Home/Critical Infrastructure

Solution

When systems must not fail, secrets must not exist.

Energy, utilities, transport, and public services are becoming more connected and automated, and the attack surface is expanding faster than the defences. Lokblok® removes the stored secrets that make critical infrastructure attackable.

The Core Problem

Critical infrastructure isn't attacked like normal systems.

Attackers targeting critical infrastructure don't just steal data. They disrupt operations, disable systems, and manipulate controls. And they do it by targeting the same thing every time: stored secrets. Even the most advanced security frameworks rely on stored encryption keys, credentials, and vaults. Which means keys can be stolen, credentials can be phished, and recovery paths can be exploited.

  • Stored encryption keys in OT/SCADA systems
  • Credentials and access tokens at rest
  • Admin-level override capabilities
  • Recovery backdoors that can be exploited
  • Single points of failure across critical systems

Regulatory Alignment

Lokblok® aligns with and exceeds requirements across:

  • NCA ECC / OTCC frameworks
  • NIST SP 800-57 key management
  • ISO 27001 cryptographic controls
  • FIPS 140-3 Level 3
  • NIS2 Directive (EU)

THE PROBLEM WITH CURRENT MODELS

Every existing approach still relies on the thing attackers target.

As implemented today

Zero Trust

  • Still relies on credentials
  • Still depends on identity providers
  • Still has recovery backdoors

Hardware security modules

HSM / Vault

  • Keys still exist inside systems
  • Admins still have recovery capability
  • Insider threat remains viable

ECC, NIST, ISO frameworks

Operational Controls

  • Assume secrets must be stored
  • Focus on reducing exposure
  • Cannot remove the underlying risk

The Lokblok Model

Zero Standing Secrets

Lokblok removes the root cause: persistent secrets. With Phantom Secrets™, there are no keys stored in systems, no credentials at rest, no recovery backdoors, and no admin-level override. Keys are reconstructed only when needed, inside secure hardware, when identity and policy are verified, then destroyed immediately.

No keys stored in systems
No credentials at rest
No recovery backdoors
No admin-level override
Keys reconstructed only inside secure hardware
Destroyed immediately after use

WHAT THIS CHANGES

Three fundamental shifts in how security works.

DefenceElimination

No secrets means no target. You cannot steal what does not exist. Attackers lose their primary leverage point entirely.

DetectionPrevention

Attacks fail because nothing exists to exploit. There is nothing to detect after the fact: the attack surface itself is removed.

TrustVerification

Every action is cryptographically enforced. No implicit trust, no privileged insiders, no assumed integrity: every operation is proven.

CRITICAL INFRASTRUCURE USE CASES

Zero Standing Secrets. Nothing to steal at rest.

Energy & Utilities (OT/SCADA)

Secure command signing with no persistent control keys. Protection against remote takeover through ephemeral key reconstruction inside certified hardware.

Transport Systems

Verified control signals with multi-party approval for critical actions. No single point of compromise: every operation requires identity, policy, and device verification.

Government & Public Services

Secure inter-agency workflows with identity-bound approvals. No centralised credential risk. Operators cannot act alone on critical systems.

National Digital Identity

Hardware-bound identity with no centralised identity database exposure. Sovereign, verifiable authentication that cannot be compelled or compromised at scale.

WHAT THIS ENABLES

Capabilities that weren't possible before.

Delegated trust without exposure

Assign authority to operators, systems, and agencies without ever sharing keys. Delegation is enforced cryptographically, not by policy documents or trust agreements.

Cryptographic governance

Real-world roles and authority hierarchies enforced mathematically. A supervisor cannot be bypassed. A junior operator cannot exceed their mandate. The code is the policy.

Provable auditability

Every action is tied to a specific person, device, and policy, not just a log entry. The cryptographic chain proves who acted, on what, with what authority. Irrefutable.

Secure inter-agency collaboration

Operate securely across agency boundaries without trusting shared networks. Each participant proves identity and policy without exposing secrets to the network or each other.

How It Works

Five layers. Zero persistent attack surface.

1

Verified Identity (ToughID™)

Hardware-bound identity for operators. No passwords, no shared credentials, no central identity honeypot.

2

Secure Execution (Secure Terminal™)

Critical actions restricted to hardened environments. No execution from compromised endpoints.

3

Policy Enforcement (Hierarchical Signatures)

Real-world authority embedded in cryptography. Operator + Supervisor + Control Centre must co-authorise.

4

Ephemeral Execution (Phantom Secrets)

Keys reconstructed only at the moment of use, used for control or signing, then immediately destroyed.

5

Hardware Root of Trust (Toughkey™)

All operations occur inside certified hardware. No exposure to software or network layers.

COMMERCIAL & STRATEGIC IMPACT

What changes when secrets don't exist.

Reduce systemic risk

No persistent attack surface

When there are no stored secrets, there is no surface for ransomware, nation-state actors, or insiders to target. Risk is structurally eliminated, not managed.

Improve national resilience

Systems remain operational under attack

Infrastructure continues to function even during active threat scenarios. Attackers cannot disable systems by stealing credentials: there are none to steal.

Eliminate insider threat vectors

No individual holds critical access

No single operator, administrator, or executive can act unilaterally on critical systems. Every action requires cryptographic co-authorisation.

Strengthen sovereignty

Full control, zero external dependency

No external vendor, cloud provider, or internal bad actor can unilaterally access, decrypt, or disable your systems. Sovereignty is enforced mathematically.

Products Used in This Solution

Five products. One connected architecture.

Phantom Secrets™, Lokblok® zero-persistence key reconstruction modulePhantom Secrets™Phantom Gate™, Lokblok® zero-trust authentication gatewayPhantom Gate™Secure Terminal™, Lokblok® hardware execution layerSecure Terminal™ToughID™, Lokblok® hardware-bound identity attestation deviceToughID™Toughkey™, Lokblok® cryptographic hardware keyToughkey™

The Shift

Cybersecurity has been about protecting secrets.

Critical infrastructure requires systems where secrets don't exist.
If nothing can be stolen, nothing can be used against you.

Explore ArchitectureSee Phantom Secrets™ →