Recent cyberattacks exemplify the need for continuous vigilance in cybersecurity, especially amongst critical infrastructure. With cyber-attacks commonplace in schools, hospitals, and local municipalities, government industries such as defense have an even greater need for effective cybersecurity. The way forward is blockchain-backed zero trust, where granular security policies are defined and enforced, ensuring that all interactions are authenticated and authorized for every user, application, and machine.
Xage Security, the first and only zero trust real-world security company, recently announced that they have been awarded a contract by the Air Force Research Lab (AFPR) to digitize and secure flightline maintenance operations. I recently spoke with CEO Duncan Greatwood and Kip Gerling. Sr Director Business Development at Xage Security to find out more.
The challenge of airforce security
The AFRL leads the discovery, development, and delivery of warfighting technologies for US air, space, and cyberspace forces. Aircraft fleets require routine service and repairs on the flightline (the airfield area where aircraft are loaded, offloaded, and serviced, including the parking areas and maintenance hangers).
The digitization of flightline operations necessitates secure data sharing to optimize situational awareness across multiple maintenance and logistics squadrons. Doing so enables leadership to streamline processes and make informed fleet readiness decisions. Therefore, it’s crucial that data is accurately captured, kept confidential, and tightly controlled at home and abroad. As part of this project to digitally transform flightline operations, fleet data from multiple sources will be securely aggregated, warehoused, and analyzed – enabling synchronized operation, critical decision support and reporting, and the acceleration of the fleet’s mission readiness.
“The maintenance of aircraft, military aircraft today tends to be a pretty manual process. So there’s a lot of paper attached to clipboards. Even some of the pieces that are really well digitized often have substantial manual aspects. There’s a lot of data collected on the aircraft itself when it flies, and the way that that data is commonly extracted is that somebody takes a portable drive, walks into the cockpit, and downloads the data, and plugs the USB in, and then walks from the cockpit into the maintenance hangar, and plugs into the application server and uploads that performance data into the server.
We are replacing manual workflows with what we sometimes call the Internet of Airfield Things. The copy sensors, the maintenance equipment sensors, the sensors that handle the technicians, and the apps can converge and communicate fully digital fashion. The workflow part comes because we’re moving all those paper checklists into typically to an iPad app that people can use directly.“
Zero trust defense using blockchain protection
Inherent to Xage’s security solution is zero trust, where network defenses focus on restricted access controls to networks, applications, and the environment. Zero Trust assumes a network has been compromised and challenges users and devices to authenticate their identity even if they are already within the network perimeter. Zero Trust also provides the ability to limit a user’s access once inside the network, preventing an attacker who has accessed a network from enjoying lateral freedom throughout the network’s applications. Xage’s approach utilizes identities to secure the environment, granting authorization solely to a limited set of defined interactions. This blocks hackers from launching attacks via a network zone or other broad access permissions. Pivotal to Xage’s success is blockchain tech.
In 2017, Xage Security introduced the first and only blockchain-protected security fabric for industrial operations, a decentralized fabric that secures every device, application, and human connecting to an IIoT, from the core to the edge. Since then, Xage has built on its platform to develop the first tamperproof system and the first universal access control for all industrial operations and devices. This hierarchical system enables multiple simultaneous updates across the fabric, regardless of location or connectivity – and is a world-first for blockchain-protected security.
Xage’s Dynamic Data Security solution is uniquely suited to handle the cybersecurity needs of the USAF flightline. Powered by the Xage Fabric, operational data is digitally hashed, signed, and encrypted at the source. It also enforces data control at a granular level across all flightline participants, devices and applications. It protects and replicates policies across the flightline. Authorized entities can publish or consume data as needed.
Secure data traversal capability
Duncan explain’s Xage’s Zero Trust Remote Access technology:
“Imagine the layers of transmission, we map each hop across the layers through multihop traversal. Traditionally, you’d only be able to do that traversal through tunneling a hotspot or punching a bunch of holes through firewalls. So, there are several layers of security between the maintenance facilities and the outside. We use a kind of security vessel we conveniently get data from the aircraft into the applications in the hangar and vice versa.
The second part is leveraging our data security. We intercept data right where it is produced, digitally signing, encrypting that data before we move it on. The signature and encryption guarantee the authenticity of the data, and we can keep it confidential as well.“
Data authenticity is critical to prevent cyber hacks. Duncan recalls, “One of the reasons Stuxnet was successful was because hackers used fake data to make it look as though everything was okay until it was too late. So being able to prove authenticity right at the point of the sensors is a huge deal. And then on the application side, the applications need to check that authenticity.“
Confidentiality is equally important as data can be shared with Air Force personnel, equipment vendors, other service branches, and allies. “So with our fabric, we’re we’re able to control data access strictly.”
Further, airforce staff no longer need to spend a considerable chunk of maintenance time compiling reports. Duncan details that these typically include, “How much of the fleet is available right now? How much requires additional maintenance is going to keep it offline? What is causing delays to readiness in the aircraft? Is there a systemic problem that we see over and over again? Or is it a one off?”
Blockchain facilitates tamperproof records
Airforce staff can make quick adjustments with a granular record of the time and maker repairs stored in a tamperproof ledger. The multi-node nature of the defense means that even if one or two nodes were compromised, it doesn’t matter as attackers cannot gain entry. This creates a strong defense against machine-driven attacks as “Each machine has the least amount of access that it needs for the least amount of time that it needs it and it becomes much, much harder to attack at all in that situation. And even if one is implemented successfully, the effect of it tends to be massively more limited. You can’t take control of one automation controller then jump from that one automation control onto 20 other automation controls because Xage knows that’s there’s no reason to go access those other controllers and that there’s no policy authorizing that action.”
Xage is well established in providing security solutions across IIoT and the energy sector. They’ve also received a Phase 2 Air Force award to help protect the US Space Command. The heart of the project is preparing the Space Force for their upcoming challenges in distributed security and distributed coordination between different systems. Cybersecurity threats are increasingly common. Blockchain technology provides a real-world solution.