It’s no secret that at the nation-state level, offensive cyber security technology is vastly out funding defensive technologies. Incidents fall primarily into criminal attacks and nation-state attacks. The former nearly entirely motivated by economics, leverages aged vulnerabilities, and can be structurally managed by a kill-chain methodology. The latter is motivated by espionage and other goals, leverages zero-day and wholly unrevealed vulnerabilities, and are usually implanted to be nearly undetectable until the enemy is ready to activate their payload.
A natural place to implant vulnerabilities is through programmable and customizable components such as FPGAs, ASICs, and SOCs that are ubiquitous throughout the military, government and industrial sectors. These components are the bedrock of defense systems, designed, built and delivered through complex multi-party global processes that affords many opportunities for malice to pass through to the end user undetected. In the past several years, compromises to this strata has been theorized academically, and in the recent news, this has been proven in actuality.
Chip Scan was founded to address these problems. Chip Scan takes a new approach to cyber security starting by securing the computing strata from the hardware-up using its hardware-up vision.
ESPY is a static analysis tool to detect undocumented features in hardware designs before the product hits the market. Originally developed under DARPA contract at Columbia University, and later funded through OSD/ONR SBIR Phase II contract, Chip Scan has developed novel techniques for exposing compromised hardware during design and integration. These patented techniques have been thoroughly red-teamed and is now available in the form of an enterprise-grade and military-grade assurance appliances.