Israeli start-up, working with GE, out to detect Stuxnet-like attacks

ThetaRay monitors critical infrastructure

The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.

Two university professors, Amir Averbuch of Tel Aviv University, and Ronald Coifman of Yale, came up with mathematical algorithms that can be used in network security monitoring to detect stealthy malware targeting industrial systems. The company they founded last year with CEO Mark Gazit is called ThetaRay. The Tel Aviv-based start-up has developed server-based technology to be used in monitoring of power-production facilities, industrial SCADA systems and other critical infrastructure. Expected to be generally available around September, the technology could also be applied to other industries, such as financial services.

We look at the operational data simultaneously with the network data.

— Mark Gazit, CEO of ThetaRay

The ThetaRay security appliance, deployed on premises, works by looking at both operational data from industrial systems such as SCADA controls while simultaneously combining and comparing it against the monitored network traffic and security gear, such as firewalls, says Gazit.

+ ALSO ON NETWORK WORLD: Stuxnet was attacking Iran’s nuclear program a year earlier that thought | White House pushes cybersecurity framework for critical infrastructure +

The appliance combines hundreds of parameters related to how operational and network systems are performing to create a kind of “hyper-dimensional picture of normal behavior” in order to detect variances in the norm that would indicate an attack.

The ThetaRay product uses its analytics to determine if there are anomalies, like sudden drops or high bursts in monitored data that would indicate a cyberattack is under way. The gear can’t block the attack but will pinpoint evidence that an attack is commencing.

Stuxnet was meticulously crafted, complex malware believed to have been developed by American and Israeli intelligence agencies to disrupt processing at an Iranian nuclear power facility suspected to be involved in developing a nuclear weapon for Iran. For a long time, Stuxnet succeeded because of its method of interfering with programmable logic controllers there and creating fake data outputs that made it seem that nothing was wrong at all.

Stuxnet, also decried as a dangerous cyberweapon that could go astray with unknown consequences, ended up putting the operators of energy-production facilities around the world on alert once it became known.

ThetaRay’s goal is to be able to detect these types of cyberattacks across industrial systems and is now testing it in an unnamed power plant in New York state. ThetaRay has received an undisclosed amount of financial backing from a number of parties, including Jerusalem Venture Partners and General Electric, though ThetaRay won’t say much about exactly how GE, a large provider of power-generation systems, might deploy the security-monitoring technology itself.

Once the ThetaRay security system ships for general availability in the fall, it’s expected to cost a “few hundred thousand dollars,” according to Gazit.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Join the discussion
Be the first to comment on this article. Our Commenting Policies