Sponsored Content by Sauter
With the rise of Bitcoin, the digital Internet currency, blockchain technology has suddenly become more than just hype. Internet giants are planning their own digital crypto currencies and threatening the traditional world of key currencies and banks. Alongside these megatrends, SAUTER is taking a different approach and is aiming for a more “peaceful” use of blockchain technology – to protect the data and processes used in building automation.
A blockchain is a decentralised database that maintains a steadily growing list of records. With Bitcoin, this database is extended with every transaction, thus building a chain that is constantly having new elements or blocks added (hence the term blockchain). When a block is complete, a new one is created containing the digital fingerprint of the previous block. If someone deletes only a single element in this data block chain, the fingerprint of the affected block changes and thus the whole blockchain would break up into the individual links of the chain.
A special feature of Bitcoin is that each transaction is checked again before it is written to the Blockchain. Every computer in the Bitcoin network can see that subscriber A wants to transfer bitcoins to subscriber B. The computers in the network then check whether the transaction complies with the rules and whether A also has enough bitcoins. When, and only when, all participating computers agree that the transaction is valid, it is then entered in the blockchain with the chain permanently securing it against forgery.
However, the validation and viability testing process is extremely CPU-intensive. The IPO of a number of large bitcoin companies made it possible to determine their power consumption and extrapolate this for the entire bitcoin network. The conclusion was that the bitcoin cryptocurrency now requires around 46 terawatt hours of electricity per year for its computer operations. This energy demand causes about 22 megatonnes of carbon dioxide to be emitted yearly. This equates approximately to the CO2 footprint of Hamburg or the whole of Sri Lanka.
SAUTER deploys blockchain technology in its own unique way – linking its automation stations in a building network and creating a blockchain ring. The computing resources used and the extra communication data that results are extremely modest. There is no such excessive power consumption, just an increase in data security!
Cyber security in the age of IoT
With the development of its new building automation system, modulo 6, SAUTER has opened the doors to cloud and IoT technology. As buildings are connected to the Internet of Things and the Cloud, system and network security is becoming a major challenge. To overcome this, SAUTER has based the cyber security concept for modulo 6 on the new international standard for industrial automation, IEC 62443. The IEC standard defines seven fundamental requirements and four security levels for cybersecurity.
SAUTER has described the security levels attained by modulo 6 for networks and system components in the modulo 6 Guideline for Cyber Security. This specification allows the current security level to be determined for plants that may require special protection and, if required, to increase these through targeted measures.
Blockchain ring formed by automation stations
Modulo 6 has had a high level of protection built in from the beginning. The automation station offers a completely separate network interface from the building network. This creates a type of firewall between the internet and building network. Encryption, authentication and access protection are guaranteed by proven security technologies (TLS 1.3, IEC802.1X, etc.) and the network interfaces are already well protected against DOS attacks at automation level. Therefore, processes can be observed, limited, isolated or even stopped if needed. Modulo 6 is also equipped for the BACnet/SC (BACnet Secure Connect) security standard planned for 2021. This means that we have more than adequately covered IEC basic requirements 1, 2 and 4-7. Only for requirement 3, i.e. ensuring system integrity, did we think that existing measures were still unsatisfactory. System integrity could also be described as the “intactness of data” or “protection against unauthorised modification of data”. Examples of this might include changing audited measurement and process data or interference in automation programs. Such data modifications could even be caused by the company’s own service staff – unknowingly and completely by accident.
When we think about the bitcoin and blockchain principle, we initially visualise the security of data transactions or payments. Beneath this dynamic transaction level, however, is a static, distributed blockchain-secured database – a kind of “ledger set in stone of all existing transactions”. SAUTER is now translating this principle into the world of networked building automation and developing its own Blockchain process. The idea is simple: The static data of the automation stations in the network form a kind of Blockchain ring. Each automation station generates its digital fingerprint. This is based on its own data and on a fingerprint of the previous station in the blockchain ring. The block data typically consists of programs, firmware and process and network parameters. Simply put, each station uses its own data to form a block in the blockchain. If the integrity of the data in a station is infringed (deleting or changing a single bit is all that it takes), the blockchain collapses immediately.
In the event of a breach of the Blockchain’s integrity, the SAUTER’s system’s responses are:
- Only trigger an alarm
- Trigger alarm and isolate affected station (and assume emergency signal state, for example)
- Trigger alarm, isolate affected station and initiate automatic self-repair
Action c) requires the creation of a digital twin for every station during commissioning. These twins (a copy of all static data) are saved in an encrypted database. They can then be stored on a dedicated automation station, local computer or in a data centre/the cloud.
An advanced procedure for the SAUTER blockchain allows us to distribute the twins randomly among the existing stations. This completely does away with the need for an additional database computer.
The self-repair process is particularly useful, especially during routine servicing. If an automation station is replaced, the data validated during commissioning is guaranteed to be transferred uncompromised.
The procedure has now been submitted as a patent and passed an international patent search. SAUTER has thus achieved a unique security level for the important system integrity requirement stipulated by IEC 62443.
Author: Dr. Felix Gassmann, Head of Technology, SAUTER Group