White Paper
Trusting “Zero Trust”: Cybersecurity and Compliance in an Evolving Hydrogen Industry
by: JACK VALLEY | Business Development Manager, Asset Performance Management Services
October 20, 2022 10 minute read
Hydrogen will soon be a major part of critical infrastructure in most of the world’s developed countries. Such rapid global expansion, however, brings with it many risks. Projects may be jeopardized by both external and internal factors, such as hacking, misuse of credentials, poor gatekeeping, and outdated protocols.
Thus, security cannot be an afterthought. Protecting valuable data from the ongoing threats of sabotage or corporate espionage will always need to be at the forefront. Security must become a fundamental pillar of any digitalization and consolidation initiatives. With the rapid number of internet security threats, and the increasing technical acumen of cybercriminals, cybersecurity has evolved from being a departmental IT concern into a standalone industry.
Hydrogen projects, with their complexity, costs, and significant safety concerns, present a special opportunity for the meaningful integration of security into every aspect of operations and management. At this early stage of our industry’s development, we are still building standards, bridging gaps, and identifying the weakest points in our systems. This is the ideal time to make sure that our data will always be handled with the utmost diligence. Security can be “baked into” each of our solutions from day zero, not “bolted on."
Real Threats to Energy Systems
With its complicated network of vendors, operators, technicians, and platforms, the hydrogen supply chain is especially vulnerable to terrorism, activism, or outright theft.
Phishing, or the acquisition of sensitive information through duplicitous means, is the most common form of cybercrime. Carefully mirrored sites, impersonation, fake emails using stolen logos, and other ruses trick unsuspecting users into revealing passwords, PINs, and other private information. Phishing has become an all-too-common occurrence, and the methods used are growing more sophisticated. It is estimated that 91% of all attacks begin with a phishing email, nine out of ten phishing emails carry some form of ransomware, and 32% of all successful breaches involve the use of phishing techniques. So-called “spear-phishing” emails, in which a specific individual or department is targeted by using forged but legitimate-seeming communications (based on browsing history or other personal information), have been the vanguard of many large-scale attack events.
On December 23rd, 2015, Ukraine’s power grid was crippled by a Russian cybermilitary group known as Sandworm. Hackers seized control of assets run by three energy distribution companies: Prykarpattyaoblenergo, Chernivtsioblenergo, and Kyivoblenergo. All three organizations utilized outdated and poorly maintained Soviet-era infrastructure. Their customers, some 200,000 - 300,000 Ukrainians, lost power for about six hours, a crisis that was made worse by inadequate staffing during the holiday season. The criminals took 30 substations offline, seized SCADA (supervisory control and data acquisition) systems, deleted files, disabled key infrastructure components, and attacked call-centers to prevent customer reports. The attacks were later found to have originated from IP addresses in Russia. The chief instrument of this villainy was the BlackEnergy malware, which generated swarms of bots to execute distributed denial of service (DoS) attacks. These bots overwhelmed servers to the point of inoperability. The malware may have been distributed using common attachments like Word documents or PowerPoint decks.
The growing use of Internet of Things (IoT) devices for collecting data leads to an increase in “attack surface.”
On May 7th, 2021, the Colonial Pipeline Company came under attack from DarkSide, a cybercriminal group believed to be based in Eastern Europe. Our nation’s largest refined oil pipeline, which runs from Houston to New York, carries three million barrels of fuel per day and provides roughly 45% of all fuel consumed on the East Coast. The hackers targeted the billing system, rather than physical operations, but this still effectively shut down the pipeline for six days. This crime would have had catastrophic effects on industry and transportation interests across the entire country if it had not been resolved quickly. After stealing nearly 100 gigabytes of data in less than two hours, the criminals demanded a ransom of 75 bitcoin (worth approximately $4.4 million) in exchange for a decryption tool. The United States alone has detected 500 different hacking attempts from DarkSide. Their approach of offering Ransomware-as-a-Service (RaaS) allows this nefarious group to share their code as a product. Experts now believe that the attack was made possible by a password reuse, or an exposed password for a VPN account.
