Who's on your team?
Caleb has deep expertise in IoT while working on the venture team at ARM to invest in smart cities and on the investing team at Samsung to invest in IoT. He has strong relationships with IoT teams at both firms and has been leveraging them to assist with research and product development. Prior to Sloan, he was a technology investment banker and investor and has advised/invested in security companies Blue Coat Systems and Allot. He obtained a degree in pure mathematics from University of Pennsylvania. Caleb leads corporate development efforts and research in new innovative technologies.
Greg is a PhD Candidate at MIT in IoT Cybersecurity. His dissertation topic concerns evaluating security risk for IoT devices. Prior to his PhD, he was an executive at Accenture where he founded and led their Smart City IoT Strategy group which worked with global cities to develop IoT solutions for critical infrastructure. He was irritated by the smoke and mirrors behind the “security” provided for IoT and left to work on his PhD and NeuroMesh to solve this problem. Greg has started several ventures prior to Neuromesh. He is also an Adjunct Professor at Columbia University. Greg is the technology lead who oversees the product research & development.
Pavel has deep expertise with blockchain. He worked on an independent study at MIT on blockchain and worked on NASDAQ’s blockchain project. He has led our blockchain engineering efforts for IoT devices.
Carlos is a hacker with considerable software development experience. He completed his undergrad in Course 6 at MIT and is currently working on his MEng in Computer Security for IoT systems. He has worked for MIT’s IS&T security team and is eager to develop IoT security solutions. Carlos is the lead enterprise software engineer.
Kel is a product manager with strong cybersecurity experience as a Senior Cybersecurity PM with Cisco. Prior to Cisco, he launched the video camera division at Alarm.com, overseeing the group as they installed over half a million IP cameras. He leads our enterprise product development efforts.
Rahul is an electric grid expert. He studied electrical engineering at IIT Madras, worked at Schlumberger and McKinsey, and is a leader at the MIT Energy Club. He has deep knowledge of the network infrastructure of the utilities and electric grid. He leads the business development efforts.
What problem are you trying to solve?
Critical infrastructure, such as industrial control systems, have implemented IoT devices called Industrial Internet of Things (IIoT) to digitally manage meters and substations. However, in the past two years, the Ukrainian electric grid was taken down twice by hackers. In December 2015, 225,000 lost power in Ukraine due to malware placed on energy distribution systems.
The U.S. electric grid may be more vulnerable than the electric grid in Ukraine. Ukraine’s electric grid had manual controls without digital overlay to enable power. However, in the United States, most controls are all automated and digital; if the power supply infrastructure is infected with malware, the whole electric grid could be compromised with no mitigation. According to North American Energy Reliability Corporation, the U.S. electric grid is worth more than $1 trillion and supplies power to 334 million people.
The US electric grid is not the only digitized grid that is vulnerable. European utilities have also moved towards internet-enabling their industrial systems, which has afforded convenience and increased maintenance response times - but also poses a substantial security liability. Noticing this gap in security for the grid, Iberdrola, a leading utility in Spain, has engaged NeuroMesh to work with their industrial systems and retail energy market device manufacturers to secure the utility infrastructure.
Critical infrastructure, such as the electric grid, is reliant on technology called Industrial Control Systems (ICS). ICS is composed of reliable, long-lasting and expensive controllers that govern discrete, mostly deterministic processes. While the electric grid is a good example indicating the scale of importance of ICS, other critical infrastructure including but not limited to transportation systems, water networks, oil and gas refineries and distribution systems rely on ICS as well.
Between 2016 and 2020, the ICS security market is expected to grow at a CAGR of 9.09% considering the constant stream of threats to ICS devices and the importance of their seamless operation. In 2016, the ICS security market was valued at $9 Billion annually.
Industrial control systems have been shown to be vulnerable to cyberattacks as seen in high profile attacks such as Stuxnet. Many industrial control systems are directly connected to the internet. The emerging notion of an Industrial Internet of Things which entails the idea of integrating industrial and manufacturing processes by connecting sensors, effectors and controllers through the internet poses great cyberattack risk to such devices. A broad variety of reports forecast a rapidly growing IIoT infrastructure.
