to identify the required skill sets for key actors involved in combating cybercrime.

· Development Process: The framework was developed following a multi-stakeholder consultation process. This included contributions from various European bodies such as CEPOL, ECTEG, Eurojust, EJCN, and EUCTF.

· Strategic Context: The renewed framework is part of the European Commission’s action plan aimed at enhancing the capacity and capabilities of law enforcement authorities in digital investigations.

· Functional Competences: The framework identifies the essential functional competences required by law enforcement authorities to effectively combat cybercrime. It emphasizes the specific skills needed for cybercrime investigations and handling digital evidence, rather than general law enforcement skills.

· Strategic Capacity Building: The framework is intended as a tool for strategic capacity building within law enforcement and judicial institutions. It aims to enhance the competencies that are crucial for the effective handling of cybercrime cases.

· Role Descriptions: Detailed descriptions of the main functions and skill sets for various roles are provided throughout the framework. These roles include heads of cybercrime units, team leaders, general criminal investigators, cybercrime analysts, and specialized experts among others. Each role is tailored to address specific aspects of cybercrime and digital evidence handling.

· Skill Sets and Levels: The framework outlines specific skill sets required for each role and the desired levels of proficiency. These skill sets include digital forensics, network investigation, programming, and cybercrime legislation, among others. The framework emphasizes the importance of having tailored skills that are directly applicable to the challenges of cybercrime.

D. Market Insights. Simple Solutions Are Just Too Cheap, Spending More is Always Better

Message brokers are essential components in modern distributed systems, enabling seamless communication between applications, services, and devices. They act as intermediaries that validate, store, route, and deliver messages, ensuring reliable and efficient data exchange across diverse platforms and programming languages. This functionality is crucial for maintaining the decoupling of processes and services, which enhances system scalability, performance, and fault tolerance.

Major players in this market include Kinesis, Cisco IoT, Solace, RabbitMQ, Apache Kafka, ApacheMQ, IBM MQ, Microsoft Azure Service Bus, and Google Cloud IoT, each offering unique capabilities and serving a wide range of industries from financial services to healthcare and smart cities.

· Market Share: The percentage each broker holds in the queueing, messaging, and processing category.

· Number of Users: The total number of companies or devices using the broker.

· Corporate Users: The number of enterprise customers using the broker.

· Revenue Distribution: The distribution of companies using the broker based on their revenue.

· Geographical Coverage: The percentage of users based in different regions.

E. Cybersecurity & Antarctica

In April, the U.S. National Science Foundation (NSF) announced that it would not support any new field research this season due to delays in upgrading the McMurdo Station. The NSF and the U.S. Coast Guard also announced cuts that will jeopardize the U.S.'s scientific and geopolitical interests in the region for decades to come. Specifically, in April, the NSF announced that it would not renew the lease of one of its two Antarctic research vessels, the Laurence M. Gould. Prior to this, in October 2023, the NSF announced that it would operate only one research vessel in the coming decades.

Additionally, in March, the U.S. Coast Guard announced that it needed to "reassess baseline metrics" for its long-delayed Polar Security Cutter program, a vital program for U.S. national interests at both poles. Decisions made today will have serious consequences for U.S. activities in Antarctica well beyond 2050.

The State Department has refrained from announcing U.S. foreign policy interests in the Antarctic region, and the White House appears satisfied with an outdated and inconsistent national strategy for Antarctica from the last century. The U.S. Congress has also not responded to scientists' calls.

As a result, on April 1, the NSF's Office of Polar Programs announced that it is putting new fieldwork proposals on hold for the next two seasons and will not be soliciting new fieldwork proposals in Antarctica.

Ships capable of operating in polar seas are becoming increasingly in demand and difficult to build. Facing significant challenges in the ice-class ship and vessel project, the U.S. Coast Guard announced in March that it would "shift baseline timelines" for developing new icebreaker projects.

The outcome of these seemingly independent decisions will be a reduction in the U.S. physical presence in Antarctica. This will have negative consequences not only for American scientists but also for U.S. geopolitics in the region, especially considering Russia's total superiority in icebreaker vessels and China's catching up.

The U.S. has missed the most important aspects: adequate and regular funding for Antarctic scientific research, a new national strategy for Antarctica (the current strategy was published in June 1994), and lawmakers' understanding of the importance of U.S. interests and decisions in Antarctica. The inability to fund the operational and logistical support necessary for U.S. scientific research and geopolitical influence effectively means the dominance of Russia and China in the Antarctic region, as no other country, including traditional Antarctic stakeholders like Chile, Australia, and Sweden, can surpass the existing and growing scientific potential of Russia and China.

F. Humanoid Robot

Humanoid robots are advanced machines designed to mimic human form and behavior, equipped with articulated limbs, advanced sensors, and often the ability to interact socially. These robots are increasingly being utilized across various sectors, including healthcare, education, industry, and services, due to their adaptability to human environments and their ability to perform tasks that require human-like dexterity and interaction.

In healthcare, humanoid robots assist with clinical tasks, provide emotional support, and aid in-patient rehabilitation. In education, they serve as interactive companions and personal tutors, enhancing learning experiences and promoting social integration for children with special needs. The industrial sector benefits from humanoid robots through automation of repetitive and hazardous tasks, improving efficiency and safety. Additionally, in service industries, these robots handle customer assistance, guide visitors, and perform maintenance tasks, showcasing their versatility and potential to transform various aspects of daily life.

1) Market Forecasts for Humanoid Robots

The humanoid robot market is poised for substantial growth, with projections indicating a multi-billion-dollar market by 2035. Key drivers include advancements in AI, cost reductions, and increasing demand for automation in hazardous and manufacturing roles.

· Goldman Sachs Report (January 2024):

o Total Addressable Market (TAM): The TAM for humanoid robots is expected to reach $38 billion by 2035, up from an initial forecast of $6 billion. This increase is driven by a fourfold rise in shipment estimates to 1.4 million units.

o Shipment Estimates: The base case scenario predicts a 53% compound annual growth rate (CAGR) from 2025 to 2035, with shipments reaching 1.4 million units by 2035. The bull case scenario anticipates shipments hitting 1 million units by 2031, four years ahead of previous expectations.

o Cost Reductions: The Bill of Materials (BOM) cost for high-spec robots has decreased by 40% to $150,000 per unit in 2023, down from $250,000 the previous year, due to cheaper components and a broader domestic supply chain.

· Data Bridge Market Research: The global humanoid robot market is expected to grow from $2.46 billion in 2023 to $55.80 billion by 2031, with a CAGR of 48.5% during the forecast period.

· SkyQuestt: The market is projected to grow from $1.48 billion in 2019 to $34.96 billion by 2031, with a CAGR of 42.1%.

· GlobeNewswire: The global market for humanoid robots, valued at approximately $1.3 billion in 2022, is anticipated to expand to $6.3 billion by 2030, with a CAGR of 22.3%.

· The Business Research Company: The market is expected to grow from $2.44 billion in 2023 to $3.7 billion in 2024, with a CAGR of 51.6%. By 2028, the market is projected to reach $19.69 billion, with a CAGR of 51.9%.

· Grand View Research: Market Size: The global humanoid robot market was estimated at $1.11 billion in 2022 and is expected to grow at a CAGR of 21.1% from 2023 to 2030.

· Goldman Sachs (February 2024): In a blue-sky scenario, the market could reach up to $154 billion by 2035, comparable to the global electric vehicle market and one-third of the global smartphone market as of 2021.

· Macquarie Research: Under a neutral assumption, the global humanoid robot market is expected to reach $107.1 billion by 2035, with a CAGR of 71% from 2025 to 2035.