Any physical device and process has a unique fingerprint, due to its particular history and features. This fingerprint is manifested within the exact fluctuations of reported signals, in the physical micro-noise, in the unique behaviour while the system is within a certain mode of operation. The physical patterns and fingerprints are present in every sub-system - from single sensor data all the way up to the whole plant manufacturing process. Using advanced proprietary algorithms, machine learning and signal processing, our patent-pending Cyber-Fingerprint™ tracks these unique fingerprints and verifies that the physical signal from each device is authentic, and has not been manipulated.
Once a subset of signals is identified to be forged, Aperio system identified the location of the forged signals, and provide actionable recommendations to address the attack.
The product uses as input historian data (e.g. from PI/historian, the predominant market leader), static databases or lab measurements. Its output is displayed on a dashboard, while generating alarms in various medias. The output Integrates into the SIEM system, (Security Information and Event Management System).
Aperio assumes that persistent attackers with the right skillset and resources will eventually find a way to bypass network security measures and gain unauthorised access to the OT network of an industrial system. After gaining access, an intruders' ability to carry out a devastating attack on physical assets relies on remaining undetected through the forgery of sensor data. This technique leaves the operators blind to the true state of the system so they can't take preventative measures during an attack.
Aperio's propriety algorithms ensure the integrity of sensor data at all times and safeguards against devastating attack during this 'worst case scenario'.
SENSOR FAULT DETECTION
The data gathered by sensors and control system during operations, is used to understand the health of the process and the associated equipment. These data streams, known as “time-series data” are collected at specific frequencies, often at second or sub-second intervals.
Historically, business stakeholders have not had real-time access to this data and have instead made decisions based on outdated data (a day, month, or even a quarter old data). The result can be a reactive approach to managing operations. Integrating operational data into business systems in real time provides the opportunity to see emerging issues and address them as they occur, greatly reducing the risk of extended downtime and associated loss of revenue. It can also help the business optimize processes for more efficient and productive day-to-day operations.
Leveraging its access to operational data and its algorithmic capabilities, we found out that our software can also enhance the operator's state awareness and monitoring capability by detecting broken or faulty sensors - a daily problem in many plants that disrupts production and has already caused devastating damage and human casualties. By doing so, we not only provide resilience against severe cyber attacks, but also improves the day-to-day safety and productivity of the plant. The technological challenge is immense - are these abrupt changes we detect authentic, or indicate data quality issues. No real-time and adaptive implementation of such protection exists. Aperio is the first to crack this technological challenge dynamically, in real time and in proving the event is indeed a sensor malfunction at very high level of confidence.
Our Data Quality product detects events such as faulty, misconfigured, or out of range sensors, capabilities that are definitely needed, reducing maintenance cost and improving performance. The installation of our product for data quality purposes allows to prove the value of the system on a day-to-day basis, and raise the client’s confidence. At this stage, and as the security needs for the OTs become more prevalent, we are in a good position to discuss the security capabilities of our system.
Our unique solution provides real time alerts for discovery of Sensor Data Quality issues is based on different Machine Learning engines:
The product includes an interactive interface, allowing to filter events according to diverse criteria, such as the sensor’s name, measurement unit, or the type of event that was detected by Aperio engines.
With a variety of interactive metrics, the product makes it easy to understand the root cause of sensors failures.
Faulty sensors can be detected easily and in a short time, avoiding costly interventions due to a sensor malfunction that is detected too late.
HOW IT WORKS
Aperio passively plugs into the plant’s historian server (product like Pi System, Wonderware, eDNA and others ) and collects data from it. Historian servers have built-in capabilities for allowing external analytics products to access the plant’s production data and are deployed in the vast majority of industrial facilities around the world.
APERIO integrates into existing SIEM, monitoring and security systems. In addition, APERIO provides an alternative dashboard for presenting the ground truth of the physical situation.
Based on containerized software architecture (Docker), Aperio system can be deployed on premise or through any major Cloud solution (AWS, Azure, Google).