Defence recently received several high-level briefings from UK cybersecurity company Goldilock Secure with a focus on their unique and patented non-IP, hardware-based solution for remote connection and disconnection within seconds.
As briefed by Goldilock’s founder Tony Hasek to Defence Science and Technology Group (DSTG), Joint Capabilities Group and the Defence Digital Group, the company’s Drawbridge flagship cybersecurity solution operates on the counterintuitive yet highly effective principle that the only thing that is safe on the internet is, paradoxically, something that is not on the internet.
Accompanied by General (R’td) Sir Christopher Deverell, a former head of the UK Joint Forces Command and now Goldilock’s strategic adviser for defence, Hasek later explained to ADM how Drawbridge provides a physical connection and disconnection mechanism allowing organisations to effectively act almost immediately as an internet-independent kill-switch or isolator.
Goldilock-developed Dynamic Physical Network Segmentation (DPNS) technology allows users to issue an authenticated remote non-IP command to instantly and physically isolate and ring-fence systems anywhere on the globe without relying on the internet or software protocols.
“The beauty of the technology and the philosophy is very simple and took about two years to work out; now we have several different ways of triggering this process which are covered under our patent, so essentially we’re the only company in the world that can do this,” Hasek stated.
“We have non-IP-enabled satellite communication and we’re also working on longer-range radio frequencies. Any signal can be detected but of course it’s no good to you unless you understand the content and even if you do, it’s a one-time password to the device.”
“In the time it takes to send an SMS, Drawbridge physically breaks your attack surface. Red teams hate us because unlike firewalls and other border controls that are always visible and susceptible to misconfigurations, there is nothing to attack. When Goldilock Drawbridge is enforcing its air gap, we are True Dark.”
“It’s not 100 per cent certain to be impenetrable but it’s pretty close to it. And there are levels of encryption in that radio signal, so it’s well-encrypted at either end.”
In addition to defence entities, critical national infrastructure was also showing strong interest in the system – water, gas, electricity, health “those things which become society-crippling if they’re taken down,” Hasek said.
“Security wasn’t really a factor in previous generations, the important thing was availability, and now people have realized vital utilities are very vulnerable to attack so they’re very interested in the technology.”
According to CISO and Australian General Manager Shane Read, Goldilock is not a replacement technology; rather value added to security technology already in place.
“If there’s a compromise or a breach this gives Defence or a subagency the ability to go dark to stop an attack coming any further.
“The technology can also be used for the protection of critical data. We don’t need that critical data exposed 24/7, we may just need that up at certain points in time. It could be a whole ship, or something within the Defence intelligence community, it might be databases around the world – they may need to be online only for a set period to allow for data exchange or update.”
Hasek pointed out that the Drawbridge device, in which each fibre-optic port in the circuit board is equipped with actuators which can physically connect or disconnect network ports on-demand, can be connected to any point in a network that requires additional protection without any complex network or data segregation.
“Our system turns up in a box and it’s very easy to integrate into a system. It’s very software light, there’s some logic that’s programmed into it and an administration portal that is also resident on the machine itself because it’s not exposed to the internet,” he explained.
Goldilock has won two funding rounds from the UK DoD’s Defence and Security Accelerator, which said in April that the technology had “won attention from commercial organisations, various branches of the (UK) DoD, US DoD, (UK) Cabinet Office, NATO, and Ukrainian Cyber Command, where the innovative technology is being utilised.”