Saving the Coral Reefs: Securing IoT Under the Sea

Thinking outside of the box isn’t always an easy task. Especially when it comes to finding a way to securely connect an IoT device on a buoy in the middle of the ocean to a data centre all the way in Amsterdam. But this kind of project was no match for Brice Renaud, a Solutions Engineer here at Netskope. When he was brought into a project with folks from Orange Business to help out Tenaka, a company focused on creating sustainability solutions for rebuilding marine life. I sat down to chat with Brice about how he got involved in the project, how he tackled some uniquely challenging resource hurdles, and how Netskope can help securely enable IoT devices like the one for this project. Here’s our full conversation.

Max Havey: To start off, can you tell us a bit about this sustainability project with Orange and Tenaka?

Brice Renaud: I have a friend who works on “all things sustainability” for Orange and they found out about the organisation Tenaka, which seeks out specific species of coral to see how they can be regrown. Up until now Tenaka’s process was very manual and time consuming, as they experimented to understand what approaches were working and which ones weren’t. The process required divers being onsite and testing all of the different conditions. The goal was to find a way to fully automate this time-consuming process and somehow turn it into a data science project instead, making the process reproducible and easier to navigate for Tenaka.

Max Havey: How did you come to be involved in this project?

Brice Renaud: Orange was looking to create a device to help automate the process and eventually partnered with an agile hardware-design agency called Yucca Lab to create a buoy with an underwater device (built using Raspberry Pi) that would help gather this data. With those bits covered, they needed a way to securely transport the data gathered from the device back to their data center in Amsterdam. This is where I came in. My friend at Orange knew that I enjoyed working with Raspberry Pi–and thinking outside of the box on projects–and came to me thinking that Netskope could be a good fit to secure everything.

Max Havey: WIth that in mind, how does Netskope fit into this project?

Brice Renaud: There was a specific need to have a secure channel established to transmit the data from Yucca Labs’ device to Orange’s data centre. This is common for many IoT projects where there can be a high susceptibility to attacks as a result of security being deprioritised in the competition for the limited computing power in the device. So I set out to find a way that we could secure and connect the device on the buoy to the Netskope NewEdge infrastructure, establishing a direct channel to the Orange data center. Our cloud-delivered Netskope Intelligent Security Service Edge (SSE), allows us to do all of the filtering on our side to make sure there’s nothing malicious lurking in the data before we push the data to Orange. We are also able to make sure that only NewEdge connected devices are allowed to connect to the Orange data centre, protecting it from the public internet and avoiding a significant attack vector. In theory this would be a pretty easy solution, but the biggest issue we had to deal with was the buoy’s extremely limited space and power budget. Since the buoy is powered by only four solar panels, there’s no energy to waste. 

Max Havey: So, how did you approach overcoming that hurdle?

Brice Renaud: When approaching an IoT project in general, we would usually use our purpose-built Netskope Borderless WAN appliances to provide connectivity and secure the IoT devices. Unfortunately, in this instance our purpose-built IoT devices were not able to meet the very tight power budget we were working with. So, we had some discussion with Yucca Lab and came to the conclusion that the ideal solution would be to run the connectivity functions directly on the Raspberry Pi module powering the buoy. After some configurations, we managed to make the buoy’s Raspberry Pi connect straight to the Netskope NewEdge infrastructure, which in turn connects to Orange’s network to push the data Tenaka collects (counting marine species visiting the new reefs) to their data centre, where they can then perform all of the machine learning that in turn helps Tenaka.

Max Havey: What are some of the specific security concerns Netskope is addressing as part of this project?

Brice Renaud: For this project specifically, we aren’t processing the kind of sensitive data you might have in a medical or industrial environment. Having fish pictures leaked over the internet would have very limited consequences. Instead, we are protecting against other types of threats. We are protecting the cloud infrastructure from attackers that could potentially take control of it and then use its computing power for crypto-mining. We’ve already seen this happen in the recent past and it can cost the victim millions. Another very common misuse could be using infrastructure to host inappropriate content or turn it into a command and control bridgehead. We‘re also protecting the buoy itself, which runs a Linux device, from being exposed on the internet, where it could participate in a command and control network to initiate anonymous attacks on internet-connected targets.

Max Havey: With all of that in mind, what did you learn about this project when it comes to “outside-the-box” thinking?

Brice Renaud: The most interesting part of the project has been to work with a very constrained power-budget, which is unusual in classical IT environments. In most projects, dealing with kW/hour is the norm, while we are dealing here with single digit W/hour. It’s nice to understand that one of the classical benefits of an SSE solution–pushing the heavy lifting to the cloud while delivering best-of-breed security–also applies to power consumption. It’s always very pleasant to create a new solution just by using the components that we already had on the shelf, assembling them in the right way, making a few integrations and embedding our technology into a project that ultimately has a positive impact on the world.

Max Havey: To close us out, why do you think being involved in a project like this is important from an Environmental, Social and Governance (ESG) perspective?

Brice Renaud: In a classical System Engineering job, you rarely have the opportunity to give back to the planet but when I discovered our internal Netskope for Good programme, I thought that this project could be a perfect fit. I initiated a few discussions with our ESG team and they immediately supported the idea. It was the perfect way to demonstrate again that Netskope cares about the world and is ready to use our technology for a good cause and make a more positive impact on the world.

If you’d like to learn more about this collaboration with Orange, Tenaka, and Yucca Labs, please visit the website here. And if you’d like to learn more about Netskope’s ESG efforts, visit our Corporate Social Responsibility page here.