Safety Detectives: Please share your company background, how you got started, and your mission.
Blueskytec: We focus on the cybersecurity of control systems, the building blocks of factories, transit systems, and national infrastructure, where at the edge of the networks interface with the Internet and physical devices, the cyberphysical world. Whilst the internet has revolutionized almost every aspect of modern-day life it has also attracted criminals and nation-states to create new ways of implementing their own tradecraft. Critical national infrastructure becomes a target for nation-states planning for a future where conflict, politics, and economic impact can be delivered at scale using Internet technologies. In the future hyper-connected world data will inform AI and automation will ensure the resilience of infrastructure to faults and optimize the generation and consumption of electricity. These operational technologies (OT) systems will benefit from IT/OT integration yet without adequate security could simply accelerate the access for assailants to the less well defended and legacy networks.
Software has powered the internet but it has also created vulnerabilities that criminals exploit using ransomware. For example, the fuel supplies to the lower East Coast of the US were severely impacted by the Colonial Pipeline attack in May 2021). In 2015 and 2017 the Ukraine power grid was impacted by exploits denying power to hundreds of thousands of the local population. Both of these attacks were attributed to Russia but there are at least 40 countries with openly declared offensive cyber projects and as part of these activities nation-states are exploiting and creating vulnerabilities in infrastructure networks to use to create political, economic, or military advantage at will. Some openness about offensive cybercapability is part of a defensive security posture by being a deterrent.
In the TRITON attack in 2017, the motive was to disable safety control systems attempting to create an explosion in a Petro-chemical plant. Whilst a while ago now, STUXNET discovered in 2010, remains a great example of the power of such tools, it was designed to police nuclear proliferation globally and specifically and subtly to limit Iran’s nuclear weapons program as a psychological weapon aimed at causing Iran to stop trying to develop such capability. Such “tools of war” are highly classified and guarded but even some of the most sophisticated government agencies have had such tools discovered or stolen using cyberattacks and commoditized on the Internet. This could potentially provide access for terrorists to such sophisticated and stealthy weapons and create impact at scale.
Cybersecurity tools traditionally look for known vulnerabilities or exploits and through identification of these by signatures, hashes, or behavior look to remove or deny any intended impact. Defending the networks is implemented by applying this technology and sophisticated tools in cybersecurity operations centers (CSOC), identifying anomalies, understanding the attacks and their motives, and defending against them. This approach works well in the Enterprise environment and understanding the issues is important but less well for the “unknown unknowns” of zero-day attacks (vulnerabilities with no known fix yet or where the vulnerability or attack has not been seen before). Future attacks on infrastructure need a different approach—one based on protection. How do we benefit from automation and hyperconnectivity in infrastructure and operational technology without inheriting the software vulnerabilities?
“Zero Trust Architecture (ZTA)” is the modern security paradigm that is designed to overcome the limitations of “perimeter security” (stopping access to the network at the network boundary). ZTA assumes that the network is already compromised, that the assailant is already in the network, and through segmentation, the ability to traverse the network is limited. ZTA also looks to authenticate at the lowest possible level and not to assume implied authentication that once in the network through multi-factor authentication that the user, data, or devices are authenticated at the lowest possible level.
SD: What is the main service your company offers?
Blueskytec: Blueskytec has created “disruptive technology” to effectively neutralize the threat to infrastructure. The approach secures the networks from the edge upwards whereas most IT takes a top-down approach. Encryption in industrial systems is new, Blueskytec’s technology enables the implementation of all these techniques can be implemented, if required, at every user, device, transaction level. These systems can be separated into thousands of “crypto zones” and authentication and anti-tamper are enforced using military-grade encryption techniques at commercial prices that need no central key management (like KPI or QKD) as these create latency that is inappropriate in real-time, safety-critical control systems. These protective technologies even work where no power is available, so even work for satellite systems (where payload power is normally not allowed during the launch phase). So how does Blueskytec prevent software vulnerabilities? The Blueskytec technology is implemented in silicon—pure logic, 100% testable and orders of magnitude faster as the logic is processed in parallel on each clock cycle than executed sequentially as software is. Cybersecurity in silicon.
Blueskytec has self-invested in the development of the technology using proceeds from the sale of a previous company and by building the team as and when customer funding became available. The senior management team has a background in control systems and working on UK/US “high grade” cryptography (military grade) benefitting from access to classified cyber projects and background of running global companies and acquiring cyber companies in the US and UK for them. Since Blueskytec was formed its mission has been specifically to protect national infrastructure from cyberattacks—a technology that is being validated by UK and US agencies and industries responsible for legacy and future infrastructure globally.
SD: What is something unique that helps you stay ahead of your competition?
Blueskytec: We are unique as encryption is currently not implemented at the edge of the infrastructure networks and there are few implementing security in silicon—avoiding software vulnerabilities, even the silicon we use is formally validated by the agencies responsible and the implementation defends against hardware attacks. The market is becoming aware of hardware security (silicon hardware), the new Google phone for example advertises that it uses hardware security at levels no other phone implements.
SD: What do you think are the worst cyberthreats today?
Blueskytec: Cyberthreats today are becoming routine. Cybersecurity tends to focus on data protection and ransomware is seen as the biggest threat. Working with a national CERT some years ago, the agency and law enforcement were closely following criminals using ransomware and concluded the criminals had at least three years of new versions of their new tools and were controlling their release only when the yield from their malevolent activities was dropping. All are of great concern, however, of even greater concern are attacks on infrastructure, the very fabric of society. Particularly if such capability “leaks” and becomes available to terrorists where lawless impact at scale on society could become the next 9/11. Imagine a really bad day on the Internet – communications down, fake news broadcasting global catastrophes, stock exchanges, ATM’s and power unavailable. Maybe we should imagine the unimaginable as a defense strategy, any one of these events would create a breakdown of society and so security must be at the heart of future hyperconnectivity and automation.