CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Startup Uses Changes in Power Consumption to Detect Industrial Cyber Threats

PFP Cybersecurity Launches Physics-Based Solution to Protect SCADA Systems and Supply Chains

PFP Cybersecurity Launches Physics-Based Solution to Protect SCADA Systems and Supply Chains

Forget signatures, heuristics and sandbox analysis. PFP Cybersecurity, a Washington, D.C.-based cybersecurity startup, is taking a unique approach to detecting malware and threats within the IT supply chain as well as critical infrastructure such as industrial control systems.

According to the company, its anomaly-based detection technology uses changes in the pattern of power consumption or RF radiation, in order to detect a potential a security breach. By first creating a baseline by reading power fluctuations of a system under normal usage, and then through continuous monitoring, the startup claims that it can detect threats in milliseconds.

PFP explains in more detail that its technology uses fine-grained measurements of a processor’s power consumption to identify “unique patterns created by the specific sequence of bit transitions during execution”, an approach that it says is complementary to existing security solutions such as AV and Deep Packet Inspection (DPI).

With no added software, PFP offers air-gapped, real time monitoring of hardware, firmware, BIOS, and core OS components and can detect hardware Trojans and counterfeits in the supply chain, including chips, boards, devices & systems.

Funded by DARPA, DoD and DHS, the company has also raised $1 million, which it will use to expand the company and develop its security solutions.

While the company has been keeping a low profile until now, it did exhibit at SecurityWeek’s 2014 ICS Cyber Security Conference in Atlanta in October, but is officially making its public debut this week.

The company has already received contracts from NSF, US ARMY, USAF, DARPA and DHS.

Advertisement. Scroll to continue reading.

“In the supply chain, counterfeit chips and reused parts go undetected until in production or deployment,” said Steven Chen, Cofounder and Executive Chairman of PFP Cybersecurity. “Hardware intrusions such as Trojan chips with ‘back doors’ installed by adversaries for spying, or the insertion of a kill switch, would render these systems useless at the moment of greatest need.”

In late 2012 Gartner analysts warned that IT supply chain integrity issues are real, and would have mainstream enterprise IT impact within the next five years. Additionally, a 2012 report from Northrop Grumman prepared for the U.S.-China Economic and Security Review Commission warned that “successful penetration of a supply chain such as that for telecommunications industry has the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety.”

PFP’s offerings currently consist of two products, P2Scan and eMonitor. P2Scan scans for deviations to determine whether an intrusion or cyber-attack has occurred, while eMonitor is a standalone appliance that pairs with the device(s) to be monitored and performs run-time monitoring. Because PFP is separate and does not use the target’s resources, there is also no impact on existing system performance.

“Over the past few years, we’ve seen an increase in sophisticated cyber-attacks against critical infrastructure and the supply chain that go undetected for months, even years,” said Dr. Jeffrey Reed, Cofounder and President of PFP Cybersecurity. “By leveraging digital signal processing technology, we developed a solution that is unique and for all practical purposes impossible to evade.”

The first generation of the company’s technology was developed at Virginia Tech in 2006 by Reed and its CTO, Dr. Carlos Aguayo Gonzalez, who joined Chen to form PFP Cybersecurity.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.