Distributed Autonomous Energy Organizations  229


              acquisition systems are secured. Part of the challenge is that most cyber-
              security solutions increase cost and reduce functionality in the name of
              integrity, confidentiality, and availability. Blockchain solutions might be
              an exception in that some applications can improve security and optimize
              the ability to exchange and track value. Indeed, some blockchain solutions
              add a layer of cryptography to help track digital transactions, but many
              cyber-security challenges remain for securing complex DAEO. For one,
              the array of vulnerable “things” that make up these environments is often
              designed to prioritize functionality and cost over security. Energy devices
              often lack encryption, basic patch management, secure passwords, and com-
              municate in plain text that can be compromised. Poor source code, vulner-
              able design, and improper configuration have also led to several major IoT
              cyber incidents.
                 Another challenge with securing critical energy infrastructure and
              devices from emerging cyber threats is that public key infrastructure
              (PKI) solutions are often cost prohibitive and not scalable for the encryption
              requirements of IoT environments. Moreover, legacy systems, information
              technology (IT), and operational technology (OT) environments often lack
              the necessary computer processing power to support the deployment of PKI.
              This lack of power is common with analog equipment in substations and
              other critical infrastructures. Moreover, with PKI, a single authority often
              issues and revokes security certificates. If this authority is attacked and its cer-
              tificates are manipulated, all of its users will potentially be vulnerable to
              cyber-attacks. Therefore PKI must continue to evolve to secure IoT envi-
              ronments until a better solution can be scaled up.
                 Blockchain KSI presents a potential path forward. KSI helps preserve the
              integrity of data exchanges and other digital transactions using a mathemat-
              ical algorithm for authentication without the need for trusted keys or cre-
              dentials. KSI authenticates IoT data at scale, in real time, providing
              immutable transaction data without several of the challenges of PKI.
              Fig. 12.5 further describes KSI’s cryptographic hash function, highlighting
              how the hash function can help prove that the machine state integrity of an
              IoT device has not changed, preventing the disclosure of sensitive IoT data
              and providing a cryptographic proof.
                 Researchers at PNNL, Guardtime, the US Department of Energy,
              Washington State University, Avista, Siemens, and the Department of
              Defense–Homeland Defense and Security Information Analysis Center
              are developing a KSI-enabled blockchain solution to help secure distributed
              energy IoT environments, called Keyless Infrastructure Security Solution