top of page

39 items found for ""

News (28)

  • Cyber Security for Critical Infrastructure – Roads and Transport

    Provision of core transport infrastructure in major cities has evolved from simply building and maintaining roads into managing entire transport networks.  Major arterial roads incorporate significant public assets, such as tunnels, bridges and interchanges, which necessitate a need for control and oversight over an even broader range of assets to ensure traffic flow remains safe, reliable and efficient for all road users.  For any organisation to be able to provide this level of supervision of these networks, there must be a significant investment in technology and, toll collection aside, an immense network of devices, sensors, communications systems, signage and other equipment that is all linked back to central control rooms. The complexity of managing efficient traffic flow on a major road network, which can include bus lanes as well as cycling and walking paths, will continue to grow with the growth of the number of vehicles on the road as interactions, incidents, closures and major events can all impact use and flow.  Tools used by organisations to manage this include variable speed signs, lane management and incident recovery teams, all of which can be triggered remotely through decisions made via observing CCTV and other traffic flow data.  Further to the technology currently in use, the future prospect of connected autonomous vehicles (CAV’s) will see these vehicles interact with the infrastructure itself, with data on traffic flow and incidents being fed to the vehicles, as well as the possibility of telematics from the vehicles themselves being fed back to the road operator. Each and every one of these devices and communications systems is, therefore, a component of Critical Infrastructure (CI).  Any part of that CI being compromised, leading to roads being degraded or rendered unavailable for an extended period, could lead to massive disruptions and potential grid lock across cities. With every new device connecting to any system, the attack vector against the system from nefarious actors grows.  There are multiple reasons for the increased threats.  Firstly, the Operational Technology (OT) in use is not immune from the numerous cybersecurity issues plaguing these devices across manufacturing, energy and utilities.  Secondly, it is difficult to apply patches to equipment required for 24 hour operating environments, leading to the potential for exploits to remain unpatched for longer.  Thirdly, there is a significant a lack of available cybersecurity talent, especially those skilled across all of the IT, OT and IoT environments. In 2022 and 2023, we saw international cyber security agencies (including Australia) issuing multiple alerts about malicious Russian cyber operations and potential attacks on CI, the discovery of new OT specific malware, as well as the disclosure of a growing list of OT vulnerabilities. A different approach is required to combat these persistent and growing threats. VeroGuard System’s technology maintains network integrity for any devices when connected to open networks.  Providing un-phishable MFA for access to networks and devices and strong post quantum level data encryption for device communications, organisations can implement a certified virtual airgap between field asset and open internet connectivity.  The VeroGuard Platform is the only platform worldwide to have Common Criteria certification for access on open networks, meaning it has been verified by the Australian Cyber Security Centre (ACSC) for use in Defence and other government departments with high assurance requirements for online access. Background CI continues to face an expanding cyber threat landscape which presents a substantial challenge to operations.  Governments have mandated controls for cyber across the CI landscape and have continued to broaden the definitions of industries and systems included under the CI banner.  With several recent high-profile hacks on the sector, including the Colonial Pipeline in the US and, locally, Optus and DP World, CI operators should be continually evaluating their strategies and technology stacks used to prevent digital incursions. The ACSC recently released a report stating that “state-sponsored cyber groups and hackers have increased assaults on Australia's critical infrastructure …. adding that its new defence agreement with Britain and the U.S. had likely made it more of a target”.  While Australia is not alone in being targeted, our large land mass and distributed workforce makes a strong case for removing airgap controls and enabling remote access – potentially opening the door for malicious actors. Complicating matters further, “insecurity by design” remains very relevant in OT and IoT systems, which is why a shift in security infrastructure to account for open network connectivity and all the variables it presents is so necessary.  Insecure by design vulnerabilities abound, as evidenced by a recent investigation by Vedere Labs which found 56 vulnerabilities affecting 10 major vendors.  Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of devices, bypass authentication, compromise credentials, cause denials of service or have a range of operational impacts. In a closely related sector, a study by the University of Michigan highlights the alarming possibilities for attacks against vehicles - proving that it’s possible to hijack certain processes within modern trucks.  Researchers were able to hack into a diagnostic port, manipulate the readouts from the instrument panel, force the truck to accelerate and even disable part of the truck’s braking system. Analysis by threat hunters at Mandiant of the October 2023 Ukrainian Power station attack showed that a pair of previously undocumented OT attacks were used to cause the power outage, highlighting the difficulty of maintaining protection on OT devices when vulnerabilities are continually being discovered and weaponised by nation-states. It is not appropriate to simply embrace the cybersecurity operations from existing IT practices.  While IT network and operating system patching and identity management practices are well established, the ability to manage OT devices and systems in the same manner is not as straight forward.  Many OT devices deployed in CI systems were never originally designed to be connected to the internet and new models for cybersecurity are required. Some of the key mitigation strategies recommended in every advisory (aside from patching, monitoring, training and awareness – these are all “after the fact” activities and not prevention) are to: require multi-factor authentication for all access (system, PC’s, devices, networks); implement and ensure robust network segmentation between OT assets and corporate networks to limit the ability of malicious cyber actors to pivot from a compromised asset and, potentially, to an IT network; and implement strong machine identity and encrypted communications for connected assets over open networks. It is important to note that without strong Identity and Access Management (IAM) control over any additional tools, the criminals will find a way through.  