PFP Cybersecurity Launches Physics-Based Solution to Protect SCADA Systems and Supply Chains
Forget signatures, heuristics and sandbox analysis. PFP Cybersecurity, a Washington, D.C.-based cybersecurity startup, is taking a unique approach to detecting malware and threats within the IT supply chain as well as critical infrastructure such as industrial control systems.
According to the company, its anomaly-based detection technology uses changes in the pattern of power consumption or RF radiation, in order to detect a potential a security breach. By first creating a baseline by reading power fluctuations of a system under normal usage, and then through continuous monitoring, the startup claims that it can detect threats in milliseconds.
PFP explains in more detail that its technology uses fine-grained measurements of a processor’s power consumption to identify “unique patterns created by the specific sequence of bit transitions during execution”, an approach that it says is complementary to existing security solutions such as AV and Deep Packet Inspection (DPI).
With no added software, PFP offers air-gapped, real time monitoring of hardware, firmware, BIOS, and core OS components and can detect hardware Trojans and counterfeits in the supply chain, including chips, boards, devices & systems.
Funded by DARPA, DoD and DHS, the company has also raised $1 million, which it will use to expand the company and develop its security solutions.
While the company has been keeping a low profile until now, it did exhibit at SecurityWeek’s 2014 ICS Cyber Security Conference in Atlanta in October, but is officially making its public debut this week.
The company has already received contracts from NSF, US ARMY, USAF, DARPA and DHS.
“In the supply chain, counterfeit chips and reused parts go undetected until in production or deployment,” said Steven Chen, Cofounder and Executive Chairman of PFP Cybersecurity. “Hardware intrusions such as Trojan chips with ‘back doors’ installed by adversaries for spying, or the insertion of a kill switch, would render these systems useless at the moment of greatest need.”
In late 2012 Gartner analysts warned that IT supply chain integrity issues are real, and would have mainstream enterprise IT impact within the next five years. Additionally, a 2012 report from Northrop Grumman prepared for the U.S.-China Economic and Security Review Commission warned that “successful penetration of a supply chain such as that for telecommunications industry has the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety.”
PFP’s offerings currently consist of two products, P2Scan and eMonitor. P2Scan scans for deviations to determine whether an intrusion or cyber-attack has occurred, while eMonitor is a standalone appliance that pairs with the device(s) to be monitored and performs run-time monitoring. Because PFP is separate and does not use the target’s resources, there is also no impact on existing system performance.
“Over the past few years, we’ve seen an increase in sophisticated cyber-attacks against critical infrastructure and the supply chain that go undetected for months, even years,” said Dr. Jeffrey Reed, Cofounder and President of PFP Cybersecurity. “By leveraging digital signal processing technology, we developed a solution that is unique and for all practical purposes impossible to evade.”
The first generation of the company’s technology was developed at Virginia Tech in 2006 by Reed and its CTO, Dr. Carlos Aguayo Gonzalez, who joined Chen to form PFP Cybersecurity.