Chamara Bulathsinhala

    October 18, 2022

    Cyber attack: First comes the scout, and then the killers

    AI is the engine that will be driving Systematic’s cybersecurity concept. And if Chamara Bulathsinhala has his way, hopefully without any checklists. The architecture behind the concept rests on virtuous AI and a top-tested concept.

    (Written in cooperation with Version2)

    We start with a confession from Systematic’s security expert Chamara Bulathsinhala.

    “Checklist is a word that I have problems with. It is old-fashioned,” he says, without feeling abashed in any way.

    “Checklists are for accountants.” Are you doing this – are you living up to that? “They identify any non-conformities, and off they go, with customers sometimes feeling slightly lost and left behind. Instead of asking what are we going to do from here? And how do we move on? This is where we come into the picture with our ‘digital first approach’ within cybersecurity. Because where the vulnerabilities are, that’s where the fire will start.”

    Chamara is fine-tuning and working with Systematic’s cybersecurity concept. It’s a concept that will potentially be rolled out across several industries operating within the field of critical infrastructure.

    The concept replaces the classic checklist with AI as a way of preventing attacks. In other words, the digital logic breathes life into the ‘kill chain’, which is the machine that handles the cyber threats.


    Kill Chain, Shift Left on Security and Defense in Depth

    Systematic’s kill chain approach is designed to destroy external threats. The principle behind a kill chain is that the countermoves are different depending on when a threat is discovered in the chain. The earlier the threat is discovered, the less damaging it is, and the easier it is to destroy the enemy, but the hackers are also smart.

    “It always starts with a scout trying to find the gaps in the software’s line of defence. This is how the vast majority of attacks happen. However, the cleverest hackers use methods which we don’t know about. They’re good at developing new ways of attacking,” says Chamara Bulathsinhala.

    “We can see that the attacks are becoming more sophisticated, and the way in which the attacks are being levelled at us is changing. Much security is based on static rules which are several steps behind. They are derived from our knowledge about past attacks. What we want to do is spot the new patterns of attack as early as possible.”

    “Our AI Intrusion detection system monitors logs that find the abnormal events. However, we must remember that our adversaries also have AI that is knocking on the door and wanting to get in,” says Chamara.

    The AI looks at the logs which register traffic, patterns and threats in the data flow. A logic that is built into Systematic’s security concept, where security is a factor in all parts of the business.

    “We conduct checks right down to app level, again by looking at the traffic. We get right into the code strings and way down into the bits and bytes when looking at security. We establish whether the packages are real, or whether a hacker is at work. Our AI and machine learning look for anomalies and patterns that don’t fit in,” says Chamara Bulathsinhala.

    Highest Michelin star within software solutions

    Systematic is a certified CMMI5 supplier, which is the highest maturity level within software development processing. It gives the company access to developing security for critical sectors such as the police, the utilities, hospitals etc. In addition, Systematic is also certified according to the ISO 27001+2 standard for information security management.

    “Our development team always starts by building the security elements. The classic approach is to develop the app, and then look at the security. This is expensive, and you’re likely to end up with a flawed solution. At Systematic, security is integrated from the outset. For example, we use the web app scanner OWASP ZAP and other tools to check security if necessary,” says Chamara Bulathsinhala, and goes on:

    “The certification dictates that everyone works in the same way and based on strong internal guidelines. Our particular methodology supports international security standards. I.e when and how we test components and security. We are continually improving our processes, and never rest on our laurels. It’s like getting a Michelin star. Once you have it, you need to work hard to hold onto it.”


    Digital First

    The approach is customer-centric, and at the same time the customer’s product is a 100% digital solution. With digital first, you keep an eye on the various technologies and use them to lift your ambitions and wishes within the company.


    Defense in Depth

    Defense in Depth (DiD) is a strategy that involves using several redundant security methods to protect the information integrity. If a line of defence is broken, several alternative measures ensure that threats do not make inroads.


    Shift Left

    This involves testing as early as possible in the software’s lifecycle in order to catch errors before they develop into even bigger problems. Shift left refers to a timeline where you shift the test to the left so that it happens earlier in the process. Part of the mantra “Test early and often”.


    Kill Chain

    ‘Kill chain’ is a military concept that identifies the structure of an attack. It comprises: identification of target, dispatching of forces to target, initiation of attack on target, and finally destruction of target. Conversely, the idea of ‘breaking’ an opponent’s kill chain is a method of defence or pre-emptive action.