Q: Tell us more about MicroSec. What does it do?
A: MicroSec was set up in December 2016, but I've been working on the idea over the last two years.
I was working with different institutes here after I did my PhD at Nanyang Technological University, and I came to realise that the current form of security that exists in Internet of Things (IoT) devices today is not really up to date. This means most IoT sensor networks are vulnerable to attacks because there are significant constraints on their computational power and bandwidth.
In the IoT devices space, most of the security-related deployments are done using a pre-shared key, where a single key is utilised all over the network to provide security. It's like setting up your Wi-Fi router - you set up a password, and you use the same password on your cellphone and laptop, and so on. But what if one of the devices is compromised?
If you're using such a system for security, especially in a large organisation with thousands of devices, losing one password or key is going to cause havoc. Imagine if you have thousands of "smart lights" deployed across Singapore in line with the Smart Nation initiative, for example, and one of them gets attacked. It means you can literally control all the lights in Singapore.
An alternative to the single key deployment is to use a key management system, but it still lacks security from inside attacks and it does not scale very well.
What we have built is a security protocol that allows you to have dynamic keys for each of the devices in the network, called the Micro Public Key Infrastructure (PKI). We also have a system that manages these keys, called the Automated Certificate Management Environment (Acme). Suppose you have millions of devices and you want to manage them remotely, you can easily do so. You can also isolate a device in the event someone hacks into the device to manipulate the network.
All of this makes use of low bandwidth and computationally efficient algorithms, which reduces cost and improves security.
Q: Does the company own any IP?
A: We have drafted two patents for our technologies, but we are still thinking about how much information we are going to put in. This is because there are certain things that, if listed in the patent, could spur other people to do something similar. Our products are still defensible; it's a lot of deep technology that can be hard to copy, but things in the industry move very fast and we don't want to list that kind of information in our patents and make it open.
Of course, we could file lawsuits against potential copycats, but that would be difficult and expensive. Any deep tech company would face the same dilemma we're facing right now. It does seem quite difficult to make technology defensible, so most of the tech companies that file patents do so for marketability.
Q: What are some of the projects MicroSec is working on?
A: We're working with a government agency in Singapore on a proof of concept to validate the idea of a scalable Micro PKI and Acme. We are also working with one partner in Singapore and two customers. Unfortunately, I can't disclose more details.
Q: What are some of the biggest challenges the company is facing?
A: We have a talent problem. It's quite difficult to find someone who works in the security domain, especially here in Singapore. Right now, besides my co-founder and myself, we have two staff and five job openings (for engineers). I have interviewed more than 200 people in Singapore since December, and I still can't find the people I need.
Those who have been working in the industry for a long time, they're quite costly, and as a start-up, we can't really afford them yet. But it's difficult to find less experienced candidates as well. Somehow, there is a lack of topics related to cyber security in schools here. Most people also tend to want to join the financial sector, the banks.
But we still want to be in Singapore because of its Smart Nation vision, which spells a lot of potential for us to deploy our technologies on a nationwide basis. And since Singapore is acting as a test bed for smart cities, we can eventually take our technologies outside of the country and say, "Look, we already have this in Singapore, it works".
Q: What about plans for growth?
A: We are closing a $1.5 million seed round from various investors.
Right now, we are targeting the IoT device market, and we want to establish ourselves there first. But in the future, we also want to move on to asset-tracking devices, satellite communications, and others.
We're already in discussions with two companies in Singapore for asset tracking, and have come up with a concept development, so we will probably enter the market by the end of this year. We hope to enter the satellite communications market by the end of next year.
Geographically, from the middle of next year, we are going to enter the United Kingdom or France in terms of IoT and asset tracking. We still haven't decided where yet, but both have very good opportunity in terms of revenue and size - France a little bit better than the UK, but there's the language barrier.
We will want to keep costs low and make sure we don't burn our money so fast. We're still young.
