What if you knew you were being hacked the second they started hacking you?
The millisecond they started hacking you?
The past year in cybersecurity has seemed like The Year the Bad Guys Won. Think Sony Corp., Target Corp., JPMorgan Chase & Co. So companies are paying more attention than ever to the threat.
But they’re usually clueless for weeks, or months, as the hackers rifle through their valuables. It takes an average of more than 200 days to discover a breach, according to the cyber-forensics company Mandiant.
A novel technology from PFP Cybersecurity, of Vienna, Virginia, promises to help close that detection gap by identifying malware attacks based on changes in the power that devices use — essentially by taking their energy fingerprints and alerting users when those fingerprints change.
Here’s how it works.
First you establish a baseline pattern for a system as it operates normally. PFP sees a particular opportunity in poorly protected infrastructure systems, so take a protective relay for example. That’s a device used to sense and cut off voltage surges on power lines.
Once the power signature for the device is recorded, PFP’s monitor can detect even the smallest change in that pattern. Maybe the relay has stopped functioning properly — or maybe a hacker has implanted a piece of malicious code in it. Either way, the technology can alert a human technician to the anomaly within milliseconds.
The technology — made up of sensors and software that analyzes what the sensors pick up — was developed in 2006 at Virginia Tech by Jeffrey Reed, a professor of electrical and computer engineering, and Carlos Aguayo Gonzalez, one of his Ph.D. students at the time. The research was inspired by the side-channel attack, a way of breaking into an encrypted system by analyzing physical signals like heat and power consumption, said Reed, PFP’s president.
Reed and Aguayo Gonzalez, chief technology officer, set up PFP in 2010 with Steven Chen, who had founded and sold 3e Technologies International, a supplier of secure wireless technology, to the U.S. Navy. PFP has gotten contracts from the Army, Air Force, Department of Homeland Security and Darpa, which develops advanced technologies for the Defense Department, and has raised about $1 million in venture funding, according to Chen.
The company has been testing its technology together with the Department of Energy’s Savannah River National Laboratory (SRNL) in South Carolina, focusing on microprocessor chips like programmable logic controllers, which run a lot of automated processes in industrial settings. In one test, they showed that the technology was capable of detecting the Stuxnet virus, the program that attacked industrial control systems in Iran’s nuclear industry, even before it becomes active.
The ability to catch a Stuxnet-like attack, which exploited several previously unidentified “zero-day” flaws, is what got Joe Cordaro, an engineer at SRNL, interested. A lot of cyber-defense now rests on detecting and blocking what you know is bad, but a zero-day attack is, by definition, unknown. Potential attacks of that kind on the electrical grid is one of DOE’s biggest areas of concern, Cordaro said.
It’s not a theoretical worry, either. Researchers at Symantec Corp. reported in June on a hacking group that targeted pipeline operators and other energy companies and successfully infected industrial control systems.
PFP’s technology can identify a zero day because it’s based on changes in physical signals and power consumption, not on the ability to recognize malicious code, which may be in use for the first time, or cleverly disguised as legitimate software.
Grid systems are difficult to patch and scan for problems because they’re constantly operating, Cordaro said. The PFP technology works because it is “air-gapped” from the device it’s fingerprinting — the sensors used for fingerprinting aren’t connected, and you don’t have to load any software onto the system to take the measurement — so it doesn’t interfere with normal daily operations. That way, it can’t be detected or interfered with by a hacker nosing around in the system.
“It’s very innovative. I think it’s a very significant development,” said Cordaro, who got to know Chen and Reed a few years ago when he was working on developing ultra-secure wirelss systems so DOE could transfer classified nuclear weapons data within its facilities wirelessly. “And it’s not being done in place of any of the other cyber-security arrangements. It’s another layer.”
Read more: New Technology Detects Hacks in Milliseconds