This is on ongoing occurrence online, with bad actors simply by-passing second factor authentication (2fa) and detection software.  There have been attacks where 2fa applications and VPN’s themselves were used as the vectors for successful breaches. Defending against current and emerging threats. The rapid adoption of technology presents universal concerns for service providers: Increased digital services/devices and interconnectivity between systems means an increased attack surface for cybercrime. Rapid rise in data volumes, flows and complexity of management means increased opportunities for identity breaches. Transitioning from legacy systems and navigating the complexity of hybrid environments. Complex layers for identity and security become more costly with many mixed environments. Expansion of stakeholders and associated integration requirements (suppliers, citizens, third party providers, businesses). Credential compromises remain one of the largest reasons for breaches of systems, as well as one of the most easily preventable with the appropriate system infrastructure.  The next generation of IoT systems must be designed with identity and data security at their core – but changing out infrastructure is costly and slow. To stay ahead of the curve and defend against the threats outlined in the introduction, the next generation of CI system architecture must include: a unified platform to reduce the complexity of layers of technology built up over decades; a cybersecurity platform architecture that is identity centric - purpose built for protection over open networks; a digital identity that is robust, tethered to the user, re-usable in many places and can’t be tampered with; machine/human identity and communications that cannot be breached or compromised; a solution that can be readily retro-fitted to existing networks and company assets; an identity layer that facilitates hyper convergence of IT and IoT functions to simplify and reduce costs rather than duplicating across networks and participants; and privacy controls and low friction interfaces for users. The VeroGuard Platform – a significantly better approach The VeroGuard Platform offers a unique solution to securing connected environments by providing secure IAM controls, virtual network separation, data encryption and flow control.  VeroGuard System’s products have Common Criteria (CC) certification (defence level security) and can be quickly and cost effectively deployed to legacy, new and hybrid environments. The VeroGuard Platform was specifically designed for protecting identity, access and data on the open internet and works by inserting a Hardware Security Module (HSM) between the device being accessed and the network connectivity, delivering an impenetrable defensive layer for online protection.  When initiating connectivity, the inline HSM must connect to and verify itself with the VeroGuard Platform HSM, which then creates a secure encrypted tunnel using hardware derived keys and encryption protocols for data flows and any user verification needs. HSM-to-HSM verification and communication is not new – however, until now, this has been expensive and limited to terrestrial connection.  Two-way HSMs are utilised in banking (eg ATM’s, eftpos) and military systems around the globe for securing critical communications.  Typically, the technology is used in guided missile control where it is crucial that command messages cannot be decrypted or the command plane hijacked.  The VeroGuard Platform brings this mutual two-way hardware verification for use in OT environments, at scale and without the high cost. Form factors used on the VeroGuard Platform include the VeroCard HSM (for humans) and the VeroMod IoT Shield (for machines/devices). The VeroCard HSM enables human users to be verified to access networks, applications and devices by authenticating the human via a combination of the specific user’s VeroCard and the user’s secret PIN. Every login attempt is verified by the secure connection back to the VeroGuard Platform. The VeroMod IoT Shield is a commoditised HSM which connects inline and creates a “virtual airgap” between the device and any connectivity.  The VeroMod IoT Shield brings HSM-to-HSM technology for verification and encryption to any device, guaranteeing access requests to and from all machines and providing the highest level of encryption to all data in transit. The VeroGuard Platform is unmatched for security and scalability as the only online platform that always uses HSM-to-HSM protection time after time, for identity verification, communications, data integrity and switching services. The VeroGuard Platform offers a solution for organisations operating roads and transport CI that begins with indisputable proof of identity for all online and digital communications. The VeroGuard Platform is the only platform available anywhere in the world that can guarantee defence certified identification security for both people and machines over open networks. How does the VeroGuard Platform do this? The VeroGuard Platform does this as follows: by using VeroMods to provide host connections into the VeroGuard Platform, effectively providing point-to-point connection over open networks; user access is provided with permission verified by the VeroGuard Platform before a user is able to access networks, devices and data, machine to machine connections are verified in the same way with the digital identity provided by the VeroMod; all VeroGuard HSM-to-HSM connections are protected using elliptic-curve Diffie–Hellman encryption set for post quantum protection, with a DUKPT (Derived Unique Key Per Transaction) key management protocol, meaning that the keys are derived within the HSM and there is no possibility of the keys being intercepted or stolen; and each time a connection is initiated, a new set of encryption keys are generated. Essentially, once deployed the VeroGuard Platform creates a virtual airgap for a connected asset environment.  Access is controlled via the irrefutable identity provided by the platform and communications from devices or nodes are encrypted via the impenetrable security of the HSM-to-HSM technology core to the success of the platform. The VeroGuard Platform is the next generation of platform to secure connected systems, machines and data. The VeroGuard Platform ELIMINATES credential and identity compromise on open networks to act as the core of any zero-trust deployment. Any company migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications or looking to secure their supply chain should assess the VeroGuard Platform. There is an opportunity to harness the VeroGuard Platform now to build a safe and secure digital ecosystem for CI companies internally, as well as for its infrastructure and for each of its suppliers, contractors and users.

