Built to automate and simplify lives, a reported 150 billion smart devices — known as the Internet of Things, or IoT, and categorized as network connected devices — are projected to flood the industrial market over the next five years, creating a newer and growing problem: cyber hacking.
Buellton residents Steve Kiss, 51, president and founder of San Jose-based tech company IPG, and his wife and company finance/operations manager Stacey Glasgow, 49, have for the last two years with their small team of engineers developed a technical solution to help address the issue many are now facing.
"Steve and his brilliant team have created this amazing, easy box where you plug it in, and it runs a report for you and tells you what your problems are," explained Glasgow. "It gives you a live report; you click on it and it tells you what the vulnerability is — and how to fix it."
The metal-encased device no larger than a cigar box has become a stand-alone product on the market, specifically catering to the commercial and industrial markets.
Gearbox, as they call it, is the brainchild of IPG engineer Kiss, and further developed alongside lead technologist Blaise Pabon, lead engineer Alan Penzotti and business development director Chad Zerangue.
It has no fancy screen or complicated keyboard. It doesn't even require software; instead it plugs into "the cloud." In fact, Gearbox has no moving parts and is impermeable to dust, moisture and fluctuating temperatures.
"They've taken everything that would be a hindrance and removed it," said Glasgow, explaining that the product's interface is purposely built with simplicity in mind. "It doesn't require a computer science background to use."
As more and more large companies in such critical industries as water treatment plants, power production and power distribution plants, aerospace and manufacturing use IoT devices like cameras, trackers, smart TVs and computer systems to operate more efficiently and effectively, cyber attacks remain a threat.
And for Kiss, that is a huge concern.
"It's the little things like a railroad crossing — just one railroad crossing or just one water valve — it doesn't have to be this coordinated mass attack to be problematic," he explained. "You can have an isolated problem that is couched out locally. We're not a fear-based company, but everything on an electrical grid can be compromised."
Kiss said that 70 cameras were reportedly "knocked out" in Washington, D.C., in 2017 on Inauguration Day. So the imminent problem is not lost on the federal government.
According to Kiss, a federal mandate steered by Homeland Security has identified 16 specific industries with critical infrastructure for which a simple security breech could greatly impact municipalities across the nation.
In recent years, that has resulted in those major industries, like water treatment plants, receiving an executive directive from the EPA to beef up security in order to maintain a license to operate.
Beyond guard fences and hard-line alarm systems, those entities are now being required to provide computer security.
"Our business is to secure those devices," Kiss said. "Our goal is to make sure their devices are adhering to a good security policy."
Also a worry, he added, is that a large portion of stoplights in the United States. are becoming computer controlled.
"I'm very concerned about that," Kiss said. "I'm not as concerned about whether your Alexa can listen in on you — as I'm sure the technology is transferable — but we're talking about the whole food supply chain."
Gearbox is designed to find, assess and fix cyber security vulnerabilities — before they become an issue.
"So much is not being publicized, [companies] don't want people to know that they've been hacked," said Glasgow. "Really what our device does is it identifies those problems."
Keeping up on white paper reports put out by the government and allying entities, Kiss said he has been paralleling the product's development with what the federal government has been working on.
"The federal government is safe," he said. "It's the municipalities that are most vulnerable."
According to IPG, with over 16,000 water treatment plants in the United States, it is the leading industry in vulnerability due to the heightened risk of water contamination, which would result in widespread impact.
"They are the most underserved. Every municipality has one," Kiss explained, expressing personal concern over local water treatment facilities that even his own home pulls water from.
Though the team is not currently serving the residential market, Glasgow said that bonded, trade industry providers like locksmiths, electricians and security alarm reps can become commissioned Gearbox vendors, using the product to help their customer base identify vulnerabilities on their home network. It would only require a simple plug-in, no complicated technology.
"Because sometimes it ends up being a different device that's the problem, not the door lock the locksmith was called in for," Glasgow said.
Kiss explained that typical home devices that can be breached include Nest Cams — a Google product that connects smart home devices like smart speakers, streaming devices, thermostats, smoke detectors, routers and security systems that include smart doorbells, cameras and smart locks — Alexa and lights, anything that connects to a home network.
IPG was listed in October 2019 by Pepperdine University as one of 15 "most fundable" companies, breaking away from more than 3,500 applicants.
Glasgow said it was an honor to be chosen, and though the process was somewhat stressful, it caused them to formalize company procedures more rapidly, resulting in a level of investor readiness they hadn't foreseen.
"After we would make the cut at one level, they would ask for more information," she said laughing.
IPG was picked out of thousands of early-stage U.S. companies with less than $10 million in annual revenue.
The Most Fundable Companies initiative was adopted by the university two years ago to help bridge the gap between startups and the capital they need to succeed.
"It's really very interesting," Glasgow said. "We went through the process without even starting our formal pitch-process, and we already have two investors. We've even had to turn some away."