Xage Lands DOE Contract to Bring Zero Trust Principles to Emergency Responders
Natural disasters such as extreme weather conditions can have a major disruptive effect on electricity supply. Power utilities are forced into emergency response status, which normally requires every available engineer from both in-house and third parties being called upon to find and fix the problems.
This, however, creates an additional cybersecurity risk.
“Getting the grid back online,” explains Duncan Greatwood, CEO of Xage, “generally requires triage work to be done at the power station, at any solar or wind stations, at substations both large and small and on the transmission lines to find and fix the problems. To do this as quickly as possible, utilities typically bring in crews from out of state.” The challenge then becomes one of providing rapid but secure access to the grid’s control systems for relative strangers.
“This is a significant cyber security issue,” continued Greatwood, “because these people have no access account with the utility they seek to help. But their access is only required for a few weeks, and needs to be removed when they leave.” It’s an extreme example of identity and access management issues that requires both instant secure provisioning and instant and complete de-provisioning on demand.
Learn More at SecurityWeek’s ICS Cyber Security Conference
Recognizing these issues, the Department of Energy has contracted with Xage, a zero-trust access provider, to expand its existing Xage Fabric application to provide secure and controlled access to emergency responders. The choice of a zero-trust solution does not appear to be a response to Biden’s Executive Order that mandated federal agencies to move toward zero trust, but more a response to the widespread and growing belief that zero trust provides effective and efficient security.
The concern in this case is not specifically that there might be bad eggs among the external engineers – although that is always a possibility – but that unknown and untrusted devices brought by the engineers are connecting to the network. Stuxnet in Iran remains the iconic example of this threat. Here, an engineer unknowingly transferred the Stuxnet malware from his own compromised device to the Iranian nuclear facility’s operational technology (OT).
This same attack methodology continues today. “One of the most common ways that individual components within the grid have been hacked over the last few years,” Greatwood told SecurityWeek, “has been through undetected malware on technicians’ laptops.” Today, malware on an engineer’s device could ultimately lead to a ransomware attack. Zero trust principles can mitigate this by limiting access to very precise parts of the network, preventing any attacker or malware spreading across wider parts of the network.
“Part of what Xage is doing is to provide a much harder barrier between the technician’s equipment and the grid equipment. For the technician, we front everything with a web portal that prevents any malware jumping onto the grid itself.” For the technician, only granular access is provided, limiting that user to just the areas he or she needs to access, with natural deprovisioning when the required access completes. “You don’t get this long tail of people holding on to VPN access long after it is necessary. What we are providing is rapid secure provisioning, granular access management for the duration, and rapid de-provisioning on completion.”
Providing a zero-trust access system goes beyond just provisioning and deprovisioning contingency workers. Just as hackers are aware that the operational pressures within healthcare can lead to a weakened security hygiene, so too does the urgency of reconfiguring a damaged utility often introduce new weaknesses. Hackers are aware of this, and utility downtime can act as a honeypot for attackers looking for any new weaknesses. This is particularly relevant with the growth of new and smaller solar and wind power farms, which are less regulated and consequently less inherently secure than the big power stations.
The zero trust regime acts as a counterbalance to this additional threat.
“Using the Xage Fabric to control access is a well-established use case for Xage,” explained Greatwood. “It controls every digital interaction, whether it is machine to machine or human to machine, and asks the question, ‘is that authorized or permitted or legitimate?’. If it isn’t, we block it. What we’re doing with this contract is tying our Fabric more closely into the tools that the contingency responders are using, so that we can better synchronize information about the workers and the devices they use with the areas of the grid they are working on – and bundling it all together to bring zero trust principles to bear, including time-based de-provisioning.
“We are working closely with one of the biggest power equipment companies as part of this project, and as we roll things out to our customers next year, we will be ready for the 2022 storm season.”
Related: Zero Trust, We Must