  • Critical Cyber Security for IoT in Transport and Logistics

    IoT ecosystems are replacing legacy telematics solutions to help solve some of the most critical problems commercial fleets face today. In fact, digital transformation in Transport and Logistics (T&L) has significantly improved upstream and downstream facets across the entire industry and created unprecedented efficiencies. However for T&L companies, major corporate assets are both connected online and constantly on the move, shifting the organisations security perimeter to the fleet asset – a distinct differentiator from many other industries going through the same digitalisation process – and exposing organisations to a greater extent to the potential of cyberattack. There are multiple reasons for the increased threat. For one, the expanded use of technology, which opens new communications and wireless channels that are connected directly to T&L companies’ digital ecosystems, is a soft target for hackers. Another is the fact that T&L suffers from lagging cyber regulations and standards, inadequate cybersecurity awareness – the impact heightened by a shortage of cyber-defence talent. Although other aspects of the T&L industry are highly regulated in many regions, and despite the sector’s global operations (or perhaps because of them) regulators have not been able to agree on a set of suitable T&L cybersecurity standards. Further, as many of the devices and sensors on connected vehicles are similar to those deployed in other operational industries – commonly termed Operation Technology (OT) – T&L is not immune from the numerous cybersecurity issues plaguing OT across manufacturing, energy and utilities. The impact of a cyberattack can be costly and disruptive to operations, and has the potential to create further liability, particularly when sensitive customer data is breached. The more connected systems become, the larger the respective attack surface becomes and the more attractive they become as targets for cyberattacks. In 2022 we have seen international cyber security agencies (including Australia) issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of new OT specific malware, as well as the disclosure of a growing list of OT vulnerabilities. A different approach is required to combat these persistent and growing threats. VeroGuard’s technology maintains network integrity for any devices when connected to open networks. Providing un-phishable MFA for access to networks and devices and strong post quantum level data encryption for device communications, T&L companies can continue to accelerate digital transformation plans by providing a certified virtual airgap between the fleet asset and open internet connectivity. VeroGuard is the only platform worldwide to have Common Criteria certification for access on open networks, meaning it has been verified by the Australian Cyber Security Centre (ACSC) for use in Defence and other government departments with high assurance requirements for online access. Background The T&L industry continues to face an expanding cyber threat landscape which presents a substantial challenge to operations.  While some industry participants have been working to develop standard practices to bolster cybersecurity among carriers, mechanics and truck manufacturers, there remains a significant gap between proposed standards and any implementation – especially when considering existing fleets. Moreover, hackers are increasingly attempting to steal data stored in networks that are critical to the T&L industry’s modernisation and growth. These networks enable digital improvements like automated ordering, shipment tracking, and access to account information. While extremely valuable, such customer initiatives require access via online platforms, phone apps, and other mobile devices, which are among the most insecure channels. But the threat goes beyond data and information. With trucks becoming more modernised, it’s possible to hijack certain processes within them. A study by the University of Michigan highlights the alarming possibilities. Researchers were able to hack into a vehicle’s diagnostic port, manipulate the readouts from the instrument panel, force the truck to accelerate, and even disable part of the truck’s braking system. There’s a sensor for that It is common for organisations to track the location of their fleets, and now also the real-time performance of their trucks and drivers. The average truck today is connected to a huge number of devices generating the data needed for logistics companies to run smarter and more efficiently. While this translates directly to cost savings, better governance and OH&S outcomes, the downside to this is that it has exposed a series of technology shortcomings and made the industry extremely vulnerable to cyberattacks. Every sector of the industry—including maritime, rail, trucking, logistics providers, and package deliverers—is affected. Complicating matters further, “insecurity by design” remains very relevant in OT and IoT systems, which is why a shift in security infrastructure to account for open network connectivity and all the variables it presents is so necessary. Insecure by design vulnerabilities abound evidenced by a recent investigation by Vedere Labs which found 56 vulnerabilities affecting 10 major vendors. Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of devices, bypass authentication, compromise credentials, cause denials of service or have a range of operational impacts. While the devices in this study are not focussed on T&L it is not hard to see how a small change in focus for cybercriminals could lead to similar attacks focussed on this sector. It is not appropriate to simply embrace the cybersecurity operations from existing IT practices. While IT network and operating system patching and identity management practices are well established, the ability to manage fleet devices and systems in the same manner is not as straight forward.  The T&L industry is faced with the need to continue with the rapid adoption of digital transformation and cloud computing to maintain competitiveness in an ever more challenging market. This represents a step change in work practices for the sector, in that trucks and onboard sensors were never originally deigned to be connected to the internet, and new models for cyber security are required. Some of the key mitigation strategies (aside from patching, monitoring, training and awareness – these are all “after the fact” activities and not prevention) in every advisory are to: 1.     Require multi-factor authentication for all access 2.     Implement and ensure robust network segmentation between fleet assets and corporate networks to limit the ability of malicious cyber actors to pivot from a compromised supply chain to the fleet asset and potentially to your IT network. 