The US Department of Homeland Security (DHS) has alleged that Russian hackers, working for a state-owned group previously identified as Dragonfly or Energetic Bear, have breached the control rooms of hundreds of electric utilities in the country.
This is driving signficant interest in blockchain and distributed ledger technology for the Industrial Internet of Things. Silicon Valley-based blockchain specialist Xage Security has raised $12m from investors including General Electric to further develop a blockchain-protected security fabric that uses multi-factor authentication and frequently rotates credentials to provide a tamperproof record of access control.
As a result of the hacking the North American Electric Reliability Corporation (NERC), the body charged with ensuring the reliability and security of the electrical grid, has extended their NERC-CIP-003 standard to reaffirm the need for role-based access control in the field, such as changing default device passwords, enforcing password complexity, and rotating passwords.
The hackers gained access to the utilities’ SCADA networks, which were supposedly ‘air gapped’ or securely isolated, by first compromising the networks of thousands of vendors and suppliers that had special access to the utilities’ systems to remotely complete service tasks, such as updating software and running diagnostics. These SCADA networks control the bulk electric power system and, if compromised, could potentially result in power disruptions or blackouts.
The hackers used conventional means, such as spear-phishing emails, to collect employee passwords and gain access to vendor networks, the majority of which lacked sufficient cybersecurity protections.
Xage points to the use of a distributed secure ledger to secure critical access control and proactively protect against these credential leakage attacks throughout the information chain.
This ensures that access logs and stolen credentials cannot be utilized or concealed by malicious actors. Xage’s systemic tamperproofing furthermore includes fingerprinting technology, which detects unauthorized changes and isolates compromised devices to prevent contagion from spreading.