By Tom Ballard, Chief Alliance Officer, PYA
It is still a very early stage company, having been launched in mid-2020, but Sentinel Devices LLC has big plans to address a very critical cybersecurity vulnerability in industrial control systems.
The issue is insider attacks, frequently accomplished by an advanced persistent threat actor who might be able to get into a system through social engineering. From that one device, the intruder can get access to the control networks in, for example, nuclear facilities à la the 2010 Stuxnet attack.
“I have attended a lot of conferences and was surprised to learn that there was no product to address the issue,” says Fan Zhang, a Research Assistant Professor of Nuclear Engineering at the University of Tennessee (UT), Knoxville whose scientific work is the basis for the company. The UT Research Foundation (UTRF) secured a provisional patent and filed a PCT (Patent Cooperation Treaty) in November, according to Andreana Leskovjan, UTRF Technology Manager. Sentinel Devices, in turn, has secured a research license to further develop the technology.
Forrest Shriver, Co-Founder and Chief Executive Officer of the start-up, said the focus of the company is on addressing a key but elusive question: How do you detect an insider cyberattack? The answer is based on machine learning, but from an industrial perspective rather than the traditional information technology approach. This is important, Shriver explains, as industrial cybersecurity is a relatively new field with many industrial utilities still trying to establish a path forward in the ever-changing digital world.
While the company is using the energy generation sector to first prove its product, the two Co-Founders don’t believe that represents the limit of what their technology can protect. “We are both from the nuclear field,” Shriver said when describing the motivation for taking on the energy generation sector first, adding, “The [industrial] processes are not nuclear only but rather applicable to any power generation facility. We have a prototype and are now working on further customer discovery.”
They believe that the product will be available and applicable to other sectors in the digital industrial landscape.
So, how serious is the problem that Sentinel Devices is focused on solving?
Shriver explains that some components of industrial infrastructure are as many as 30 years old. With industrial cybersecurity becoming a serious topic only in the past decade (post-Stuxnet), many older systems are particularly vulnerable to cyberattacks. With many industries looking to increase their automation in pursuit of “Industry 4.0,” one question being asked is how to secure these increasingly connected devices against a hostile digital world.
“Lower-power CPU devices in many industries don’t even have encryption,” he says. “Many operate on a trust-based system.” This trust-based approach may have worked 30 years ago, but in the aftermath of Stuxnet, many facilities and vendors of industrial control systems are being pressured to re-evaluate their stance on cybersecurity. The result is a mixture of old and new systems where cybersecurity is frequently a secondary concern, implemented after the system has been designed and set-up, and where rigorous cybersecurity protocols might be very loose or even unenforceable.
Adding to the vulnerability challenge is the use of contractors who want to access control systems from a remote location for their convenience. “We’re not always assuming they are going to be nefarious, but it is a possibility,” Shriver notes. It’s of course also a possibility that even if the contractor isn’t trying to be malicious, this remote connection might be abused by malicious entities on the contractor’s computer, further complicating the prospect of allowing outside connections in pursuit of a fully connected facility.
To combat these and other serious vulnerabilities, the start-up’s device will connect to – and monitor – a single digital asset. Once it’s connected, it will continuously monitor for anomalies within the process data of the device for which it’s responsible. In this way, the device will be able to monitor and detect anomalies without relying on the collection of digital traces such as network traffic, which might not be created in the event of an insider attack.
“Our device will not infer from network data but the actual industrial processes,” Shriver adds.
Sentinel Devices was one of 25 semi-finalists for Cohort 5 of the “Innovation Crossroads” program operated by Oak Ridge National Laboratory. If selected, Shriver says the two-year program would allow the start-up that has so far been self-funded to “build more of the brains for ease of deployment” of the device.