3.     Implement strong machine identity and encrypted communications for connected fleet assets over open networks. It is important to note that without strong Identity and Access management control over any additional tools, the criminals will find a way through.  This is on ongoing occurrence online with bad actors simply bypassing second factor authentication (2fa) and detection software. There have been attacks where 2fa applications and VPN’s themselves were used as the vectors for successful breaches. A New Approach The VeroGuard Platform offers a unique solution to securing connected environments, by providing secure Identity and Access Management controls, virtual network separation, data encryption and flow control.  VeroGuard’s products have Common Criteria (CC) certification (defence level security) and can be quickly and cost effectively deployed to legacy, new and hybrid environments. The platform was specifically designed for protecting identity, access and data on the open internet and works by inserting an HSM between the device being accessed and the network connectivity delivering an impenetrable defensive layer for online protection. When initiating connectivity, the inline HSM must connect to and verify itself with the platform HSM, which then creates a secure encrypted tunnel using hardware derived keys and encryption protocols for data flows and any user verification needs. HSM-to-HSM verification and communication is not new – however until now they have been expensive and limited to terrestrial connection. Two-way HSMs are utilised in banking (e.g.: ATM’s, Eftpos) and military systems around the globe for securing critical communications. Typically, the technology is used in guided missile control where it is crucial that command messages cannot be decrypted, or the command plane hijacked. VeroGuard brings this mutual two-way hardware verification for use in OT environments, at scale and without the high cost. Form factors include the VeroCard HSM for humans, and the VeroMod HSM for machines/devices. The VeroCard HSM enables users to be verified to access networks, applications and devices authenticating via the combination of the specific users VeroCard and their secret PIN. Every login attempt is verified by the secure connection back to the VeroGuard Platform. The VeroMod IoT Shield is a commoditised Hardware security module (HSM) which connects inline and creates a “virtual air gap” between the device and any connectivity. VeroMod IoT Shield brings HSM-to-HSM technology for verification and encryption to any device. This guarantees access requests to and from all machines and provides the highest level of encryption to all data in transit. VeroGuard is unmatched for security and scalability as the only online platform that always uses HSM-to-HSM protection time after time, for identity verification, communications, data integrity and switching services. The rapid adoption of technology presents universal concerns for service providers: Increased digital services/devices and interconnectivity between systems means an increased attack surface for cybercrime. Rapid rise in data volumes, flows and complexity of management means increased opportunities for identity breaches Transitioning from legacy systems and navigating the complexity of hybrid environments Complex layers for identity and security become more costly with many mixed environments Expansion of stakeholders and associated integration requirements (suppliers, citizens, 3rd party providers, businesses). VeroGuard Systems offers a solution that begins with indisputable proof of identity for all online and digital communications. It is the only platform available anywhere in the world that can guarantee defence certified identification security for both people and machines. By providing host connections into the VeroGuard platform the VeroMod effectively provides point-to-point connection over open networks. User access is provided with permission verified by the VeroGuard platform before being able to access networks, devices and data. Machine to machine connections are verified in the same way with the digital identity provided by the VeroMod. All VeroGuard HSM-to-HSM connections are protected using  elliptic-curve Diffie–Hellman encryption set for post quantum protection, with a DUKPT (Derived Unique Key Per Transaction) key management protocol meaning that the keys are derived within the HSM and there is no possibility of the keys being intercepted or stolen. Each time a connection is initiated a new set of encryption keys are generated. There is an opportunity to harness this technology now and build a safe and secure digital ecosystem for T&L companies, their suppliers and contractors. How can this technology be harnessed to benefit the Transport & Logistics Industry? Credential compromises remain one of the largest reasons for breaches of systems, as well as one of the most easily preventable with the appropriate system infrastructure. The next generation of IoT systems must be designed with identity and data security at their core – but changing out infrastructure is costly and slow. To stay ahead of the curve and defend against the threats outlined in the introduction, the next generation of T&L system architecture must include: A unified platform to reduce the complexity of layers of technology built up over decades A cybersecurity platform architecture that is identity centric - purpose built for protection over open networks A digital identity that is robust, tethered to the user, re-usable in many places and can’t be tampered with Machine/human identity and communications that cannot be breached or compromised A solution that can be readily retro-fitted to existing networks and fleet assets An identity layer that facilitates hyper convergence of IT and IoT functions to simplify and reduce costs rather than duplicating across networks and participants Privacy controls and low friction interfaces for users Essentially, once deployed VeroGuard creates a virtual airgap for your fleet asset environment. Access is controlled via the irrefutable identity provided by the platform, and communications from devices or nodes are encrypted via the impenetrable security of the HSM-to-HSM technology core to the success of the Platform. VeroGuard Systems is the next generation of platform to secure connected systems, machines and data. The VeroGuard Platform practically ELIMINATES credential and identity compromise on open networks to act as the core of any zero-trust deployment. Any company migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications, or looking to secure their supply chain should assess the VeroGuard Platform.

