Peter Sandkuijl, a resident of The Netherlands, is a senior security specialist who has operated in the security market for over 25 years. He started his career at a local Check Point distributor, where he served as a technical product manager. In 2000, Check Point started a Benelux office, where Sandkuijl started as the Technical Manager Benelux. Later, as the region expanded, his job title changed to that of SE Manager Northern Europe. In 2007, a transfer was prepared, where the vast knowledge and experience Peter possesses could be put to good use; his role became EMEA SE High-End Solutions. In this capacity, he acted in an overlay position to serve the entire EMEA area with proactive information, development of training and workshops and visits to projects and customers. Starting in April of 2011, Sandkuijl was promoted as the Head of Network Security solutions, EMEA, heading up the team of EMEA SEs. Themes were developing technologies and solutions and market areas of interest, such as virtualization and digital transformation. As of October 2019, Peter was appointed to lead the entirety of the SE organization in EMEA. He is now VP Sales Engineering, EMEA.
Last month, the European Commission presented a proposal for the EU Law on Cyber Solidarity, a €billion plan intended to fortify cyber security capabilities across EU member states. In short, the plan would help build a large-scale, comprehensive European cyber defense program. In this interview, Check Point VP of Engineering, EMEA, Peter Sandkuijl, offers expert insight into the benefits and challenges of the proposed law, analyzing its real-world applicability and viability.
In the law, it says that the EU Cyber Solidarity Act will strengthen solidarity at the Union level to better identify serious cyber security incidents and large-scale cybersecurity incidents. It will also help improve preparedness and response measures by creating a European cyber shield and a comprehensive cyber emergency mechanism. From your perspective, what are the best ways of securing EU wide critical infrastructures like the energy grid and/or other connected infrastructures?
Cyber security is finally being recognized as a technology that is integral to our way of life and not simply a matter of IT. That means weaknesses are being researched and if they are crucial weaknesses or risks, they need to be addressed…As the war in Ukraine started and energy became a factor in it, we started realizing where our dependencies are. Most members of the EU realize that even the most elementary provisions, such as energy, are not contained in their countries alone. Even if they were, there are now more dependencies on member states than ever before, rendering member states of great interest in achieving security stability.
My recommendation would be a minimum set of security standards that will be audited and reviewed. This part of the industry (energy sector) is not so much into the very latest technologies, yet they have come to depend on them nevertheless. If the EU plans to better secure critical infrastructures, a lot of work will need to be done. This is not about cyber security alone, as physical attacks that can lead to domino effects should not be excluded from critical infrastructure security considerations.
For rapid and effective detection of major cyber threats, the Commission proposes establishing a ‘European cyber shield’, a pan-European infrastructure consisting of security operations centers (SOCs) across the EU.
From your perspective, what is the best way to staff such SOCs? How should entities manage them? How can they overcome cultural barriers? What would they need to put in place to move fast if a large scale attack threatens the EU infrastructure?
Such as shield is best seen as a starting point, where information sharing is formalized and processes to exchange the information, including rapid alerts, are documented and provided for. This is not new and is supposed to happen on many more levels, such as intelligence services. The past has shown that intelligence sharing is not so easy due to the complexity and sensitivity of the matters at-hand. After all, a cyber event that hits a national grid will be a matter of state security and this is always handled with the greatest caution and secrecy, often for very good reasons.
Staffing will be very tough. The market is overheated and we are short on skilled people as it is. As governments are not the highest paying and running an SOC is a 24*7 operation, this will be a true challenge. Staffing will likely involve finding talent and educating it in a repetitious cycle, since the industry will pick these people up as soon as they are spotted.
The technology of both cyber security and the OT industry supersedes countries and borders. The approach can be quite uniform and established through processes and procedures. Local language translation is common to the industry and no different from how we operate today.
It is also stated that the EU wants to build a new EU cyber security reserve. What could organizations do to act as a reserve? How can they find and retain cyber talent?
Organizations can be a translational layer between information sources; with knowledge of how the specific operation works and with the skills they have around cyber security (for instance). This will be more of a long term project, since the element of “giving back” will at some point also have to address a point that is important to the company providing the resources.
The reserve would act more as a community, with selected members and their participation as altruistic (or at reduced rates). Or the organizational value is derived from being included in policy building, getting more insights and potentially being a reference, which will allow an organization to secure more business in other respects.
For more insights from Check Point VP of Engineering EMEA, Peter Sandkuijl, please see CyberTalk.org’s past coverage. Lastly, please sign up for CyberTalk.org’s weekly newsletter, which delivers thought leadership analyses straight to your inbox each week.
