Xage introduces fingerprinting to protect industrial IoT devices

As old-school industries like oil and gas increasingly network entities like oil platforms, they become more vulnerable to hacking attacks
that were impossible when they were stand-alone
That requires a new approach to security and Xage (pronounced Zage), a security startup that launched last year thinks it has the answer
with a concept called ‘fingerprinting’ combined with the blockchain.“Each individual fingerprint tries to reflect as much information
as possible about a device or controller,” Duncan Greatwood, Xage’s CEO explained
They do this by storing configuration data from each device and controller on the network
That includes the hardware type, the software that’s installed on it, the CPU ID, the storage ID and so forth.If someone were to try to
inject malware into one of these controllers, the fingerprint identification would notice a change and shut it down until human technicians
could figure out if it’s a legitimate change or not.Whither blockchainYou may be wondering where the blockchain comes into this, but
imagine a honey pot of these fingerprints were stored in a conventional database
If that database were compromised, it would mean hackers could have access to a company’s entire store of fingerprints, completely
neutering that idea
That’s where the blockchain comes in.Greatwood says it serves multiple purposes to prevent such a scenario from happening
For starters, it takes away that centralized honey pot
It also provides a means of authentication making it impossible to insert a fake fingerprint without explicit permission to do so.But he
says that Xage takes one more precaution unrelated to the blockchain to allow for legitimate updates to the controller
“We have a digital replica (twin) of the system we keep in the cloud, so if someone is changing the software or plans to change it on a
device or controller, we will pre-calculate what the new fingerprint will be before we update the controller,” he said
That will allow them to understand when there is a sanctioned update happening and not an external threat agent trying to mimic one.Checks
and balancesIn this way they check the validity of every fingerprint and have checks and balances every step of the way
If the updated fingerprint matches the cloud replica, they can be reasonably assured that it’s authentic
If it doesn’t, he says they assume the fingerprint might have been hacked and shut it down for further investigation by the customer.While
this sounds like a complex way of protecting this infrastructure, Greatwood points out that these devices and controllers tend to be fairly
simple in terms of their configuration, not like the complexities involved in managing security on a network of workstations with many
possible access points for hackers.The irony here is that these companies are networking their devices to simplify maintenance, but in doing
so they have created a new set of issues
“It’s a very interesting problem
They are adopting IoT, so they don’t have to do [so many] truck rolls
They want that network capability, but then the risk of hacking is greater because it only takes one hack to get access to thousands of
controllers,” he explained.In case you are thinking they may be overstating the actual problem of oil rigs and other industrial targets
getting hacked, a Department of Homeland Security report released in March suggests that the energy sector has been an area of interest for
nation-state hackers in recent years.