  • Critical Cyber Security for Operational Technology

    In the ever more connected world, operational environments and the Operational Technology (OT) controlling them are a new frontline for cyberattacks. Digital transformation driving manufacturing, energy and utilities has created unprecedented efficiencies which have also exposed those organisations to a greater extent to the potential of cyberattack. There are multiple reasons for the increased threat. For one, the expanded use of technology, which opens new communications and wireless channels that are connected directly to companies’ digital ecosystems, is a soft target for hackers. Another is the fact that OT suffers from lagging cyber regulations and standards, inadequate cybersecurity awareness – this impact heightened further by a shortage of cyber-defence talent. With remote operations becoming increasingly commonplace, more and more devices and machines are required to be connected online to maintain a satisfactory level of service delivery. This represents a step change in work practices in that traditional OT devices were never originally designed to be connected to the internet, and therefore new models for cyber security are required.  The impact of a cyberattack can be costly and disruptive to operations, and has the potential to create further liability, particularly when sensitive customer data is breached. With the expanding threat surface and a shrinking available talent pool to deploy the new security posture required, companies using OT must look to new technology to augment the existing network, protect un-patchable devices and uplift the overall identity and encryption architecture of their operating environment. The more connected systems become, the larger the respective attack surface becomes and the more attractive they become as targets for cyberattacks. In 2022 we saw multiple international cyber security agencies (including Australia) issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of new malware, as well as the disclosure of a growing list of operational technology vulnerabilities. VeroGuard’s technology maintains network integrity for legacy and new infrastructure when connected or exposed to open networks. Providing highly phish-resistant MFA for access to networks and devices and strong post quantum level data encryption for device communications, companies can accelerate digital transformation plans by providing a certified virtual airgap between the OT environment and open internet connectivity. VeroGuard is the only platform worldwide to have Common Criteria certification for access on open networks, meaning it has been verified by the Australian Cyber Security Centre (ACSC) for use in Defence and other government departments with high assurance requirements for online access. Background The OT industry continues to face an expanding cyber threat landscape which presents a substantial challenge to operations.  The Australian Government has acknowledged the fact that technology in critical infrastructure environments is key to national security and economic prosperity – as reflected with the amendments to the Security of Critical Infrastructure Act – by introducing financial and criminal penalties for non-compliance.  The problem for all industries using OT equipment is the same attack developed to disrupt the operations of large utilities, can easily find its way into the operational environment of any factory. “Insecurity by design” remains very relevant in traditional OT, and that is why a shift in security infrastructure to account for open network connectivity and all the variables it presents is so necessary.  The past decade has shown that one of the biggest security problems continues to be the lack of basic controls, and attackers have exploited this in practice with the recently discovered malware Industroyer2 and InController/PipeDream.  Insecure by design vulnerabilities abound evidenced by a recent investigation by Vedere Labs which found 56 vulnerabilities affecting 10 major OT vendors. Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of devices, bypass authentication, compromise credentials, cause denials of service or have a range of operational impacts. The most common issues[1] found from internal audits and vulnerability scans include: Unmanaged assets are connected everywhere. Operational systems are deployed with their default credentials unchanged. OT networks that were initially designed to be highly segregated have become flatter than realised. Ports on all kinds of systems in all kinds of remote locations are wide open. OEMs are accessing the machines they sold remotely, and no one is managing this. Disclosed vulnerabilities on old OS’s have never been evaluated for possible patching. The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit. No centralised governance exists for end-to-end security processes and decisions. Identity and credential compromise remain the biggest threat, IBM recently found that 78% of incidents began with a phishing attack (consistent with their 2021 findings).  In fact, we know that 95% of all cyberattacks are on identity and credentials and that over 85% of all breaches involve compromised credentials. That is why the average time to discover and remediate a breach has blown out to over 327 days (IBM Data Breach report 2022). It is not appropriate to simply embrace the cybersecurity operations from existing IT practices. While IT network and operating system patching and identity management practices are well established, the ability to manage devices and systems in the same manner is not as straight forward.  “Patching at will” for example is not always an option for OT devices. Though traditional air gap defences can mitigate against many of the vulnerabilities on devices, switching back to this defence mechanism removes the benefits of connectivity and a new approach is required. Some of the key mitigation strategies (aside from patching, monitoring, training and awareness – these are all “after the fact” activities and not prevention) in every advisory are to: Require phish-resistant multi-factor authentication for all remote access Implement and ensure robust network segmentation between operational and corporate networks to limit the ability of malicious cyber actors to pivot to the OT network after compromising the IT network. Implement demilitarized zones (DMZs), firewalls, jump servers, and one-way communication diodes to prevent unregulated communication between the IT and OT networks. It is important to note that without strong Identity and Access management control over any additional tools, the criminals will find a way through.  