Coppell Firm Awarded $200K for Department of Homeland Security Test

QED Secure Solutions, a Coppell-based cybersecurity company, has received a stamp of approval from the U.S. government.

Last week, the Department of Homeland Security (DHS) Science and Technology Directorate announced QED is receiving $200,000 to conduct a field test on what the federal agency described as a “secure trust anchor for the Internet of Things.” The test is part of the Science and Technology Directorate’s Silicon Valley Innovation Program and is the final phase of a project initiated in late 2015 called Securing the Internet of Things.

The DHS said the technology underlying the test will validate firmware upgrades of IoT devices to combat the cybersecurity issue of malware being introduced to an IoT network during system updates.

“QED’s award comes after three program phases of proving, prototyping and testing,” said Silicon Valley Innovation Program Managing Director Melissa Oh in a DHS statement. “Their solution could enhance the standard of IoT device security, which is vital to the safety of both commercial user devices and critical infrastructure. Securing IoT networks is essential to the homeland security mission.”

The DHS Securing the Internet of Things project also included outreach to startups to uncover innovative solutions around cybersecurity issues, including anti-forgery and counterfeiting capabilities for digital documentation.

QED was founded by Jonathan Butts, a retired Air Force officer who served as research director for the Air Force Center for Cyberspace Research, and Billy Rios, who has extensive experience in cybersecurity working for Qualys, Google, and Microsoft.

Rios and Butts gained public recognition in August 2018 when they raised awareness about a discovery: There were “disturbing vulnerabilities in Medtronic’s popular MiniMed and MiniMed Paradigm insulin pump lines.” They tried to negotiate the issue with Medtronic and regulators, but to no avail, so they took matters into their own hands—creating an Android app that uses the vulnerabilities to kill people, Wired reports.

At QED, Butts and Rios are responsible for creating an initiative called WhiteScope, which since rebranded to FACT (Framework for Analysis and Coordinated Trust), as part of research project for the DHS Silicon Valley Initiatives Program. The goal was to develop a vendor agnostic solution for verifying third-party firmware updates for IoT devices. That research project led to the creation of the FACT platform and the launch of a separate company focused on firmware validation, aDolus, that would commercialize the FACT technology.

The tech is intended to validate system upgrades for IoT devices. It also provides feedback and statistics to update vendors so they can stay on top of IoT cybersecurity threats.

It’s also the tech platform for the recent DHS IoT cybersecurity test.

IoT devices are often viewed as a key cybersecurity risk and potential point of attack. The devices are becoming increasingly common, have been known to ship with weak security protection, and are often overlooked by network administrators when assessing cybersecurity weak points. Experts have projected there will be 22.5 billion IoT devices by 2021, up from 6.6 billion in 2016.