Aviva Zacks of Safety Detective sat down with Bob Baxley, CTO of Bastille Networks, and asked him about the cyberthreats involved with radio frequency.
Safety Detective: What got you interested in cybersecurity?
Bob Baxley: My academic background is in radio frequency (RF) and wireless communications. The physics of RF communications still amazes me. We can send huge amounts of data over the air on this medium that humans can’t even perceive—people can exfiltrate data and corporations and big enterprises depend on wireless links and RF links to have data pass between all of their systems and their environment.
SD: What do you like about it?
BB: I used to do academic research and the result of that was that maybe someone would read my paper. But when you’re building a product, you’ve got customers who get your product and then immediately see results. In our case, we help our customers discover rogue devices that may be sending RF permissions that aren’t allowed in facilities.
With Bastille, you immediately get visibility into all these devices. Our customers see that immediately when they turn on the product and I get that feedback. As someone who helps build the products, that’s my favorite part—helping the customers solve real problems.
SD: Could you tell me about Bastille’s technology?
BB: If you think about the cybersecurity space, there are host-based security products like antivirus and endpoint security agents on computers and whatnot. And then there’s another bucket of products that are network security. These are products that are looking at network traffic, trying to determine if a rogue device is connected to a network, trying to determine if data is being exfiltrated or if unauthorized access is happening to the network, things like firewalls network access control.
Bastille is a network security product, and the network security products most people are familiar with operate on the wired network traffic. They’re looking at TCP/IP traffic on your Ethernet network. That is a mature space, where products offer the ability to set up automated alerts, rules, and anomaly detection.
What’s different about Bastille is we’re looking at the RF traffic, in a facility or an environment. These are emissions from device in RF networks like Wi-Fi networks, Bluetooth networks, Bluetooth Low Energy, cellular networks, industrial control networks, protocols like ZigBee—which is a wireless protocol that people use in industrial control systems—and IoT systems.
With the growth of IoT, there are more and more of these kinds of protocols. Bastille sensors are software-defined radios. That means our sensors, which look like Wi-Fi access points, are able to detect emissions s from all of these protocols, and then we give our customers visibility into all of the devices in the space.
Our sensors will sense an emission from a phone, a Fitbit, or a laptop, and we’ll localize that laptop on the customer’s floorplan map. And they’ll have an overview of their map of all the devices in their facility. They can click through those dots and see what kind of wireless traffic is coming off of the device.
With the data that Bastille collects, our customers can set up automated rules to enforce their device policy. For instance, they can decide they don’t want a Bluetooth device in this facility, or they don’t want a Bluetooth device to connect to another Bluetooth device or want a ZigBee device in their facility that doesn’t have encryption. If one of those out-of-policy devices shows up, it sends the customer an alert and then a security analyst or an IT security person will deal with it. So that’s what we built at Bastille. We give you the system, give you visibility, give you alerting into all these radio frequency networks in your environment.
SD: What type of companies use your technology?
BB: Anyone who’s interested in protecting IP that may be worried about data exfiltration is a potential Bastille customer. The big enterprise verticals we service today are finance, banking, and hedge funds.
There are all kinds of federal facilities that have strict no-emitter policies. They don’t want any RF emissions, any RF emitting devices in their facilities. So they buy Bastille to protect themselves and to enforce that policy.
SD: What do you think is the worst cyberthreat today?
BB: On one level, the most pervasive cyberthreat is poorly managed or unmanaged devices that an enterprise doesn’t have awareness of. One example is that we had a customer who was using Bastille to protect their data center. In their data center, they had a chiller, the air conditioning system for the data center to keep it cool. And they control that chiller over an Ethernet interface. But what they didn’t realize is that the chiller also had an RF interface where anybody could communicate with it. And that’s because whoever manufactured the chiller had different customers with different needs. The company we were helping had no idea that there was an interface, a new attack surface, connected to their network that became an ingress point into their network. I think that’s a very pervasive and common threat.
SD: This is the first time that I’m speaking to someone who deals with radio frequency. Are you a unique service?
BB: I think we’re pretty unique in this space. We don’t really have competitors. People have done this for Wi-Fi for a while. That is, they provided visibility into Wi-Fi networks. But we’re really the first company to give you visibility into all the other protocols out there in the RF space.
SD: How do you think the COVID-19 pandemic has changed cybersecurity and especially in your area?
BB: From a Bastille perspective, as people work from home or they start to get more comfortable with home-based peripherals that may have wireless interfaces, we’re seeing more device policy violations where the organization has a no-devices policy and people are accidentally bringing in Fitbits or other devices, headsets that they don’t even realize have RF interfaces.
Also, as more people work from home, you have fewer boots on the ground in a facility. So physical cybersecurity threat vectors become easier for attackers to exploit. Networks, even enterprise networks, are going from being wired networks to being more and more wireless over more and more protocols.
I’m pretty bullish on Bastille because we help protect that new transport layer that organizations are using more and more.