This is on ongoing occurrence online with bad actors simply bypassing second factor authentication (2fa) and detection software. There have been attacks where 2fa applications and VPN’s themselves were used as the vectors for successful breaches. [1] Gartner Guide for Operational Technology Security A New Approach The VeroGuard Platform offers a unique solution to securing connected environments, by providing secure Identity and Access Management controls, virtual network separation, data encryption and flow control.  VeroGuard’s products have Common Criteria (CC) certification (defence level security) and can be quickly and cost effectively deployed to legacy, new and hybrid environments. The platform was specifically designed for protecting identity, access and data on the open internet and works by inserting an HSM between the device being accessed and the network connectivity delivering an impenetrable defensive layer for online protection. When initiating connectivity, the inline HSM must connect to and verify itself with the platform HSM, which then creates a secure encrypted tunnel using hardware derived keys and encryption protocols for data flows and any user verification needs. HSM-to-HSM verification and communication is not new – however until now they have been expensive and limited to terrestrial connection. Two-way HSMs are utilised in banking (e.g.: ATM’s, Eftpos) and military systems around the globe for securing critical communications. Typically, the technology is used in guided missile control where it is crucial that command messages cannot be decrypted, or the command plane hijacked. VeroGuard brings this mutual two-way hardware verification for use in OT environments, at scale and without the high cost. Form factors include the VeroCard HSM for humans, and the VeroMod HSM for machines/devices. The VeroCard HSM enables users to be verified to access networks, applications and devices authenticating via the combination of the specific users VeroCard and their secret PIN. Every login attempt is verified by the secure connection back to the VeroGuard Platform. The VeroMod IoT Shield is a commoditised Hardware security module (HSM) which connects inline and creates a “virtual air gap” between the device and any connectivity. VeroMod IoT Shield brings HSM-to-HSM technology for verification and encryption to any device. This guarantees access requests to and from all machines and provides the highest level of encryption to all data in transit. VeroGuard is unmatched for security and scalability as the only online platform that always uses HSM-to-HSM protection time after time, for identity verification, communications, data integrity and switching services. The rapid adoption of technology presents universal concerns for service providers: Increased digital services/devices and interconnectivity between systems means an increased attack surface for cybercrime. Rapid rise in data volumes, flows and complexity of management means increased opportunities for identity breaches Transitioning from legacy systems and navigating the complexity of hybrid environments Complex layers for identity and security become more costly with many mixed environments Expansion of stakeholders and associated integration requirements (suppliers, citizens, 3rd party providers, businesses). VeroGuard Systems offers a solution that begins with indisputable proof of identity for all online and digital communications. It is the only platform available anywhere in the world that can guarantee defence certified identification security for both people and machines. By providing host connections into the VeroGuard platform the VeroMod effectively provides point-to-point connection over open networks. User access is provided with permission verified by the VeroGuard platform before being able to access networks, devices and data. Machine to machine connections are verified in the same way with the digital identity provided by the VeroMod. All VeroGuard HSM-to-HSM connections are protected using  elliptic-curve Diffie–Hellman encryption set for post quantum protection, with a DUKPT (Derived Unique Key Per Transaction) key management protocol meaning that the keys are derived within the HSM and there is no possibility of the keys being intercepted or stolen. Each time a connection is initiated a new set of encryption keys are generated. There is an opportunity to harness this technology now and build a safe and secure digital ecosystem for companies, their suppliers and contractors. How can this technology be harnessed to benefit the Industry? The focus of cyber security for Operational Environments is to support the health and safety, reliability and resilience, even in the event of a cyber-attack. Credential compromises remain one of the largest reasons for breaches of systems, as well as one of the most easily preventable with the appropriate system infrastructure. The next generation of connected OT systems must be designed with identity and data security at their core – but changing out infrastructure is costly and slow. To stay ahead of the curve and defend against the threats outlined in the introduction, the next generation of T&L system architecture must include: A unified platform to reduce the complexity of layers of technology built up over decades A cybersecurity platform architecture that is identity centric - purpose built for protection over open networks A digital identity that is robust, tethered to the user, re-usable in many places and can’t be tampered with Machine/human identity and communications that cannot be breached or compromised A solution that can be readily retro-fitted to existing networks and fleet assets An identity layer that facilitates hyper convergence of IT and IoT functions to simplify and reduce costs rather than duplicating across networks and participants Privacy controls and low friction interfaces for users Essentially, once deployed VeroGuard creates a virtual airgap for your fleet asset environment. Access is controlled via the irrefutable identity provided by the platform, and communications from devices or nodes are encrypted via the impenetrable security of the HSM-to-HSM technology core to the success of the Platform. VeroGuard Systems is the next generation of platform to secure connected systems, machines and data. The VeroGuard Platform practically ELIMINATES credential and identity compromise on open networks to act as the core of any zero-trust deployment. Any company migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications, or looking to secure their supply chain should assess the VeroGuard Platform.