Threats do not always come from outside of an organization. Large organization, with many employees have many points of vulnerability. Human factors play a critical role in security. User habits, operator errors, inadequate supervision, and expanded ease of access often mean that employees themselves may be inadvertently undermining project security. Guest accounts are left open, servers remain operational when they should be shut down, and users may compromise directories by working where they should not. What at first may look like an outside “attack” might be a preventable mistake.
Passwords that are used among many accounts pose an especially significant risk. If attackers can penetrate one account for an individual, often via a personal application exploit, any other reuse of that same password compromises additional accounts.
The growing use of Internet of Things (IoT) devices for collecting data leads to an increase in “attack surface”. IoT devices may not be properly configured and could possibly transmit their data to the wrong endpoints. The physical security of the devices themselves also needs to be assessed.
The chief question for many project owners remains:
“How do we know that malicious actors can’t access our data?”
Organizational Obstacles to Change
Security in any organization is always a tug-of-war between protection and convenience. Employees want as much freedom as possible, but increased access also means increased risk. Not ensuring proper controls around assets and failing to keep the segmentation of security layers manageable, increases the potential for exploitation. In most cases, the more convenient something is to use, the less secure it is likely to be.
The energy sector relies heavily on legacy hardware and programs, many of which still use outdated architecture, such as monolithic applications hosted on unhardened machines. These are prone to mis- configurations that can open ports to the internet, offering a tempting target for hackers. In such outdated systems, horizontal movements between servers and between applications are achievable, and penetration of one area allows for access to others.
All too often, information is stored in an insular fashion, kept in separate “silos” with divergent objectives or incompatible systems. “Tribal knowledge” occurs when departments or individuals do not share information. This may happen when partners do not recognize a common goal, become excessively protective of their methods, rely too heavily on continuity of staffing, use different formats, or do not fully document their processes.
Though attacks with ransomware and Denial-of-Service (DoS) are increasing, it is hard to quantify in advance the potential costs of an incursion. Companies are racing to stay ahead of potential threats and trying to invest sufficient resources into developing a sound security strategy, but many within the industry are not always technologically savvy, and too many gaps exist in how the energy sector evaluates its own security protocols. Even the most diligent efforts often encounter cultural resistance to change. Cybersecurity is often considered a cost center. We want to move away from that mentality and consider cybersecurity as a critical business function that adds value across business lines.
Taking Steps Towards Protection
What actions can owners and asset managers take as precautions?
The first step in securing any facility, system, or team is taking a full inventory of its constituent components. Project owners must identify the applications, assets, identities, and network configurations that are being used, pinpointing any potential weaknesses. Once a team fully understands and documents its assets, it can establish baselines for configuration and connectivity. Operators can easily detect “drift” on all reporting assets, activate alert mechanisms, and evaluate any deviations from established baselines.
Identities can be easily stolen, and validation must be treated like the foundation of any security strategy. Access to data should be specifically tailored for each job role, with additional identity checks being added at critical points. This means verifying connections using multi-factor authentication (MFA), being up to date on certificate management, granting only conditional access, and bringing the security “perimeter” down to individual applications components and services. Application Programming Interface (API) tokens and sensitive data should be encrypted, fully authenticated, and never transmitted as plain text. Furthermore, physical security of the server racks and all IoT devices needs to become a higher priority. Wi-Fi controls for each site should also be examined regularly, to prevent any unwanted entry.
The first step in securing any facility, system, or team is taking a full inventory of its constituent components.
