Blockchain Based OT Monitoring Solution (BBOTMS)

By Asif Hameed Khan , Gagan Jattana on 07 Oct 2020 @ Rootcon
📊 Presentation 📹 Video 🔗 Link
#ics #blueteam #decentralized-systems #cyber-physical-systems #operational-technology #incident-management #industrial-control-systems
Focus Areas: 🛡️ Security Operations & Defense , ⛓️ Blockchain Security , 🚨 Incident Response , 🏭 Industrial Control Systems Security

Presentation Material

Abstract

Industrial Control Systems (ICS) are no longer an Isolated system. Industrial Control Systems (ICS) are having internet connectivity capabilities. The rise of IIoT/Industry 4.0 has opened the gateway for an adversary to attack the OT environment. The last decade has shown tremendous growth of cyber-attacks on OT/ICS environments ranging from Stuxnet malware to Industroyer, Shamoon, and Triton SIS devices compromise to name a few. As the cyber-related issues are rising, it is necessary to build threat detection and monitoring capabilities for an enterprise to detect and respond to sophisticated cyber threats. This work presents a novel approach for robust monitoring of OT/ICS environment based on the blockchain technology.

AI Generated Summary

The talk presents a blockchain-based operational technology (OT) monitoring solution, termed BB OTMS, designed to address deployment challenges inherent in conventional OT security monitoring systems. Traditional OT monitoring solutions, often integrated with enterprise IT networks (e.g., SIEM), require constructing parallel networks, increase IT/OT connectivity, introduce third-party risk, and create operational gaps between IT and OT teams responsible for incident response.

The proposed architecture eliminates direct connectivity between IT (Purdue levels 4-5) and OT (levels 0-3) environments. Instead, it establishes a separate, decentralized blockchain network—implemented using Hyperledger Fabric—to which both IT and OT stakeholders are granted secure, auditable access. This design leverages core blockchain properties: decentralization removes single points of failure, immutability ensures tamper-proof forensic logs and asset data, and transparency enables secure, authenticated interactions without a central authority. The system functions as an intermediate network for monitoring, bifurcating the traditional IT-OT data flow.

Key benefits include secure third-party vendor access, a robust and immutable cyber threat intelligence database, enhanced network forensics, and reduced attack surface by minimizing direct IT/OT integration. The approach is also applicable to SCADA-specific monitoring. Challenges remain regarding blockchain’s inherent limitations in scalability, processing overhead, and security configuration. While hashgraph is noted as a potentially faster alternative, its patented nature and integration difficulties make it less suitable for this context. The solution assumes a securely configured genesis block and proper privilege management within the blockchain network.

Disclaimer: This summary was auto-generated from the video transcript using AI and may contain inaccuracies. It is intended as a quick overview — always refer to the original talk for authoritative content. Learn more about our AI experiments.