Startup Aperio Systems emerged from stealth mode in November, offering “a polygraph for process data, detecting when your system is lying to you,” says CEO Yevgeni Nogin. “We are not a typical cybersecurity company,” Nogin explained in a phone interview on November 13. “We have an unusual number of physicists on board, in addition to cybersecurity experts.”
One of the physicists is vice president of product Michael Shalyt who walked me through Aperio’s clever answer to the recent increase in attacks on critical infrastructure systems. In December 2015, a Ukrainian power grid was taken down, leaving more than 230,000 residents in the dark. A few months later, hackers managed to infiltrate a water treatment plant in the U.S. and change the levels of chemicals being used to treat tap water. But “the vast majority of attacks are not disclosed,” says Shalyt. “Hackers have realized recently that they can attack the physical world using digital code.”
The much talked-about Internet of Things (IoT) is the poster boy for both the accelerated merger of the physical and digital worlds and the inadequate security of physical objects. That became apparent last month with the temporary shutdown of the Internet in parts of the U.S. due to an attack orchestrated by taking control of insecure connected devices such as security cameras and baby monitors. Going beyond consumer devices, the same type of attacks now threaten the sensors and other physical objects in critical infrastructure installations such as power plants and other industrial control systems.
Aperio answers the challenge by non-intrusively plugging into an existing control system and unleashing its advanced machine learning algorithms to study and identify the system’s unique “fingerprints.” That serves as the baseline for determining the validity of the process data produced at any given moment and alerting operators when an anomaly—forged data—is detected. The attackers typically produce forged data because they need to mask their presence and gain the time required for them to inflict long-term damage to the equipment. “Our role is to understand the process well enough that whenever an attacker will send a signal that cannot be generated by this specific equipment or plant or mode of operation, we alert the operators that someone is fooling them,” says Shalyt.
Using a sophisticated combination of physics and state-of-the-art machine learning techniques, Aperio than reconstructs the real values of the forged operational data and reverts it to its original state in real time. Establishing the true state of the system is important because that could mean the difference between the necessity for an emergency shutdown of the system or a more controlled one which is less costly and disruptive. “The beauty of physical systems is that everything is connected to everything else and we use this complexity to our advantage,” says Shalyt.
It is also the beauty of having physicists who understand the laws of physics a system follows and can detect the normal rhythm of the system and its unusual and abnormal behavior. The same laws of physics operate across many specific domains—power plants, oil and gas facilities, water and waste control, pharma, manufacturing, and transportation—allowing Aperio to apply its artificial intelligence in multiple markets. In the future, Aperio would like to be able to provide a validation for any information communicated by any type of sensor, in both industrial and consumer environments.
Currently tested by four different power plants, Aperio has secured seed funding from a consortium of private investors, including prominent cybersecurity veterans Doron Bergerbest-Eilon, Liran Tancman, and Shlomi Boutnaru. Bergerbest-Eilon has played a major role in establishing the agency charged with protecting all critical infrastructure in the State of Israel and is the former director of the security and protection division of the Israel Security Agency (ISA). Tancman and Boutnaru, who played key roles in building Israel’s cybersecurity capabilities, founded predictive cybersecurity startup CyActive, which was acquired by PayPal in 2015.
Originally published on Forbes.com