Defending critical infrastructure supply chains with the laws of physics
August 23, 2023
Critical infrastructure is mired in cyber security risks.
Hospitals, power grids, the oil and gas sector, telecommunications, national defense systems — they are all connected to the internet and vulnerable to cyber-attacks. What’s more is that pieces of hardware integrated into that critical infrastructure are manufactured overseas, leaving hardware supply chains exposed as well.
But what cyber criminals cannot bypass are the laws of physics, said Sebastian Fischmeister, CEO and co-founder of Palitronica, a Velocity company whose briefcase-sized product, the Anvil Security Checkpoint, has the potential to thwart large-scale attacks on critical infrastructure through the supply chain.
“Palitronica looks at the supply chain of electronics and helps our clients ensure that the systems they operate and connect to the internet are built with authentic and original parts and firmware,” Fischmeister said. “Meaning that the parts used to build these critical platforms have not been compromised on the hardware or software side.”
Fischmeister was recently awarded $1.2 million in federal funding to protect Canada’s critical energy infrastructure and energy sector supply chains from cyber threats.
Palitronica’s product looks at the physical properties of hardware and software, and assesses system integrity, and detects cyber-related issues such as recycled e-waste sold as new, system misconfiguration, counterfeit electronics, hardware implants, and undisclosed software functions. With the push of a button their clients can see whether parts or assembled products are compliant.
Fischmeister said it is critically important to independently verify hardware and firmware before deploying critical systems, because these systems are largely manufactured with parts made abroad which offers ample opportunity to malicious actors to compromise them prior to assembly and use.
“These systems rely on a complicated supply chain, and we have to make sure that parts are clean and authentic originals before we use them in critical infrastructure,” he said. “What Palitronica does is physics-based. Even nation-state attackers cannot break the laws of physics, no matter how much money they spend on it.”
After joining Velocity in 2019, Palitronica advanced its patents and prototypes. By 2021 it had secured its first contracts with Canadian defense stakeholders and by 2022 it had been accepted to startup accelerator Y Combinator, closed its first round of seed funding and received the SVB/In-q-tel award for the “Most Innovative Security-Focused Company of 2022”. And in June, the company won Waterloo Institute for Sustainable Aeronautics’ Sustainable Future Competition.
Velocity excels in providing facilities, opportunity and expert advice on taking new technology and creating businesses out of them. Every university says they are ‘for innovation’ but at Waterloo it’s not lip service — a university saying that by default all IP and creator owned is really giving a commitment to entrepreneurship.
Sebastian Fischmeister, Palitronica co-founder and CEO.
Fischmeister is a University of Waterloo professor in computer and electrical engineering. While his academic career brought him to Germany, Austria, and the United States, he chose Waterloo and Velocity for its creator-owned IP policy and entrepreneurial support.