Operant has developed the first Secure Access Service Edge (SASE) solution focused exclusively on energy Operational Technology (OT).
SASE is widely utilized within the context of IT networks to combine security and networking into a single, scalable, cloud-based platform. OT networks are used in industrial settings to connect machines and their respective controls systems (electric grid, manufacturing equipment, etc.). There are several key factors driving the development of a SASE solution for OT:
Exponential growth in the number of edge devices with varying ages, bandwidth and computational power
OT data and communications are often local and not exclusively cloud-oriented
Remote device connectivity is expensive and network connectivity intermittent
Secure and resilient communications can be a critical safety issue resulting in loss of life if not reliable
Operant mitigates these factors while simultaneously delivering cost savings by reducing the number of devices required and diagnosing problems quickly (eliminating the need for an IT SWAT team).
Operant’s SASE solution leverages Named Data Networking (NDN) to achieve resiliency, security, and observability. NDN enables secure end-to-end communications without depending on the security of the underlying communication channels. Operant also applies Zero Trust Architecture (ZTA) principles to each individual data packet for an additional level of security without impacting overall network performance.
What is SASE?
SASE (pronounced ‘sassy’), or Secure Access Service Edge, is a framework coined by Gartner in 2019 which combines security and networking into a single, scalable, cloud-based platform that fits well in a world in which employees work from home and access cloud-based applications and services. SASE is not one single concept, but a cluster of related technologies in a unified architecture to reduce cost and complexity while increasing security.
SASE is utilized largely within the context of IT networks; in that it applies to the very broad world of business data processing and the wide-ranging use of the internet. SASE for IT networks primarily supports humans working from home and the corporate use cases of connecting cloud-based business applications with human-centric devices (laptops, mobile phones, etc.).
SASE for Energy
In contrast, Operational Technology (OT) networks are used in industrial settings to connect machines and their respective controls systems (electric grid, manufacturing equipment, etc.).
Along with the exponential growth in the number of edge devices, the same evolutionary trends towards decentralization and digitalization are being replicated in OT networks. However, there are three important differentiating factors:
Named Data Network (NDN)
Operant’s SASE solution is built using Named Data Networking (NDN), which represents a fundamental paradigm shift that solves the most persistent problems in today's network communications, in particular: resiliency, security, and observability. NDN enables secure end-to-end communications without depending on the security of the underlying communication channels; data is always secured regardless of whether it is in flight or at rest.
NDN focuses on individual data packets versus traditional ‘sessions’. Each packet is named, secured, and immutable and can be delivered along any link that can deliver bits, either stored or processed by computational algorithms. This enables applications to reliably achieve data confidentiality, integrity, and availability (CIA). Additionally, NDN brings a crucial advantage to secure networking; by enabling users and applications to express policies that define the authority of each secure certificate within the application namespace.
“Game Changing” Cybersecurity
In 2021, the US Department of Energy published the Solar Futures Study report calling Operant's technology potentially “game changing” in the category of cybersecurity solutions required to transition the US electric grid to distributed renewables, while also protecting national security.
Zero Trust Architecture (ZTA) is a large subject area, perhaps bordering on a philosophy, that is driving significant and ongoing shifts in the network security community.
Though Operant’s technology was developed before ZTA became an industry buzzword, it is based on ZTA principles and is customized specifically for industrial control systems.
Operant applies Zero Trust Architecture (ZTA) principles to each individual data packet without impacting overall network performance using the following attributes:
Each data packet is signed by a fundamental identity based on public key cryptography and validated by the trust chain.
Fine-grained trust policies define specifically which network entities are trusted to perform what actions, and which key should be used for each purpose.
Managing and Deploying Security
Keys and certificates are securely and seamlessly deployed within the network as with any data packet.