Cyberattacks. Their threat has never been greater, but awareness of how to protect against them has never been higher. Anyone who uses a computer or smartphone knows that unless they take steps to secure their device, they may be vulnerable to these attacks.
What is not as well known is that critical infrastructure can be just as vulnerable to cyberattacks as personal devices. Power grids, fuel pipelines and water and sewage apparatuses are all operated by digital systems, and the effects of a malicious actor in the cyber domain compromising these systems can be catastrophic.
Now, a new, groundbreaking solution called Project BlastWave is being tested by the 52nd Civil Engineer Squadron at the base’s water treatment facility. Project BlastWave now provides all-encompassing cyber security for infrastructure at Spangdahlem, but its scope may potentially expand to installations across the Department of Defense.
The BlastWave solution was founded in 2017 and pitched to the 52nd CES in December 2022. Fifteen months later, Spangdahlem Air Base is now the first DoD installation ever to test Project BlastWave as a protective method for its critical infrastructure.
“Spangdahlem is unique. There are approximately 14 Air Force installations that have their own water treatment capabilities within a water treatment plant”, said Master Sgt. James Porter, 52nd CES Operations Engineering superintendent. “We are the sole military operated wastewater treatment facility in the Air Force.”
Project BlastWave is a zero-trust, cyber security program that unites five entities to deny any software, internet connection or person access to the digital components of industrial control systems. The zero-trust alliance is aligned to a DoD-directed policy that only allows certain groups to gain access to critical infrastructure systems, protecting them from potential intrusions or attacks.
The BlastWave Zero Trust Alliance installed the hardware and software onto Spangdahlem’s servers.
In an industrial control system, such as water treatment plants where the controls are fully automated, there are various “forever vulnerabilities” within the infrastructure. Project BlastWave protects these forever vulnerabilities.
“Project BlastWave takes all of the computer signals then protects all of the forever vulnerabilities,” said Porter. “If someone was trying to attack our system through ransomware or cyberattack, they can’t find the forever vulnerabilities. It essentially makes them invisible. It cloaks them.”
Even if an attacker finds their way into the system, Project BlastWave thwarts any efforts before they cause catastrophic damage. This is accomplished through a process called microsegmentation, in which components are isolated from one another on the digital footprint.
Artificial intelligence ignores the attack command from the adversary and then the system tracks back the source of the intrusion, attack vector and possible location of the adversary. It immediately reports the irregularity to the system managers and rejects the changes unless an operator manually allows it, adding an extra layer of protection by requiring a human element of approval.
The pilot program was funded by the Zero-Trust Portfolio Management Office at the DoD for $267,000. The Project BlastWave pilot portion became fully operational at Spangdahlem AB on Dec. 19, 2023.
The Project BlastWave pilot program at Spangdahlem targets 32 of 91 targets policies directed by DoD Executive Order 14028 “Improving the Nation’s Cybersecurity”.
Project BlastWave’s end goal is to not only protect industrial controls, but also infrastructure in the cyber security realm. As the Project BlastWave technology continues to upgrade and become more widespread, this zero-trust system helps ensure the safety of critical control systems for water and wastewater infrastructure across the 52nd FW.
Date Taken: | 03.15.2024 |
Date Posted: | 03.21.2024 09:22 |
Story ID: | 466736 |
Location: | SPANGDAHLEM AIR BASE, RHEINLAND-PFALZ, DE |
Web Views: | 74 |
Downloads: | 0 |
This work, Spangdahlem AB becomes first DoD installation to implement BlastWave cyber security solution, by 2nd Lt. Madison Sommers, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.