INTEGRASYS has developed a solution, FWSEC, to protect critical infrastructures from potential cyber-attacks. Nowadays, securing supply chains against imminent cyber-attacks has become a challenge, especially in Europe. The battlefield extends to the online field, which is the engine of the current intelligence.
Today, there is no solution impossible to hack, however, new technologies enable much faster recovery of the hacked assets, FWSEC in milliseconds. INTEGRASYS’ FWSEC solution is used for the firmware protection of connected sensors operating in Critical Infrastructures. It detects, stops and reports malicious tampering attempts which may be a potential threat to the security of the affected sensors and also scale up the threat towards the full system through the network infrastructure. The solution is based on three main pillars: a firmware management server including remote management capabilities, a TPM module at the sensor platform providing crypto functions and secure storage, and an external tamper-proof private blockchain used as an additional security layer leveraging time-based integrity of digital assets. If the Firmware is not reliable FWSEC automatically goes back to a safe state with a digital coded footprint.
FWSEC Solution
The sensors firmware includes a firmware management agent which implements -in cooperation when needed with a counterpart at server-side- security-at-rest, security-in-transit and security-in-use procedures built with sound-security-by-design standards.
Such procedures allow for full-lifecycle management of firmware assets, including developer signing, sensor onboarding, remote update/attestation, cryptographic key management, and sensor offloading, integrating properly with existing customers’ PKI services. The security of remote procedures is enforced by multiple layers including state-of-the-art link-level, network-level and application-level security complemented with additional blockchain-based and multi-link out-of-channel functions.
The security approach of the FWSEC solution allows for configurable checkpoints of the firmware integrity based on user-defined policies, preventing, and minimizing the impact of potential cybersecurity attacks. By setting the focus on highly robust, secure, and available firmware update procedures, FWSEC provides the ability to return very quickly to a safe state if other system security functions such as firewalling fail to stop an attack as well as to verify at any time that the node status is safe.
This technology has provided successful protection of data centres, and remote assets for major European Telco Providers, over the last months.
FWCSEC complements ideally with cybersecurity products of INTEGRASYS portfolio, such as RANMONITOR (Hacking Cell Tower Protection), and CLEANRF (Interference Cancellator).