View All

Other Pages (11)

  • Executive

    Iain has 20 years of experience in business planning, execution of strategy and business growth for large and complex organisations, as well as customer experience improvement programs and cost base transformation. His extensive career includes senior commercial and financial leadership roles working for Global IT firm EDS, Telstra Mid-Market, Small Business & Telstra Country Wide and in FMCG. He holds a CPA and is Company Director accredited (GAICD). Head of Commercialisation Iain Moore As a software architect, Graham has been instrumental in the development of several ground-breaking technologies in the finance and digital security industries. Some notable examples of these achievements include the first ATM reciprocity network in Australia as well as the first stand-alone wireless EFTPOS terminal certified by a bank in Australia. Graham's 35 year career in IT has been characterised by adapting to different areas of technology and the ability to learn quickly in order to develop robust software that can be successfully deployed into a production environment. Principal Architect Graham Farrar Duncan has broad industry experience, having worked in technology, identity and payments projects across the private and public sectors. Prior to joining VeroGuard as the key technical customer interface, Duncan’s experience included 3 years managing the Victorian transport ticketing system (myki) and 7 years in transactional banking at Westpac. Duncan holds a B.Eng (Hons) and Diploma of Project Management Enterprise Architect Duncan Savage Rod has a successful track record in defining, designing and driving profitable product innovation and business change based on an in-depth appreciation of business and technology. Rod’s achievements include the delivery of strategic plans for banking business units, developing an enterprise Sales and Service architecture, leading the development of a global internet payment service, and developing a variety of e-Banking and e-Payment products. Rod holds a BA, BSc, Grad Dip Banking & Finance and GAICD Technical Product Manager Rod Tasker Other Executives Roseanne has over 20 years experience in strategic advisory and investment banking. She has also held CEO, executive and advisory positions in public, private and equity backed organisations. Roseanne is an accomplished Director and Board Chair and is currently a non-executive director with a number of organisations, including the Murray Darling Basin Commission. Roseanne holds a Bachelor of Economics/Arts; and a Master of Business Research (Commerce) and MBA from the University of Adelaide. She also holds a Bachelor of Laws at the University of Adelaide and is a graduate of the AICD (International). Chairman and Non-Executive Director Roseanne Healy Nic is a highly experienced executive with over 30 years of experience in the fields of IT, logistics and identity. He has led one of IBMs global divisions in the role of Vice President for Growth Markets, as well as holding several other key roles over a 25 year career with IBM. These include Vice President Global Financing for Asia Pacific and Managing Director on one of IBM’s largest global accounts -Telstra. Nic has served on a number of IT committees and was Chair of the Australian Information Industry Association for Western Australia. CEO and Director Nic Nuske David is a leading Australian corporate lawyer with extensive experience across a wide range of projects and transactions. Over the course of a 30 year career, he has developed a comprehensive knowledge of corporate law as it pertains to any number of industries. He has held key positions at several pre-eminent firms, including Partner at Allion Partners, Sydney. He has also served as National Head of Corporate at Holding Redlich, amongst other appointments. David is a specialist at mergers & acquisitions, capital management, project structuring and transaction management. Company Secretary and Director David Walker Executives