The hydrogen industry must avail take every opportunity to build systems through code that can be tightly managed. A top priority for development and security is the notion of consistency, and Infrastructure as Code (IaC) is a fundamental part of a consistent cloud-based strategy. By utilizing IaC, operators can more readily prevent manual mis-configurations. Computing, storage, and networking services can be deployed in the same manner across all environments. Customers can make provisions faster, with fewer resources, and ensure high-quality standards with security features built in from the outset. Security teams appreciate this approach because it fits into a DevSecOps (Development/Security/Operations) culture very well. As a set of practices and principles, DevSecOps places security squarely in the center point of development and operations, moving it to an earlier stage (“shifting left”) in the project lifecycle. IaC provides consistent infrastructure and is crucial to Application Security (AppSec). By using IaC with SecOps, resource configurations and improvements can be deployed using best practices and rigid organizational standards.
To be successful, hydrogen systems must utilize modern architecture, encrypted traffic, proper data sharing techniques, and working key vaults. All data collection processes require tweaking and fine-tuning; however, the use of IoT devices makes such adjustments much easier. Unique IDs on equipment allow authorized personnel to structure and graph data and determine which asset each stream is coming from.
How LIFTE Achieves Cybersecurity Excellence
LIFTE H2 (LIFTE) recognizes the critical importance of managing how data is gathered, organized, sorted, and disseminated. Every component in our infrastructure development pipeline has been designed with the security of our customers’ data in mind. The keystone of LIFTE’s cybersecurity strategy is our Asset Performance Manager (APM), which offers a tightly contained yet intuitive single-pane interface for the monitoring of systems and equipment.
By building a culture around the principle of “zero-trust,” using cloudbased databases rather than traditional servers, restricting access through strict authentication protocols, segmenting networks into more manageable pieces, and earning compliance certificates from globally recognized bodies, LIFTE keeps hydrogen projects safe, stable, and secure.
Our Stance on Zero-Trust
Traditionally speaking, companies have been viewed as castles, with ramparts or moats surrounding them, representing the traditional flat network firewall perimeter. This type of security model only works, however, if there are no other insidious threats awaiting within. Companies have often been too quick to automatically trust users and endpoint devices once they were admitted past an established “perimeter.” This puts organizations at risk, not only from malevolent insiders (such as spies or disgruntled employees) but also from trusted users who have had their credentials stolen by outsiders. Within an insufficiently partitioned arena, identity theft allows for too much freedom, allowing an invader to make swift lateral movements between zones.
Introducing a “zero-trust” perspective into the company culture is an effective route to security. By removing the assumption of trust, we can have a perimeter-less approach to security, one in which there is no “inside” or “outside.”. Zero-trust means that the company explicitly authenticates every user at several steps. We deny by default, as a means of tightening every point of access.
A zero-trust mindset works to the company’s advantage by providing:
- Continuous verification of resource and identities – This means that we always verify access... all the time.
- Assumption of a breach – We reduce risks by eliminating attack surfaces. We stop horizontal movement by ensuring that users and entities can only connect directly to the apps and resources required to do their jobs. Users are never given full access to everything on the network.
- Automated granular context collection – This includes collecting information about user identity, device, location, type of content, and the application being requested. Policies must remain adaptive, so that user access privileges can be continually reassessed as the use context changes.
Choosing the Cloud
Hydrogen systems generate a tremendous amount of data, coming in from many different sources, including IoT devices and project-specific operation software. This results in a wide variety of data formats. Traditionally, this material has been represented by handwritten notes, Excel spreadsheets, and pictures. By centralizing data and using a standardized format, information can be more easily collated, shared, analyzed, and secured.
LIFTE accomplishes this by implementing a hydrogen-specific extract/ transform/load (ETL) process. ETL tools are an essential step in data warehousing. They can help dismantle data silos, improve the distribution of stored information, and quicken the decision-making process. This represents a significant improvement over the older methods of moving data through hand- coded pipelines.
Our objective is to move away from a disorderly mix of data silos and tribal information into a centralized, consistent, and rigorously controlled approach to data management. The solution to the problem of information partitioning lies in the use of the cloud to gather and consolidate operational data, rather than keeping it on servers and desktops. In an ideal world, each hydrogen project would begin its operations from the outset with a fully cloud-based data platform, using proper security tools and a consistent method of data collection via IoT devices. The massive amounts of telemetry our assets are yielding, streaming in at 500-5000Hz from multiple sensors, would be collected in a secure, consolidated, and organized fashion.
