Digital transformation and the convergence of IT and OT in the industrial space have resulted in considerable challenges in securing infrastructures. This includes power grids, nuclear power plants, oil rigs, Supervisory Control and Data Acquisition (SCADA) systems, and machinery in factories and locations that traditionally have enjoyed security by obscurity.
While IoT provides critical data insights, it also means systems are vulnerable to cyberattacks, and network-level protection is not enough. Working with data brings significant challenges, from data generation, transportation, and storage to controlling data access, analytics, and sharing amongst multiple parties. To deal with these challenges, organizations need new tools, processes, and cybersecurity architectures.
In response, Xage Security uniquely addresses IIoT security with a decentralized fabric that secures every device, application, and human connecting to an IIoT, from the core to the edge. Xage’s clients include utility companies and the US airforce. The key to their solution is blockchain technology. I spoke to CEO Duncan Greenwood to find out more.
Legacy Equipment and Cybersecurity Woes
He explained that traditional industrial locations had lacked meaningful security in the past. “They really just relied on high-security networks, and there are tons of machines that have no passwords or rely on plain text protocols. The hardcore perimeter approaches of the past are starting to break down.” Many of these products include older legacy devices such as machines that were never embedded with security mechanisms. As Duncan notes
“When those systems were designed it wasn’t envisioned that they’d either be sharing so to the extent that they are today. All that the level of threat was just nothing like what it is today. So and it’s a huge part of Xage to protect those quote legacy systems.”
The Genesis of Blockchain Protected Security in IIoT
In 2017, Xage Security introduced the first and only blockchain-protected Security Fabric for industrial operations. Since then, Xage has built on its platform to develop the first tamperproof system and the first universal access control for all industrial operations and devices. This hierarchical system enables multiple simultaneous updates across the Fabric, regardless of location or connectivity––and is a world-first for blockchain-protected security. As Duncan detailed:
“We developed a security fabric that we drop into industrial operations. Multiple software nodes are scattered around the operation. And the nodes communicate with each other to help protect each other. For example, if we’re holding a password for a sensor, we’ll take that password and scatter it around the nodes so that even if an attacker successfully compromised a node, they can’t steal the password or steal a set a password. They’d have to compromise the majority of the nodes simultaneously, which is fantastically more difficult to do.”
Last year Xage introduced the Xage Enforcement Point (XEP). “It’s really there to provide security for those devices and machines that have no security of their own. XEP sits as a filter in front of those machines and takes its instructions from the rest of the Fabric. So if somebody tries to access one of those machines with the XEP in front of it, the XEP will check that the Fabric — is this person authenticated corrected, so they’ve logged? And are they authorized to access the system?” Thus, it creates effectively a single sign on with curated access to all of the systems by both humans and M2M applications.
While implementing their new offering across various verticals, Xage discovered a new under-resourced challenge. Duncan explains, “We wanted to move from not just protecting machines, but having sophisticated protection for the data that machines produce.”
Xage recently unveiled Dynamic Data Security. This new offering enforces tamperproof data security, enabling secure and dynamic data sharing between multiple systems, multiple locations, and multiple parties. The DDS system can also support data hashing, signing, and encrypting from the data source. Additionally, it also stores security metadata in the Xage Fabric. Using this system also means safe data replicating across Fabric and all other places the data may be consumed.
Organizations can ensure data security from the site of operation to the cloud, across suppliers, customers, and internal operations––creating new opportunities for revenue, sustainability, operational efficiency, ecosystem cooperation, and technological innovation.
Blockchain Means Data Integrity for p2p Energy Trading
A great use case is a development of a transitive energy system in energy trading that would allow adjacent buildings to communicate and sell energy to each other. While P2P energy trading has been successfully trialed, it has multiple challenges as Duncan explains:
“Is the voltmeter real? How’s it been calibrated, and do we know the integrity of the calibration? Do we know that the pitches coming from it are the same as those actually produced, or did somebody just make them up? So there’s that sort of machine-level integrity, all the way to did this building really agree to trade with that building? Or did someone invent the order? And if it was a real transaction, did the physics behind it actually take place — did it deliver to that transaction?
So it’s a kind of multi-layer integrity problem. And it turns out that that’s the physical machine to business process integrity is a very common pattern across multiple industries situations. It’s very apparent in transactive energy examples, but also evident in oil and gas and supply chain applications.”
Critical to digital transformation is the redefinition of operational processes and business relationships around data. People have done industrial security in the past by isolating. Now are opening up that space to encompass partners, customers, and suppliers — “A logistics customer building warehouses might have thousands of participants involved in accessing data. People need granular control down to the level of individual machines and individual data streams so that sharing, multi-location, and real-time multi-party cooperation can be safely enabled.”.
Xage builds on the company’s original security fabric for identity and access management to cover data and data streams. Every producer of data gets to choose who can consume the data.
Low Latency Data Processing
I was interested to see how Xage’s DDS worked in terms of latency, given that the solution is designed to enable data processing in multiple places. Duncan explained:
“The local production system at a typical factory might have 15 milliseconds latency budget. The actual authentication actions are very, very fast to do like less than a tenth of a millisecond. So we can actually enable the authentication has to be done locally on the factory floor. You can have one layer of the Fabric on the factory floor. And then another layer at the edge, and another at the cloud.
However, the Fabric on the factory floor can be 100% autonomous, so it can take every single decision that needs to take in real-time. And then at its leisure, it will playback those decisions through the broader Fabric of our higher layers. So if a decision is taken locally, based on local voting, and if it turns out later that that was a false decision, maybe somebody compromised your systems locally, and then that will be detected by the higher layers, and the transactions that were connected in the lower layers will be reversed and replaced with new values. So that hierarchical support enables very low latency applications to make decisions locally when that’s required.”