PFP Cybersecurity has announced the official launch of its company, aimed at protecting the supply chain as well as critical infrastructure such as industrial control systems. PFP's unique, anomaly-based detection technology first creates a baseline by reading power fluctuations of a system under normal usage, and then through continuous monitoring, can instantly detect a change in the pattern of power consumption or RF radiation, which indicates a security breach. This newly launched company, originally funded by DARPA, DoD and DHS, provides a new category of threat intelligence and detection that is physics-based for detecting today's most sophisticated cyber security attacks on critical infrastructure and supply chain systems.
"Over the past few years, we've seen an increase in sophisticated cyber-attacks against critical infrastructure and the supply chain that go undetected for months, even years," said Dr. Jeffrey Reed, Cofounder and President of PFP Cybersecurity and world-renowned researcher for software defined radio (SDR). "By leveraging digital signal processing technology, we developed a solution that is unique and for all practical purposes impossible to evade."
PFP's solution is currently comprised of two products, P2Scan and eMonitor. P2Scan is a complete identification, analysis, and monitoring solution to capture a baseline of activity and then continuously scan for deviations to determine whether an intrusion or cyber-attack has occurred. eMonitor is a standalone appliance that pairs with the device(s) to be monitored and performs 24x7 run-time monitoring. Future development plans include integration with SIEM, big data analytics and SaaS.
"We created PFP Cybersecurity because there is a major detection gap right now. There is a need for a game-changing solution because traditional security solutions are unable to detect when a system is compromised," said Steven Chen, Cofounder and Executive Chairman of PFP Cybersecurity. "Compounding the problem, critical infrastructure and ICS systems are often built on legacy hardware and software making them especially at risk. In the supply chain, counterfeit chips and reused parts go undetected until in production or deployment. Hardware intrusions such as Trojan chips with 'back doors' installed by adversaries for spying, or the insertion of a kill switch, would render these systems useless at the moment of greatest need."
With PFP's unique ability to detect both active and dormant attacks at the hardware and firmware levels, enterprises and government agencies can now find zero-day threats immediately by monitoring and detecting power consumption anomalies. For example, as soon as power usage changes due to the introduction of malware onto a system, PFP's solution detects this and alerts the system that there is a breach. Additionally, because the technology is air-gapped from other hardware and software systems, without installation software or electrical contact, it cannot be compromised and is impossible to detect by hackers. And because PFP is separate and does not use the target's resources, there is also no impact on existing system performance, which is especially important for critical infrastructure operations that cannot be disrupted.
"At Savannah River we have been concerned about zero day attacks," said Joe Cordaro, Savannah River National Laboratory Advisory Engineer. "Traditional scanning and patching techniques are not effective against zero day attacks such as Stuxnet. This is especially a concern for legacy computer systems in which software support from vendors no longer exists. PFP's unique ability to provide an independent, additional layer of cyber defense that will detect unknown vulnerabilities is ideal for these critical SCADA systems."
The first generation of PFP's technology was developed at Virginia Tech in 2006 by the company's president, Dr. Jeffrey Reed, and its CTO, Dr. Carlos Aguayo Gonzalez. In 2010, they joined serial entrepreneur Steven Chen to form PFP Cybersecurity when Chen was looking for a solution after exiting his previous cybersecurity venture, an Intel Capital portfolio company, which has received $300M+ in SBIR funding. Today, PFP has received contracts from NSF, US ARMY, USAF, DARPA and DHS. It has raised $1M in funding to continue expanding the company and developing its next generation security products. Currently PFP is building a talented team by hiring top researchers and hackers who know how to hack and defend networks. The company is building an IP portfolio with two patent applications filed so far.