  • Home | VeroGuard Systems The worlds most secure digital identity platform

    Purpose How Who ​Indisputable proof of identity for all online and digital communications. Bank-to-bank grade security for internet and cloud. ​VeroGuard stops unauthorised access to cyber systems and data. Enjoy complete online confidence with the power of indisputable identity verification. It’s a simple and familiar way to provide absolute protection from digital fraud for all people, devices, transactions and data. Solutions VeroGuard stops unauthorised access to systems and data. ​ Addressing the rapid growth of cybercrime requires new solutions. The power of indisputable identity verification will change the way you think about digital security. Whether you’re looking for increased protection against fraud, the ability to restrict access to data based on identity, or simply a means to lower operating costs, VeroGuard has the solution. People Machines Data Protection Products VeroGuard is a security platform that powers a variety of unique cyber security products. From the most secure portable digital identity solution available to unparalleled cloud-based data security, VeroGuard secures your digital world. Explore the whole range and discover a product to suit your needs. VeroCard VeroMod VeroVault Why VeroGuard VeroGuard is a complete revolution in digital security that stops unauthorised access to systems and data. It is a unique platform built upon a proprietary, globally patented network providing absolute digital security at a level that no other organisation can offer. The identity protection by VeroGuard utilises out-of-band hardware security modules for authentication, encryption and communications at both ends of every online transaction. This technology is based on the most secure digital protection available anywhere. Until now, this non-repudiable technology has been used almost exclusively for interbank and terrestrial defence applications. VeroGuard is the first and only platform to make indisputable verification possible in online use. ​ The global economic impact of cyber crime is devastating, costing $US1 trillion in 2018 alone. This figure continues to escalate with forecasts suggesting that losses will grow to $US6 trillion as soon as 2021. The effect of cybercrime has severe ramifications beyond these economic concerns as well. Approximately 2.5 billion data records were breached globally between 2013 and 2016, a figure which increased to over 11 billion in the following two years. It is evident that existing solutions have not helped to slow this crisis, let alone end it. Identity fraud is the leading cause of economic losses associated with cybercrime. Indisputable verification of online identity is a critical consideration in any response against this threat. News Whitepapers Our Partners VeroGuard Securing Your Digital World Defence Certified Suitable for Every Organisation Find Out More For Government Take control of access to critical systems and data and enjoy the confidence of absolute protection from identity fraud. A privacy-securing, universal digital identity platform for citizens and staff. Find Out More For Corporate ​Eliminate doubt and protect your digital assets with the complete confidence of non-repudiable authentication. The best available digital protection for any corporate application. VeroGuard stops unauthorised access to systems and data.

  • Government | VeroGuard Systems

    Get VeroGuard Government A unified, universal digital identity platform for Government departments accelerates the ability to bring services online for citizens, secures data and improves administrational procedure. Click below to discover how VeroGuard can help to streamline your Government department. ​ ​ ​ For Solutions Cybercrime continues to grow at an alarming rate, becoming a very real problem for the digital transformation of any government department. Such departments are increasingly in need of digital infrastructure, whether it’s Defence, Health, Human Services, Home Affairs or Transit. The only way to continue delivering services in this digital climate is to make them viable for all citizens and employees. That means providing the best possible protection from cyber attack. Machines People Data Protection Purpose Adoption of the VeroGuard digital identity platform enables government departments to be more efficient and effective by providing unified and trustworthy online access. Some immediate benefits include process automation, user enablement, personalisation, enhanced delivery, trusted data for decisions and research and trusted secondary commercialisation of information. ​ VeroGuard stops unauthorised access to systems and data. The time to act is now. Security Online security begins with identification, and nothing less than absolute surety will do. Identity systems have always been based on face-to-face interactions, physical documents and processes. The transition to a digital economy requires radically different identity systems. In a world that’s increasingly governed by digital transactions and data, existing methods for managing security and privacy are no longer adequate. ​ The number of digital-identity dependent transactions is growing through increased use of digital channels. Customers expect seamless service delivery with the most user-friendly experience. Indisputable identity verification by VeroGuard stops unauthorised access to systems and data. Energy The VeroGuard platform offers sophisticated cyber security to meet the substantial demands of the modern energy sector. Absolute digital protection is necessary to maintain constant reliability and resilience, even in the event of a cyber-attack. This presents a unique challenge for the energy sector in that systems under attack cannot be easily disconnected from the network as this could potentially result in safety issues or blackouts. ​ VeroGuard supports grid stability in a cross-border interconnected energy network by verifying the authenticity of machines and humans in and across networks. Developed on .net, VeroGuard is an easy platform to integrate with using API’s that will support both legacy and modern applications. Logistics/Supply Chain VeroGuard provides the complete confidence of a fully integrated, ultra-secure supply chain. As demand increases for efficient delivery of online services, so too does the complexity of supply chains for businesses of all sizes. Every additional link in the supply chain, especially those which are automated, represents another opportunity for data to be compromised. ​ The VeroGuard platform secures each step of the process with non-repudiable identity verification and securely links IoT, business and humans. Moreover, it provides reliable and efficient digital infrastructure that converges multiple functions such as security, identity and payments. This helps to manage existing IT complexity and lower risk as well as increasing the speed of cashflow between suppliers. Defence The unique VeroGuard platform can build capability and a defence level security posture for the Industry. Deployment of VeroGuard’s solution would provide a response to the barriers faced by the defence industry’s contractors, immediately lift industry capability and position them to win and service defence business and improve security throughout the ecosystem. ​ VeroGuard delivers an HSM based secure access platform for all industry members and Defence itself to engage and share resources. In combination with universal, unified HSM based digital identity management and the most secure cloud storage available in the world, VeroGuard can help to build a trusted defence industry ecosystem. Ready to get VeroGuard? Take control of your online and digital operations and experience the confidence of absolute protection from identity fraud. ​ Eliminate the danger of data breaches and minimise expenditure with unique identity management solutions, remote login options and industry leading security for data at rest. A single, unified system can achieve all this and more without the need for expensive infrastructure. There's no reason to leave your assets unprotected - the time to act is now.. Prefer to keep your privacy? Call us and see how we can work together +61 (03) 9558 3090

View All
bottom of page