InTech

NOV-DEC 2017

Issue link: http://intechdigitalxp.isa.org/i/910561

Contents of this Issue

Navigation

Page 33 of 61

34 INTECH NOVEMBER/DECEMBER 2017 WWW.ISA.ORG SYSTEM INTEGRATION and is better able to withstand mali- cious attacks. l Changes to public blockchains are pub- licly viewable by all parties, creating transparency, and transactions cannot be altered or deleted. Bitcoin has perhaps gained more no- toriety than respect from the general public to date, because hackers have used it to collect their fees from ran - somware attacks. Bitcoin transactions involve transfers between anonymous addresses, and the lack of central control makes it difficult, but not impossible, to trace. However, blockchain technology can be a force for good. Already disruptive Blockchain technology is already be- ing used in a wide variety of industries. More than $500 million was invested in venture capital–backed blockchain companies in 2016. Some high-profile applications include: l The diamond industry to track indi- vidual diamonds from mine to con- sumer. This addresses counterfeiting, loss of revenue, insurance fraud, and conflict diamond detection. l The medical industry to maintain a backup of a person's DNA that can be readily and securely accessed for med- ical applications. l In retail to record every action that happens in a retail supply chain and make all the data searchable in real time for consumers. This allows the consumer to scan a QR code on a can in the supermarket and find out where the food inside was obtained, who certified it, where it was canned, etc. l Legal to lock down a video or photo- graph, so it is impossible to change one pixel without a record of the transaction, allowing uses like record- ing indisputable insurance claims or police brutality. l Energy management to allow cus- tomers to buy and sell energy directly, without going through a central pro - vider. Closer to home, IBM is working in partnership with Samsung to develop a decentralized Internet of Things (IoT). Autonomous decentralized peer-to- peer telemetry (ADEPT) uses block - chain technology to secure transactions between devices. IBM and Samsung are planning networks of devices that can autonomously maintaining themselves by broadcasting transactions between peers, as opposed to the current model of all devices communicating only with centralized, or cloud, services. Central to this concept is the reg- istration of IoT devices in a publicly maintained blockchain, creating a lev - el of trust that cannot be achieved for rogue devices. Blockchain in the ICS world Blockchain technology has other poten- tial applications for ICS, such as the pro- tection and verification of device firm- ware and application software updates. As ICS users have secured their networks, attackers have taken to other methods to infiltrate systems. One such method in- volves inserting Trojan malware into ICS software that is downloaded by users for installation on their networks. In 2014, a variant of the malware Havex contained code that scanned networks for OPC- aware devices. It then collected informa- tion on the tag configuration and upload- ed it to an external server. This Trojan was found in downloadable software on ICS vendor websites. Registering firmware and software in a blockchain could pro- vide an immutable record of code, mak- ing an attack like the Havex OPC example impossible. Other potential ICS-based applications are: l authentication, authorization, and nonrepudiation of device configura- tion and program changes l protection, verification, and nonrepu- diation of critical data, such as histo- rian streams or regulatory reports Challenges One of the challenges for the non-Bitcoin blockchain solutions is that a key ben- efit of a truly distributed ledger is only achievable if there is some obvious finan- cial gain for miners. The above examples, such as the ICS firmware or software led- ger, may only be achievable with a pri- vate (e.g., run by one ICS vendor for their products only) or consortium blockchain (perhaps managed by a collective of ICS vendors). In this application, there may still be some concerns about the security of the ledgers, but in the case of ICS firm- ware and software verification, a private or consortium blockchain would still pro- vide significantly more assurance than existing methods. As with all disruptive technologies, it is impossible to predict with cer - tainty what will happen. All we can do is watch this space. What is certain is that blockchain technology is not go - ing away anytime soon. n ABOUT THE AUTHORS Steve Mustard, PE, Eur. Ing., CEng, CAP, GICSP, FIET (steve.mustard@au2mation. com), is an industrial automation consul - tant with extensive technical and manage- ment experience across multiple sectors. A widely recognized expert in industrial cybersecurity and an ISA99 Security Stan- dards committee member, Mustard ac- tively participates in cybersecurity work- ing groups formed by the Automation Federation. Mark Davison, MIET (mark.davision@ter- zodigital.com) is a software engineer with more than 30 years of experience. Current ly he is an owner/director of Terzo Digital, a software consultancy firm specializing in IoT and telemetry. Davison is a current committee member for the Water Industry Telemetry Standards (WITS) Protocol Stan - dards Association, helping to develop new standards in the IoT arena, aimed at more than just the water industry. View the online version at www.isa.org/intech/20171204. challenge c 0....0 xxx...x 40 bits = = 0 proof response p 2 40 steps 1 trillion combinations HASH

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - NOV-DEC 2017