link1911 link1912 link1913 link1914 link1915 link1916 link1917 link1918 link1919 link1920 link1921 link1922 link1923 link1924 link1925 link1926 link1927 link1928 link1929 link1930 link1931 link1932 link1933 link1934 link1935 link1936 link1937 link1938 link1939 link1940 link1941 link1942 link1943 link1944 link1945 link1946 link1947 link1948 link1949 link1950 link1951 link1952 link1953 link1954 link1955 link1956 link1957 link1958 link1959 link1960 link1961 link1962 link1963 link1964 link1965 link1966 link1967 link1968 link1969 link1970 link1971 link1972 link1973 link1974 link1975 link1976 link1977 link1978 link1979 link1980 link1981 link1982 link1983 link1984 link1985 link1986 link1987 link1988 link1989 link1990 link1991 link1992 link1993 link1994 link1995 link1996 link1997 link1998 link1999 link2000 link2001 link2002 link2003 link2004 link2005 link2006 link2007 link2008 link2009 link2010 link2011 link2012 link2013 link2014 link2015 link2016 link2017 link2018 link2019 link2020 link2021 link2022 link2023 link2024 link2025 link2026 link2027 link2028 link2029 link2030 link2031 link2032 link2033 link2034 link2035 link2036 link2037 link2038 link2039 link2040 link2041 link2042 link2043 link2044 link2045 link2046 link2047 link2048 link2049 link2050 link2051 link2052 link2053 link2054 link2055 link2056 link2057

How the blockchain could fight grid cyber-threats

How the blockchain could fight grid cyber-threats

  

The recent ransomware saga is a potent reminder

of just how vulnerable our information and data is to cyber-threats. But it’s not just our information that’s vulnerable; these threats extend into the physical world of electricity as well. In fact, today’s electrical grid is incredibly insecure against cybersecurity threats; for example, the massive 2015 cyberattack on the Ukranian power grid that left 230,000 people in the dark and the intrinsic level of insecurity presented by smart meters used all over the world. And with billions of energy-using, Internet-connected devices expected to come online over the next decade (PDF), the grid is about to experience a several-orders-of-magnitude increase in the number of vulnerabilities to

cyber-threats.

As … billions of energy-using devices are integrated into the electricity system, malicious actors will see the potential to exploit these systems and attempt to usurp this new reality.

Fortunately, blockchain technology is inherently robust against cyber-threats, and many energy companies are considering how blockchains may bolster the grid’s cybersecurity. This is because blockchains are built for:

  • Tamperproofing data (PDF): 
    Blockchains make it very difficult to change data after it has been written. This eliminates a number of risks, including man-in-the-middle attacks, in which a hacker modifies data that’s en route to its destination. With a proper blockchain implementation, all computation is "hashed" and made tamperproof at the point of origin, so there is no risk of data being modified while in transit.
  • Disintermediation (PDF): 
    With blockchains, intermediaries (escrow corporations) often are no longer necessary, significantly reducing transaction costs.
  • Complete data availability (PDF): 
    Blockchains can store data in a decentralized fashion across many nodes. With this architecture, even if some nodes or servers are compromised, users still can access a complete dataset.
  • Redundancy (PDF): 
    Blockchains operate without a central point of failure, so reliability through redundancy is intrinsic to this architecture.
  • Privacy and control: 
    Users of a blockchain can choose which data to make immutably transparent and which data to keep encrypted so only the intended recipients can view the contents.
  • Outsourcing computation (PDF): 
    Encrypted data can be sent for processing to a third party, without the contents of the data being revealed.

As the world of energy becomes more digitized and decentralized, the need for solid defense against cybersecurity threats increases drastically. When a blockchain is implemented properly, it offers a strong defense against external and internal threats by mitigating internet-connected and data communications vulnerabilities, and increasing data confidentiality and privacy.

Mitigating vulnerabilities

Internet-connected energy-using devices have the most room for improvement when it comes to cybersecurity. Between January and April, the research found that over 2 million Internet of Things (IoT) devices in homes were hacked into and rendered useless (bricked). This attack was to protest manufacturers’ poor cybersecurity policies for the devices, chiefly, thousands of devices set by default to use basic login and authentication credentials (username=user and password=password). In this case, hackers could have been much more malicious than simply bricking devices, but they wanted to prove their point: Unsecured IoT devices are unsafe, and should not be allowed to operate in a real-world environment where people’s lives and property are at risk.

Blockchain technology and those working on making it more usable for everyone are paving the way toward a new user-authentication paradigm. The current system of username/password combinations has been obsolete for many years. A much more secure mode of authentication is that of the public–private key pair (also called public key cryptography), the default in systems such as Bitcoin and Ethereum. As these blockchain implementations become more user-friendly, we will see a natural evolution of all login systems toward this more modern and secure method.

With a properly integrated cryptographic key login system for blockchain-based applications, IoT device owners will bear a significantly reduced risk of loss of power, theft of data and threats to privacy. What's more, integrating pricing and settlement on wholesale electricity markets into a secure blockchain significantly minimizes the risk of false data injection and pricing manipulation. This is largely because of the tamperproof characteristic of blockchains, which ensures immutability of a given dataset or series of communications between transacting parties.

The blockchain is also relevant for addressing data privacy and security issues. As more data is collected and transported over the internet, the risk of data exploitation and breach increases, as evidenced by the release of confidential information from hacks of LinkedIn, Yahoo, Target and other large organizations. Blockchains allow for the encrypted transportation of private data, ensuring that data is readable only by the intended recipient.

Introducing a new risk: Key mismanagement

Blockchains are great at mitigating several cybersecurity risks, but they also introduce a new risk that is often overlooked: key mismanagement. Key management is the secure storage of digital keys in a fashion that prevents unauthorized access — something of significance for distributed energy resources, which eventually will be connected to the web and authenticated mostly through asymmetric cryptography (the method used for all blockchain-based transaction and authentication). Many early adopters of blockchain technology that don’t have a background in IT have lost their private keys, rendering their blockchain assets or devices inaccessible.

However, key management is getting some much-needed attention, and innovators are creating new ways to store and recover private keys securely. One innovative way to tackle this problem is to integrate key pairs in actual, physical devices (think key fobs for your car) and use them to activate devices. This minimizes, or in some implementations renders impossible, the risk of hackers accessing private keys that confirm the identity and authority of a signing entity. Keys that exist on a personal device enforce secure signing on, for example, an energy-using internet-connected device (an electric vehicle). For a malicious actor, if all signing must be on a device, then the physical device must be compromised in a way that allows a hacker to remotely execute commands on the device instead of just reading data, which is much more difficult for the hacker and therefore a more secure implementation.

As digitized and distributed systems in energy become more common and billions of energy-using devices are integrated into the electricity system, malicious actors will see the potential to exploit these systems and attempt to usurp this new reality. Therefore, it is paramount that we ditch the "build-then-patch" approach, and build systems integrated with holistic security. Fortunately, much of this security is inherent in a properly implemented blockchain.

Chuck Reynolds
Contributor
Please click either Link to Learn more about –
TCC-Bitcoin.

Alan Zibluk Markethive Founding Member