Moving to a serverless architecture drastically reduces the attack surface. Without open ports, each connection point in our environment is explicitly secured. All of our resources are opened only to the exact sources and locations that we specify, and we know that we are not utilizing outdated operating systems (OS) or system libraries. We can extract the underlying OS layer, while our cloud provider, Amazon Web Services (AWS), keeps components updated. AWS (along with other cloud providers) dedicates thousands of resources to safeguarding serverless resources, moving our developers away from administrative work and towards action.
Authentication: Only Authorized Users Allowed
As a proven SaaS (Software-as-a-Service) model, Auth0 has hundreds of developers focused specifically on authentication, access management, and security. This allows LIFTE’s APM to leverage Auth0’s expertise as a provider of secure standards-based identity and access management. By using Auth0, LIFTE can focus on application feature enrichment and avoid the cost, time, and risk involved with in- house authentication solutions.
LIFTE’s solutions with Auth0 include:
- Multitenancy workflows, where each user is granted specific permissions under the terms of their dedicated share
- Single Sign-on (SSO) implementation, allowing the federation of multiple identity sources
- Secure API access
- Bleeding-edge password/one-time code authentication
- Conditional access for user security
One of the most important backend services LIFTE H2 offers is centralized account management. We can create and maintain our AWS accounts with a consistent structure, based on the highest standards of certification criteria. Networking and security controls are configured effectively on each of our accounts, and for all of our customers’ resources. Our security event manager correlates threat detections across all accounts and includes automated resolution workflows.
Multifactor authentication is a method of validating identity that grants access only after a user has presented two or more types of information. Frequently accepted forms of MFA may include passwords, answers to security questions, software or hardware tokens, fingerprints or other biometrics, and confirmation of an authorized user’s location.
Micro-Segmentation
Traditionally, companies have relied on a single or ‘flat’ network, where access is permitted to all corporate applications and data. This configuration makes it easier to hijack the entire network if everything is accessible to a single user. Attacks are harder to mount, however, if there are firm boundaries between its various parts. Micro-segmentation, or breaking a flat network into smaller, more discrete, and more manageable chunks, allows for the implementation of additional checkpoints, forming further barriers to unwelcome movement. A key advantage of micro-segmentation is that all areas activate appropriate checkpoints as users attempt to cross boundaries. Authentication is continually re- verified as users try to move from zone to zone.
LIFTE ensures proper network and resource segmentation by using zero-trust networking models. We can be certain that resources are explicitly assigned to proper subnets and network zones based on use, and that each Virtual Private Cloud (VPC), or subnet, has proper security configurations and routing. LIFTE makes sure that every resource provisioned in the environment contains proper group configurations, including resource-specific firewalls. Each resource is limited to the exact port, protocol, and Classless Inter-Domain Routing (CIDR) range it specifically needs.
LIFTE’s Asset Performance Management System
A well-designed asset performance management system is essential to ensuring that all relevant data coming from an asset is being collected in a consistent and secured manner. One of the chief aims of an APM is the standardization of data intake. The goal is to arrive at a single data format that we can easily read, collate, and do analytics on. This is an effective way to manage our systems effectively and realize the full promise of predictive maintenance. LIFTE addresses each of these concerns in its comprehensive program of project review and implementation.
LIFTE’s APM is designed to collect large volumes of raw data, arriving from multiple sources and from different platforms. This data can be stored in a single database for fast and reliable access. Analysts then work with this data to sort, format, filter, and merge it. A graphical user interface allows for quick and meaningful reports.
What separates the LIFTE’s APM is that we are building it specifically for the hydrogen industry. LIFTE is an Infrastructure as Code (IaC) environment, where every piece of infrastructure and security is created via code. This results in a consistent, heavily reviewed process of resource creation, and it means that we can deploy multiple environments swiftly.
