In a significant development for Australian cyber security, a collaboration between Tide Foundation, a tech start-up, and RMIT University is translating pioneering research into domestically developed cyber protection. This move aims to bolster the crucial national infrastructure from increasingly frequent cyber attacks.
In the past year, Australia's key infrastructure, encompassing ports, energy grids, and water supplies, reported 143 cyber attacks, a notable increase from the preceding year's 95 incidents.
This escalation concerns the Federal Minister for Cyber Security, Clare O'Neil, who recently disclosed that 168 of the country's critical assets would now demand an intensified focus on cyber security. This figure is nearly double the 87 assets deemed national systems of significance.
This response is in light of a progressive, mathematical breakthrough that allows system access permissions to be dispersed subtly and securely throughout a network, eliminating the concept of a single weak spot.
The innovative technology, termed 'ineffable cryptography', provides a fundamentally different approach to cyber security for critical infrastructure, often susceptible to hacking due to its outdated systems and interconnected nature.
Tide and RMIT mathematicians recently detailed this technology in a joint study, pre-published online by arXiv. Research leader Dr Joanne Hall from RMIT's School of Science attributes the breakthrough to a blend of expertise encompassing mathematics, cryptography, computing, technology and business insights.
This collaborative effort has birthed a prototype access control system, designated as KeyleSSH, specifically for critical infrastructure management. The system has undergone successful testing with numerous companies.
Michael Loewy, Co-Founder of Tide Foundation, expressed dissatisfaction with traditional password-protected approaches, consistently proving insecure, overpriced and frequently overcomplicated for users. Tide's 'ineffable cryptography' employs decentralised networks of independently operated servers, each holding a part of the key. Thus, no one can access the full keys or the assets they unlock, providing an improved solution by rendering the sought-after keys invisible on the network.
According to Loewy, the keys become impossible to misuse, lose or steal through this decentralised approach, establishing no individual point of failure or compromise. Moreover, the practical applications of this technology extend beyond cyber security for critical infrastructures to secure identities, health information, and privacy in AI applications and financial systems.
Together, culminating over a three-year collaboration period, Tide and RMIT have scientifically validated this technology. The collaboration has involved RMIT's Chief Information Security Officer, leading mathematicians, cybersecurity experts, and a group of promising cybersecurity students. These students provided the support of RMIT Cloud Innovation Centre and RMIT's AWS Cloud Supercomputing Hub (RACE), have worked collectively to test the technology's proficiency in tackling security challenges related to critical infrastructure.
The RACE Director, Dr. Robert Shen, shed light on a specific student project, KeyleSSH, emphasising how it successfully integrated the Tide technology with SSH, a method for remote infrastructure management.
Further validation of the technology's potential came from the Australian company Smart Building Services (SBS) Digital. The Chief Technology Officer, Jonathan Spinks, believes integrating Tide's decentralised solution would make the access controls in SBS Digital's Netstream utility platform virtually invulnerable to tampering. As entities responsible for service vital infrastructures like airports and utilities are often scrutinised, such a development would demonstrate their secure, reproach-free practices.
The collaboration signals a crucial stepping stone for RMIT, empowering its researchers and industry peers with the necessary tools to bolster operational efficiency and speed up innovation. Furthermore, this project showcases the potential to tackle cybersecurity challenges for critical infrastructure like never before.