INSUBCONTINENT EXCLUSIVE:
Xage, the company that wants to help make infrastructure more secure using the blockchain, announced a new policy manager tool to help
protect utilities and other critical infrastructure from hackers and automate regulatory compliance.
Xage CEO Duncan Greatwood says the
product is partly to fill in a need in the product portfolio, but also is designed to help customers comply with a new wave of regulations
coming out of the Department of Homeland Security designed to protect the electricity grid from hacking, particularly from a hostile
nation-state.
Greatwood says the government previously was only worried about the core network assets, but over time, it has become clear
that hackers have been looking to attack technology on the edge of the utilities network like substations and local control centers, even as
granular as sensors and voltage controllers.
The New York Times reported earlier this year that Russian hackers had been targeting the
United States electrical grid, which is a big reason DHS has been pushing the utilities to upgrade the way they handle password rotation
and control remote access, among other things.
This is a big scale problem because you could be talking about a single utility having
between 10,000 and 20,000 substations with each of those having hundreds of components inside them
With the new DHS regulations going into effect next year, companies have to start thinking about how to implement them now.
Between now and
the end of next year, utilities are going to have to have a way of automating that system,& Greatwood explained
Xage provides way to set policy to comply with the new set of United States government regulations, and then enforce it on the blockchain,
ensuring that it hasn''t been tampered with.
Xage Policy Manager
Screenshot: Xage
Part of the problem is that end users have devices like laptops, tablets and smartphones, that they are using to access the
Xage policy management tool can provide clear definitions of who can access the system on what device, helping to block out hackers.
Part of
our data policy management is to define rules around who is allowed to get access and from what machines
Not all laptops will be allowed onto network,& he said
It will require an approved MAC address with an approved fingerprint and a certificate installed from an appropriate department to ensure it
is the machine it purports to be.
The blockchain helps ensure that if (or when) a bad actor does penetrate the system, they won''t be able
to move freely throughout the network
&If something does go wrong, then it is localized
If you have a bad acting node in the blockchain, it detected and you can lock down that sector
It makes it much more difficult to spread the software across entire grid or region,& he said.
