Xage, the company that wants to help make infrastructure more secure using the blockchain, announced a new policy manager tool to help protect utilities and other critical infrastructure from hackers and automate regulatory compliance.
Xage CEO Duncan Greatwood says the product is partly to fill in a need in the product portfolio, but also is designed to help customers comply with a new wave of regulations coming out of the Department of Homeland Security designed to protect the electricity grid from hacking, particularly from a hostile nation-state.
Greatwood says the government previously was only worried about the core network assets, but over time, it has become clear that hackers have been looking to attack technology on the edge of the utilities network like substations and local control centers, even as granular as sensors and voltage controllers.
The New York Times reported earlier this year that Russian hackers had been targeting the U.S. electrical grid, which is a big reason DHS has been pushing the utilities to upgrade the way they handle password rotation and control remote access, among other things.
This is a big scale problem because you could be talking about a single utility having between 10,000 and 20,000 substations with each of those having hundreds of components inside them. With the new DHS regulations going into effect next year, companies have to start thinking about how to implement them now.
“Between now and the end of next year, utilities are going to have to have a way of automating that system,” Greatwood explained. Xage provides way to set policy to comply with the new set of U.S. government regulations, and then enforce it on the blockchain, ensuring that it hasn’t been tampered with.
Xage Policy Manager. Screenshot: Xage
Part of the problem is that end users have devices like laptops, tablets and smartphones, that they are using to access the network. Xage’s policy management tool can provide clear definitions of who can access the system on what device, helping to block out hackers.
“Part of our data policy management is to define rules around who is allowed to get access and from what machines. Not all laptops will be allowed onto network,” he said. It will require an approved MAC address with an approved fingerprint and a certificate installed from an appropriate department to ensure it is the machine it purports to be.
The blockchain helps ensure that if (or when) a bad actor does penetrate the system, they won’t be able to move freely throughout the network. “If something does go wrong, then it is localized. If you have a bad acting node in the blockchain, it’s detected and you can lock down that sector. It makes it much more difficult to spread the software across entire grid or region,” he said.