Chronos Technology has launched CHRONOSec, a range of tech security audit services that focus on the vulnerabilities of Operational Technology (OT) to GNSS denial or interference.
Image courtesy Chronos Technology
Deliberate cyber-attacks on critical strategic infrastructure are on the increase. CHRONOSec’s services have been designed to harden the synchronisation and timing elements of an OT system as recommended within the Blackett Review. This ensures industrial organisations and strategic infrastructure which uses GNSS derived services and operations are secure even under accidental or deliberate attack from a broad base of bad actors ranging from nation state and terrorist jamming to serious and organised criminal activity.
OT across all sectors is increasingly complex and reliant on accurate timing and synchronisation to operate. This synchronisation can be either within a single site or across a wide network of equipment regionally or nationally. Many time and synchronisation systems rely on signals from Global Navigation Satellite Systems (GNSS) such as GPS or Galileo. Disruption of these signals either deliberately or accidently can have a significant impact on OT. The protection and hardening of OT infrastructures should therefore be part of an organisation’s overall Cyber Security strategy.
Any OT infrastructure that uses timing and synchronisation could be a target for GNSS disruption. Chronos’ services are suitable for any such environment with particular relevance to: Critical National Infrastructure such as power, broadcast, finance, telecoms, government and industrial infrastructure where timing and sync interference could lead to expensive and lengthy outages, and infrastructure where safety of life risks increase due to failure. The technologies involved in these examples are likely to include GNSS receivers, grandmasters, PTP and NTP clocks, IP networking and probably multi-site (or multinational) operations.
Charles Curry, Managing Director with Chronos Technology said: “GNSS signals are very low power when they reach the ground. If a cyber-attacker intends to cause disruption to OT systems then small and subtle timing errors could be slowly introduced in way that could defeat self-resilience tech such as spoofing-detection algorithms and introduce possible points of failure in those networks. A coordinated attack over multiple geographic locations could cause catastrophic failures due to timing differences between multiple sites exceeding design limits. The principles of ‘CHRONOSec™’ are based on our understanding of the complexities of a wide range of technologies and an appreciation of the impact of OT disruption on individual organisations.”
The OT hosting organisation has to be actively involved throughout the process to ensure a full understanding of the implications of any test or activity and both sides have a clear picture of results and threats. The final report will fully describe the state of either vulnerability or robustness of the sync and timing dependant systems within the overall OT infrastructure.