Israel’s APERIO Systems said it has developed the cyber industry’s first technology that identifies, sends out alerts and takes real time corrective action when hackers try to artificially manipulate data to damage critical infrastructures, such as electricity grids or water supply networks.

“For real impact hackers need to create a dangerous state in which operators of the critical systems get messages that all systems are functioning well whereas they are actually being damaged or destroyed,” said Michael Shalyt, APERIO’s VP Product. “Data forging is when you give the impression that things are working as they should, but they are actually not.”

Shalyt, a 29-year old former researcher and team leader in an elite IDF intelligence unit, brings as an example an unfolding bank robbery in which video feed to the guard is hijacked to transmit not a real-time feed but that of the previous day, showing that everything is fine.

The Stuxnet malicious worm that sabotaged Iran’s nuclear program “was operating for 18 months and the control room felt all was well, but it was all fake,” Shalyt said. “This kind of forgery can cause lasting physical damage because if a turbine, for example, is rendered dysfunctional without an operator being aware of the fact it could be months before the damage is repaired and the system is up and running again.”

“Many companies are trying to achieve our same goal, but our approach is different. We are a different breed of cyber company,” said Shalyt, who previously led the malware research team at Check Point Software Ltd. “We are a lie detector for machines.”

And this is the niche — data forgery protection — in which APERIO operates, with its team of former Israeli army intelligence veterans, electronic engineers, physicists and signal processing experts.

APERIO said it secured seed funding from a consortium of private investors, including cybersecurity veterans Doron Bergerbest-Eilon, Liran Tancman, and Shlomi Boutnaru. Bergerbest-Eilon helped establish the agency charged with protecting all critical infrastructures in Israel and is the former director of the security and protection division of the Shin Bet security agency. Tancman and Boutnaru, who played key roles in building Israel’s cybersecurity capabilities, founded predictive cybersecurity startup CyActive, which was acquired by PayPal in 2015.

Aperio's CEO Yevgeni Nogin (left) and VP product Michael Shalyt (Courtesy)

Aperio’s CEO Yevgeni Nogin (left) and VP product Michael Shalyt (Courtesy)

APERIO, founded in January this year, targets its new product, which is actually a server, to industrial control systems (ICS) of anything from the temperature of turbines in a power plant to pharmaceutical or food manufacturing plants and gas flow at a petroleum refinery.

Through the use of algorithms, APERIO’s technology scours the systems and alerts users to forgeries by monitoring the machinery and seeking inconsistencies in physical realities compared to their historical performance. Any mismatches generate an alert and APERIO Systems pinpoints the attacked equipment and faked process data.

Then, using a sophisticated combination of physics and state-of-the-art machine learning techniques, APERIO Systems reconstructs the real values of the forged operational data and reverts it to its original state in real time — establishing operational resilience.

“A fan, when operating, tends to emit a high pitch when it rotates fast. The noise is a side effect of the fan’s operation,” he said. “But if suddenly I notice that the fan is operating but is not emitting a noise, then that is strange. We learn the physical models and what they should be. Then we look for inconsistencies, based on past experiences.”

The company uses several methods for verification, all of which are based on physical signs. “It all has to make sense,” Shalyt said.

APERIO’s servers are already being used by several big gas pipelines across Israel, said Yevgeni Nogin, the CEO of APERIO. The company recently won a cybersecurity competition run by Italy’s Enel, a multinational energy producer and Europe’s largest utility by market cap, and will be deploying its servers at their plants.

The huge expansion of computer inteconnecitvity and the global dependence on data has increased the risks and severity of cyberattacks, spurring a need for more efficient and effective defensive measures.The cybersecurity market will likely grow at an annual rate of almost 11 percent to to $202 billion by 2021 from $122 billion in 2016, according to MarketsandMarkets, a research company.

Nogin, 28, is a graduate of the elite Talpiot IDF military academy who served over nine years in elite intelligence and R&D units of the IDF.

“We are targeting our product to any controlled systems, whether they are cars, airplanes and services that are critical in our everyday life,” Nogin said.