Critical Infrastructure

Operator location-bound access for SCADA and control systems.

Industrial control systems and SCADA environments assume that operators act from physically secured control rooms. Credentials alone do not enforce that assumption cryptographically. GFAE provides a mechanism to bind key derivation to approved control-room polygons, maintenance time windows, and registered operator terminals, converting an operational assumption into a cryptographic constraint.

Control system access problem

Where the physical security boundary is not cryptographically enforced

Control-Room Access from Unconstrained Locations

SCADA and industrial control systems are designed to be operated from specific, physically secured control rooms. When operator credentials are valid from any network location, including from remote access sessions on unmanaged endpoints, the physical security boundary of the control room provides no cryptographic protection. Credential theft or insider threat at any network point becomes equivalent to control-room presence.

Remote Maintenance Window Abuse

Scheduled maintenance windows create temporary elevated-access periods for engineers. If these windows are enforced only at the application or network policy layer, they are vulnerable to session hijacking, credential theft, and policy bypass. A maintenance window that cannot be expressed as a cryptographic time constraint is a time-bounded vulnerability, not a time-bounded permission.

Multi-Site Polygon Enforcement

Operators responsible for multiple sites, substations, pumping stations, control nodes, may require access from any one of several authorised control facilities. Access control logic that grants broad network access to support multi-site operations creates an expanded attack surface. Per-site polygon binding that allows only the correct site at any given access event is a structural improvement.

How GFAE fits

Converting operational assumptions into cryptographic constraints

Key derivation restricted to approved control-room sites

SCADA operator session keys are derived using the GNSS signal context of the authorised control room as a cryptographic input. An operator credential used from outside the control-room polygon, including from a remote desktop session on a geographically unrestricted network, cannot re-derive the working session key.

Maintenance window time constraints

Scheduled maintenance access windows are encoded as temporal constraints in the GFAE key derivation pipeline. The elevated-access key material becomes underivable outside the scheduled window. This constrains the exploit window for any stolen credential used during a maintenance period.

Multi-site polygon model

GFAE supports multiple polygon definitions per access policy. An operator authorised for three specific substations can be issued keys that require the GNSS context of one of those three polygons, with each polygon independently validated at key derivation time. Access from outside all three approved sites fails.

Scope and responsible disclosure note

Important, read this section

This page describes technical applicability concepts only. No attack instructions, exploit paths, specific infrastructure vulnerabilities, or operational security weaknesses of any named or identifiable infrastructure operator are disclosed or described on this page or anywhere on this website.
GFAE has not been deployed in any critical infrastructure environment. No CNI operator, National Grid entity, water utility, or industrial operator has been engaged, and no operational systems have been evaluated, tested, or modified.
Operational and physical security remain independently required. GFAE addresses one specific layer, cryptographic key derivation binding. It does not replace network segmentation, physical perimeter security, operational security procedures, or regulatory compliance requirements (e.g. CAF, IEC 62443, NIS2). All of these remain necessary alongside any cryptographic access control layer.
GNSS signal availability in industrial environments. Control rooms located underground, in RF-shielded facilities, or in signal-attenuated industrial buildings may require supplementary positioning solutions. This must be evaluated for any specific deployment site.

Evaluating GFAE for critical infrastructure access control?

Technical briefings under NDA are available for qualified infrastructure operators, CISOs, and national security evaluators.

Request a Briefing

Operator location-bound access for SCADA and control systems.

Scope and responsible disclosure note

Important, read this section

This page describes technical applicability concepts only. No attack instructions, exploit paths, specific infrastructure vulnerabilities, or operational security weaknesses of any named or identifiable infrastructure operator are disclosed or described on this page or anywhere on this website.
GFAE has not been deployed in any critical infrastructure environment. No CNI operator, National Grid entity, water utility, or industrial operator has been engaged, and no operational systems have been evaluated, tested, or modified.
Operational and physical security remain independently required. GFAE addresses one specific layer, cryptographic key derivation binding. It does not replace network segmentation, physical perimeter security, operational security procedures, or regulatory compliance requirements (e.g. CAF, IEC 62443, NIS2). All of these remain necessary alongside any cryptographic access control layer.
GNSS signal availability in industrial environments. Control rooms located underground, in RF-shielded facilities, or in signal-attenuated industrial buildings may require supplementary positioning solutions. This must be evaluated for any specific deployment site.