Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Power grids offer path to effective malware detection

Posted: 27 Jan 2015 ?? ?Print Version ?Bookmark and Share

Keywords:PFP Cybersecurity? power grid? Stuxnet? malware? DARPA?

The ICS/SCADA operator would then investigate the alert with analytics or other forensics tools, he said.

eMonitor compares the frequency and power usage information for each device with the baseline data on those devices. "The monitoring box has a digitiser in it and sends information back to the operations centre," for example. PFP ultimately hopes to have these sensors embedded in new PLC or array products from ICS vendors to eliminate the need for separate sensors, he indicated.

PFP execs said the company plans to integrate their technology with SIEM vendors' products, as well as big data analytics and SaaS vendor offerings.

Reid Wightman, an ICS/SCADA security expert and director of Digital Bond Labs, said PFP's approach is interesting and has merit, but wonders whether any changes in the so-called ladder logic or "recipe" for a plant process would generate a false positive, for instance. And, he said, sophisticated malware could potentially be written to avoid any change in power consumption, such as altering a single instruction in a monitored system. "There are probably ways to evade detection like there is with everything. It depends on how granular they get," he said of PFP's approach.

PFP stated that an attacker in theory could try to inject code with the same number of bits as the original code, but it would be difficult. Another trick would be for him to operate "under the noise floor," said Steven Chen, founder and executive chair. "In our research, we have shown that PFP is able to detect changes in one single bit during execution," Chen noted. So a logic bomb or other malware that only triggers by a special condition would be detected when it checks for its trigger condition: because that uses power, he continued.

If an alarm fired by PFP's technology doesn't persist, then it's most likely benign, said Jeffrey Reed, president of Washington, D.C.-based PFP Cybersecurity. "If you don't see persistence of an alarm, then it's a good indicator that it's just a noise spike."

Reed and Carlos Aguayo Gonzalez, CTO, initially developed the technology in 2006 while at Virginia Tech. They teamed up with serial entrepreneur Stephen Chen in 2010 to take the technology commercial, and PFP thus far has raised some $1 million in funding. The startup has contracts with the National Science Foundation, the U.S. Army, the U.S. Air Force, DARPA and DHS.

PFP's initial eMonitor offering supports two probes, such as two PLCs, per appliance, and the next version will support 16-32 probes. The company has not yet announced pricing information.

?First Page?Previous Page 1???2

Article Comments - Power grids offer path to effective ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top