Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action.
PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance.
The US Department of Energy's Savannah River National Laboratory (SRNL) recently tested the PFP technology's ability to detect Stuxnet-like attacks. Joe Cordaro, advisory engineer with SRNL, says the PFP system right away found small changes to the code on the PLC while it was dormant. "The dormant state is a lot tougher to find because there are no outward signs, and little or no impact on the processor," Cordaro says. "We did some subsequent [malware] tests on other PLCs with the same results."
SRNL also plans to test the technology on protective relay devices, which form the backbone of the power grid. Those devices were thrust into the limelight during the 2013 Superbowl in the New Orleans Superdome, when the power went out for several minutes during the third quarter of the game after a protective relay was tripped due to a defect in the device as well as an incorrect setting. "What that showed you was that someone could hack into the protective relays of the US power grid and cause brownouts and blackouts," Cordaro says. "We're working with PFP on a contract … to characterize baselining the protective relays" and running this in a test bed that ultimately will provide R&D information to US utilities, he says.
Continue reading on EE Times’ sister site, Dark Reading.