Integrasys has developed a solution, FWSEC, to protect critical infrastructures from potential cyber-attacks.
Integrasys’ FWSEC solution is used for the firmware protection of connected sensors operating in critical infrastructures. It detects, stops, and reports malicious tampering attempts which may be a potential threat to the security of the affected sensors, and also scale up the threat towards the full system through the network infrastructure. The solution is based on three main pillars: a firmware management server including remote management capabilities, a TPM module at the sensor platform providing crypto functions and secure storage, and an external tamper-proof private blockchain used as an additional security layer leveraging time-based integrity of digital assets. If the firmware is not reliable FWSEC automatically goes back to a safe state with a digital coded footprint.
The sensors firmware includes a firmware management agent which implements -in cooperation when needed with a counterpart at server-side- security-at-rest, security-in-transit, and security-in-use procedures built with sound-security-by-design standards.
Such procedures allow for full-lifecycle management of firmware assets, including developer signing, sensor onboarding, remote update/attestation, cryptographic key management, and sensor offloading, integrating properly with existing customers’ PKI services. The security of remote procedures is enforced by multiple layers including state-of-the-art link-level, network-level, and application-level security complemented with additional blockchain-based and multi-link out-of-channel functions.
The security approach of the FWSEC solution allows for configurable checkpoints of the firmware integrity based on user-defined policies, preventing, and minimising the impact of potential cybersecurity attacks. By setting the focus on highly robust, secure, and available firmware update procedures, FWSEC provides the ability to return quickly to a safe state if other system security functions such as firewalling fail to stop an attack as well as to verify at any time that the node status is safe.
This technology has provided successful protection of data centres, and remote assets for major European telco providers, over the last months.