Multiple security approaches have been proven to be ineffective for IIoT EDS devices. There are multiple reasons for this. One is that antivirus programs house gigabytes of data and malware memory signatures. Considering the low memory, low processing power for these devices, it is impossible to run such solutions. Alternative anti-malware solutions such as certificates can work for identity management of IIoT devices, but it has been shown that certificate authorities can be spoofed. The certificate authority is a single point of failure of the identity security system.
Because of the deterministic nature of IIoT systems, malware, in general, does not attempt to steal personal information; instead it converts the device into a bot that can attack other systems as part of a botnet. Being part of a botnet renders the IIoT device unreliable - the device control is lost to the botnet controller and this is unacceptable for critical energy systems.
Another complication of ICS security is that they cannot handle operational downtime required for firmware updates that generally include security patches. Because many of these industrial IoT systems are constantly running 24/7 critical infrastructure, they cannot be taken offline even for a brief period for a system update. Some of these systems have been in the field for +20 years and any attempt to update the core of the ICS software could be catastrophic for associated operations. Because downtime is an issue, the software for many legacy systems has never been touched and the antiquated (but still in use) software is riddled with security vulnerabilities. Imagine attempting to recompiled firmware for a nuclear substation - would you want the cooling tower for the fuel rods to be running without a control system even for a minute?
The question becomes, how do you secure and provide security updates to these extremely sensitive ICS devices without disrupting operations in a space and processor efficient way?
What is your solution?
By using hackers tools against the hackers, NeuroMesh has developed a patent-pending vaccine for IoT by injecting NeuroNode endpoint security into IoT devices’ kernel. Our platform provides managed security and intelligence for IoT devices. NeuroNode is light-weight and provides malware protection and intrusion detection. NeuroNode also sends traffic data to the NeuroCloud to analyze for any abnormal behaviors.
NeuroMesh secures data transfers through a proven, existing communication infrastructure for distributed systems - the bitcoin blockchain. We have developed a proprietary architecture to deploy an unhackable command and control (C&C) interface, NeuroCloud, over the bitcoin blockchain which can be deployed across IoT devices. NeuroCloud will serve several purposes: monitor and transfer traffic across IoT devices, relay commands to IoT devices to shut down traffic to malicious sites, store a blacklist of unauthorized communication points for each IoT device and nuke malicious botnets or malicious code that resides on a given IoT device.
What inspired you to start your company?
Caleb, (MIT Soan '17) met Greg (MIT PhD Candidate in Cybersecurity) in fall of 2016 at an MIT Media Lab's venture course. Caleb had a background in investing in IoT companies and Greg had previously founded and ran Accenture's Smart City Strategy business. Both were former hackers, and both had deep expertise in IoT.
In October 2016, hackers took down Dyn, which manages Reddit and Twitter network traffic, using IoT devices like baby monitors and DVRs. Traditional security vendors had no solution to solve this mess. Caleb and Greg wanted to take matters into their own hands by utilizing Caleb's strong IoT and business background and Greg's cybersecurity background at MIT.
What's been the most surprising aspect of this process?
We were surprised how much room there is for innovation in IoT security. There is incredible whitespace. While network security providers have tried to step in to secure IoT, nothing has successfully lived on the endpoint. Why are hackers better at accessing and running software on devices than those who made the technology?
Further, we were surprised by how hard it is to sell to IoT manufacturers and by their complacency in IoT security despite making critical infrastructure. Everyone is extremely excited about our technology, but due to legal complexities and the threat of product recalls, the sales process has been challenging. Despite this, we've been able to partner with truly innovative companies in energy and medical devices to pilot and disrupt IoT security.
What’s been the most valuable piece of advice you’ve received?
You're solving a global crisis that will benefit humanity. Don't get distracted by setbacks, keep on pursuing the mission.
Keep thinking big.
What are you most looking forward to for the Launch finals?
The Launch Finals will give us a platform for a call to action on IoT security. There are massive implications - we are talking about large-scale blackouts and deaths from medical device hacking. We hope the finals will help raise awareness to IoT security.