The Department of Energy wants to test how blockchain might secure the national power grid as it becomes increasingly distributed and the edges of networks become more vulnerable to cyberattacks.
On June 11, DOE awarded Xage Security a Small Business Innovation Research grant to build a blockchain-based security “fabric” in six months for comparison with other approaches.
Traditional network security is focused on protecting bulk electrical systems like power stations and high-voltage power lines at the expense of peripheral assets, Duncan Greatwood, CEO at Xage, told FedScoop. But those outer layers of infrastructure are important, he said.
“The edge is just as vulnerable and strategic as the center,” Greatwood said. If, say, Russian hackers breach the edge, they can quickly begin to compromise data and propagate attacks to different control systems.
The Xage announcement comes as reports last month said at least one U.S. utility had faced a malicious “cyber event” in March, but it was unclear where the hack originated. Security researchers told CyberScoop in June that one of the groups targeting Saudi companies appears to have expanded its operations to U.S. electrical utilities. The Department of Homeland Security, meanwhile, has increased its outreach to industry about potential attacks on industrial control systems.
Xage’s blockchain operates differently from public cryptographic mining or cryptocurrency, in that access is permission-based.
The fabric consists of nodes — software running on local network switches or computers — that communicate with each other in a chain. Each node has a copy of the network’s security policy defining who can access what, and the more nodes, the stronger the system.
If a utility technician attempts to access an automation control application driving the switching decisions that a substation is making, the nodes will vote among themselves — each making an independent determination whether that person is authorized.
“Only if enough of them say, ‘Yes,’ to that question will a person be allowed to access that device,” Greatwood said.
While a simple majority is easiest to program, sometimes less than 50 percent approval is ideal — like when a power outage renders some nodes unable to vote. In other cases, a supermajority would be needed because an energy customer and supplier both control access to a resource and require approval.
A permission-based blockchain also protects against 51 percent attacks, where hackers gain control of the majority of central processing unit power in a network to rewrite the consensus protocol. That’s because, unless the policy allows more nodes to join the fabric, hackers can’t add more to gain a majority, Greatwood said.
Electrical utilities can have hundreds of locations to secure, and DOE wants to see if Xage’s solution could be an option for them.
“Greater opportunities to enhance science and technology research and development strengthen the economic security for our entire country,” said Energy Secretary Rick Perry in a statement.
The DOE demonstration will hardly be the first of its kind, Greatwood said. Xage is already working with GE Renewable Energy on securing windfarms and with oil company Saudi Aramco, which is “probably the most highly targeted from a hacking perspective,” he said.
“We are deploying similar kinds of projects today,” Greatwood said.