With the inclusion of IoT devices for data collection, we are also responsible for improving hardware security. IoT is a key element of our APM, allowing us to connect directly with our assets and monitor their performance in real time. With the automated systems we have built, any compliance deviations are reported, and prompts are immediately sent when mis-configurations are detected. Analysts can quickly aggregate large amounts of incoming material and make continuous assessments. Clients have access to their data, and their data only. From an operations perspective, we are already using the best identity and access management (IAM) mechanisms.
Because hydrogen equipment requires very precise data analytics, a digital solution is required for proper infrastructure deployment and operations. LIFTE’s digital solutions seamlessly incorporate security measures in every phase of design, development, and operations, and help our customers realize CAPEX and OPEX targets.
Compliance with Industry Standards
The hydrogen industry is still developing its standards for operations, and adherence to the specifications set by governing bodies will help ensure compatibility between platforms. When there are resources or assets that we do not know about, or if they are configured in inconsistent or mysterious ways, our ability to control them is reduced. Thus, we must work to remove ad-hoc solutions, or “shadow IT,” from projects, and make sure that our solutions are being held to the highest standards of consistency and accountability.
Certification by an accredited body lets our customers know that we treat all aspects of security with the utmost diligence. It assures our customers that their security risks are being treated effectively, and that LIFTE is following best practices. ISO 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). System of Organizational Controls (SOC) is a suite of reports generated during an audit; the second tier of examination, SOC 2, attests to the effectiveness of an organization’s security processes, oversight, vendor management, and risk mitigation.
LIFTE has been certified as compliant with both ISO and SOC2 standards. Our certifications were issued by A-LIGN, an independent and accredited certification body, based on successful completion of a formal audit process. These certifications are evidence that LIFTE has met rigorous international standards in ensuring the confidentiality and integrity of hydrogen supply chain management. We have earned these compliance certificates and we use them as a baseline for our approach to cybersecurity.
LIFTE has implemented several security measures and countermeasures that protect its systems from unauthorized access. Its IT personnel were found to be conscientious and knowledgeable by A-LIGN, an independent and accredited certification body. Ongoing and unwavering compliance with SOC 2 and ISO 27001 standards is a demanding process, but one we believe to be essential to the growth of the industry.
LIFTE: Securing the Industry’s Future
As the hydrogen industry grows, so do the threats against it. Hackers, terrorists, corporate spies, and other malicious actors are using increasingly sophisticated tools to disrupt supply chains and energy infrastructure around the globe. To combat this, LIFTE is working to build reliable, secure, and safe methodologies, always treating cybersecurity as a top priority.
Moving away from outdated server-based systems to the cloud reduces our attack surface ...
To reach the full potential of hydrogen, our network of owners, operators, technicians, and vendors must overcome any cultural resistance to change, and leave behind problematic behaviors. We must instead collectively embrace an attitude of diligence, vigilance, and rigorous adherence to protocols. Placing our trust in a “zero-trust” mindset allows us to better defend ourselves against incursions, theft, ransom, or attacks. Using cutting-edge IoT devices allow us to better monitor equipment performance. Employing strict authentication methods, and segmenting large networks into more discrete zones, gives us more exacting control over the movement of users within our data environments. Moving away from outdated server-based systems to the cloud reduces our attack surface and empowers project security teams to swiftly address any exposed vulnerabilities. By certifying our compliance with standards set by globally recognized parties, we can be certain that we are establishing and maintaining best practices as we move forward. With our proven expertise and dedication to security, LIFTE is prepared to guide every aspect of hydrogen infrastructure development, and to secure the industry’s future.
Contact Us LIFTE is prepared to guide every aspect of hydrogen infrastructure development, and to secure the industry’s future.
Contact LIFTE H2 today to learn more.
Sign up for the LIFTE H2 Newsletter
Subscribe to stay up-to-date on all news, products and projects