Welcome to Startup of the Week. A column highlighting BC’s most innovative and exciting tech startups. Today, we’re featuring Victoria’s aDolus.
What the world wants now is peace of mind. Given the growth of ever more cunning cyber attacks, that’s a tall order. But aDolus has found a robust solution to deliver on it.
Specifically, it’s enabling companies to rest easy knowing that all software or firmware installed by their staff is legitimate, that’s thousands of different files sourced from hundreds of different vendors. With its software validation framework, aDolus enables manufacturers and owners of smart devices to implement a secure upgrade process seamlessly, no matter the platform or industry. Its solution for securing the software supply chain results in protecting all of us.
The company took the name aDolus, a Latin term which translates into “no deceit,” to send a message to cyber criminals that they can no longer exploit the trust between suppliers and their customers. That is peace of mind!
Eric Byres, CEO of aDolus, has been involved in cybersecurity for industrial control systems for almost two decades. Here he recounts the cyber attack that led to the rise of aDolus, explains why listening to customers is a game changer, and talks of the fear that motivates his day-to-day.
Q: How would you describe what your company does to a Grade 7 class?
A: aDolus helps vital industries like electric utilities, water, and transportation secure the equipment that keeps your lights on, your water flowing, and your SkyTrain moving.
Today billions of “smart” devices are used around the world to make critical systems safe, reliable, and efficient. Often known as industrial control systems (ICS), these contain software not unlike your smartphone or laptop. And similar to smartphones and laptops, they are constantly under attack by hackers, criminals, and foreign government agents. To protect them against the latest attacks, companies need to be constantly upgrading the software running in them. But this also adds a risk: what if the software being uploaded has been created by an attacker just to make the device easier to hack?
aDolus addresses that risk by collecting information about software used in “smart” devices from as many diverse sources as possible. We then use artificial intelligence (AI) techniques to correlate that data and produce a trustworthiness score for software. We provide continuous assurance to companies that the software and all its components are legitimate, tamper-free, and safe.
By working with both the people who build these devices and the people who use them, we are creating a safer, better world.
Q: Why did you start your company?
A: Back in 2014, I was a CTO at a large US company that provided cybersecurity solutions for industrial companies. We became aware of a cyber attack called “Dragonfly” that was invading pharmaceutical manufacturers in Europe. The attack was unusual at the time because it took advantage of weaknesses in companies that supply the pharmaceutical companies, rather than directly attacking the intended pharmaceutical companies. The more I investigated the attack, now known as a software supply chain attack, the more I realized that nothing our company offered would have prevented the attack. As a security expert, I felt helpless – the bad guys were winning.
Two years later a friend who had retired from the US Air Force shared an idea about how these supply chain attacks might be prevented. I was captivated — I wanted to solve this serious problem and here was a possible answer. Together we approached the US Department of Homeland Security and they agreed to provide $800,000 USD to develop a solution. aDolus Technology was born and we started recruiting experts to build our technology.
Q: What lessons have you learned to share with startups?
A: Securing the supply chain is a more complicated problem than I could have ever imagined, but solving it also solves many other related problems. I often say this is like the old parable about the five blind people who discover an elephant. Each describes the elephant completely differently, depending on what part they touch first.
This problem is similar: every time I explain supply chain security to someone new, I hear a different need. For example, some people want to use our solution for software licence management, others want to use it for managing their suppliers, while others see it as a way to comply with country-of-origin regulations. These are all valid use cases and point to the fact, “if you don’t know what went into your soup, it’s impossible to know if it’s good for you.”
Also be greedy about getting advice. Take as much feedback as you can get from as many sources as possible and whittle it all down to something actionable. We got outstanding guidance from our mentors from the Creative Destruction Labs (CDL) at UBC and from New Ventures BC. I wish I had connected with them sooner.
Q: What future trend will most affect your company?
A: The “future trend” that is affecting our company is already here. It is the exponentially increasing number and severity of software supply chain attacks. A supply chain attack is when an attacker goes after their victim indirectly by attacking one of their software suppliers. The much-publicized SolarWinds attack late last year (attributed to Russia’s Foreign Intelligence Service) is a perfect example.
The hackers’ targets were branches of the US government, military, big telecommunications companies, and most of the Fortune 500 corporations. But bad guys didn’t attack them head-on; instead, they infected widely used network management software from the company SolarWinds and waited until SolarWinds’ unsuspecting customers (i.e., the intended targets) downloaded their devious malware, thinking it was legitimate software. Unfortunately, these kinds of attacks offer a great ROI for the attackers, so the world will see many more in the future. In 2020, such attacks increased by 420 percent according to one report. Fortunately, these attacks are the exact kind of attack our technology helps guard against so we believe we can “bend the curve” and make critical systems much safer for everyone.
Q: Congratulations on winning the 2020 New Ventures BC competition! How has winning impacted your company?
A: Participating in the competition really helped us hone our pitch and articulate our value proposition. Winning shined a spotlight on our company and caught the attention of the investment community — a key goal for any startup. These potential investors have brought much more than money; they have introduced us to new clients and opened the door to valuable industry resources. In addition, with our higher profile, we’re also in a better position to attract and hire top notch talent. We’ve been working with UBC and are building our AI and Machine Learning team with some great engineers, developers, and scientists.
Q: What quality is most important for any startup?
A: For a successful startup, you need to have curiosity and the willingness to really listen to your customers, especially the early adopters who are generous with their feedback.
Most of the features in our platform are a direct result of trying to address a real pain point for a real customer. We really focused our R&D efforts on these problems because if one customer is struggling with an issue, you can bet they aren’t the only one. And this has paid off for us. We’ve got some real evangelist customers now who help us beyond product management; they speak at conferences and participate in webinars to share their positive experience with our product.
Q: What’s your source of motivation?
A: Stopping supply chain attacks is critical to our way of life in Canada. It is essential if we want to make the world a safe and prosperous place. We tend to think of cyber attackers stealing your credit card or hacking a website, but supply chain attacks affect everything from our energy grid to our transportation systems. Nothing is safe — we’re even aware of supply chain attacks being launched against medical imaging machines in the middle of the pandemic. If we don’t stop these attacks, criminals and rogue nation states could win the cyber war. I want to do what it takes to make sure that never happens.
Want to be featured as a Startup of the Week? If you are, or would like to suggest, a BC-based tech startup that we should know about, reach out to firstname.lastname@example.org.