Cyber Defense for Operational Technologies

A lightweight protection for critical infrastructure and operational technologies.

Attacks on power grids, transportation systems, manufacturing, and aerospace/defense continue to increase. Organizations face a myriad of risks including safety hazards, financial losses, reputational damage, and threats to national security. Yet, most OT systems lack the necessary defense mechanisms to combat modern cyber attacks. With YOLO, your OT and IT systems are integrated under one unified defense umbrella, providing comprehensive protection and peace of mind. Don't wait until it's too late, safeguard your operations with YOLO today.

Why do operational technologies need special protection?

OT devices do not contain in-built natural cyber protection. Typically organizations will airgap these systems or layer in IT protections such as network packet inspection. While these protections are important, modern adversaries can leap airgaps and evade these protections to reach the OT system boundary. Once an adversary breaches your OT system, it's game over.

OT devices are not visible on your security operations center. Nearly all assets within the purview of security operations are laptops, desktops, phones, servers and to a limited degree Internet of Things devices. Most operational technologies, such as programmable logic controllers (PLCs), building management systems (BMS), industrial control (Industry 4.0), and a myriad of systems in the SCADA/ICS space are simply opaque to modern security practices. For example, information on real-time cybersecurity incidents, malicious in-memory attacks, intrusions, implants and other exploitations are typically unavailable. Most control systems are bound to a physical object or process to the end of its lifecycle and does not benefit from frequent updates and rapid hardware upgrades throughout their lifecycle.  

Real Time Telemetry Stream

Nearly all OT systems lack actionable telemetry to guide incident response. Most control systems do not offer real-time cybersecurity telemetry. YOLO provides industry standard Splunk and Elastic Cloud compatible feed data about intrusions, implants, in-memory attacks and other exploitation.

Cyber Incident and Event Logging

Adding YOLO to existing equipment also enables reporting of cyber incidents and events. Current OT system monitoring are typically concerned with the safety, reliability and health of the controls and data flows and not the cyber status of the underlying equipment.

Break the Kill-Chain

Modern attacks against OT relies on multiple attack techniques such as airgap jumpers and sophisticated in-memory implantation. Given the relative low-resources of operational technologies, exploitation relies on chaining slow techniques together that gives defenders time to react--provided a defense is in place.

Automated Recovery

OT systems are responsible for physical things and processes, often within a safety or life-critical context and unlike IT systems, can not halt awaiting human intervention. When YOLO evicts the malicious code, it instantly restores compromised components in milliseconds without disruption of mission operations.

Unified Cybersecurity Defense for SOCs

Security operations centers (SOCs) in modern organizations function as the cyber nerve center with real-time insight into ongoing attacks. Yet, nearly every OT system does not appear and is not subject to the same incident response and compliance rules. YOLO now feeds telemetry directly to the SOC.

How does YOLO protect your Operational Technology assets?

YOLO protects OT systems in two ways:  First, it actively prevents attackers from persisting their malicious code within the device continuously and starves the attacker of the time needed to execute their techniques and second, it populates real cyber health status about the OT systems onto the same monitoring platforms used by your cyber defense operations.

To be sure, most OT systems are small footprint, low-resource devices running esoteric real-time operating systems and specialized software. Most of these systems are protected only by air-gapping and network monitoring, which would be considered unacceptable for an IT system much less a mission-critical system. But since heavy-weight controls such as endpoint monitoring are not appropriate for these small systems, they remain unprotected, which is also inappropriate. Instead, YOLO is a new type of OT protection that truly lives within the device without upsetting the delicate balance required to execute the mission of the device.


YOLO has wide applicability to a variety of markets.
Rim 7 Sea Sparrow Missile Fired from the Aircraft Carrier

Instant Response and Recovery

Applying IT protections on OT equipment is inappropriate. These control systems typically don't have the resources to run endpoint security, nor should they. OT systems do not and must not be spending cycles scanning, detecting, identifying, quarantining and awaiting responses. It is also unacceptable to have no protection whatsoever.
Does not spend cycles matching signatures and behaviors
Does not require antivirus databases
Presumes components under protection are always under attack
Constantly restores integrity and denies attackers the oxygen necessary to complete an attack
Dashboard mockup


Operational technologies, particularly the legacy devices, do not have resources to commit towards heavyweight protection. YOLO is a new type of OT protection designed specifically for protecting these systems.
Protection code is in the order of kilobytes
The recovery time is typically measured in milliseconds
Multiple instances of YOLO can operate in the same OT device
Compatible with a variety of RTOS such as RT Linux and VxWorks
Dashboard mockup

Real Time Telemetry

Every laptop, desktop and server in the enterprise environment are instrumented to light up their cybersecurity posture within a security operations center. For the first time,  legacy OT devices can emit cybersecurity health metrics and incident data in real time allowing your defensive cyber operations team a single dashboard to work from.
Real-time monitoring of legacy devices
Compatible with Elastic Cloud and Splunk
Delivers security status and alerts for visualization at the SOC
Low bandwidth telemetry link for use in M2M or offshore applications
Dashboard mockup


Since many operational technologies are highly differentiated, Chip Scan will work with you to integrate YOLO into your critical systems. In basic cases, an off-the-shelf YOLO module may be available. However, we recommend laying a more sophisticated protection around your critical program information or most sensitive control software. Once integrated, Chip Scan will work with your team on integration of real-time telemetry into your defensive operations.

Talk to us about how we can protect your OT system

YOLO is a new type of OT protection that is appropriate for preventing the compromise of mission critical systems.

Peer Reviewed Whitepapers

YOLO originated at Columbia University and has since been integrated into automotive, UAV and DoD mission systems. The academic research and scientific backing behind YOLO is peer-reviewed and published.

Frequently asked questions

Everything you need to know about the YOLO.
Should OT systems be airgapped?
Yes, mission critical systems benefit from airgapping, however, modern cyber attacks can leverage airgap jumpers to allow an attacker to overcome this protection. Not all operational technologies can be airgapped without breaking the mission functionality.
Aren't industrial control systems already hardened?
Most control systems are based on an RTOS operating system such as VxWorks. Vulnerabilities such as URGENT/11 can arise and manufacturers can also recommend patching just like any other operating system. Unfortunately, these types of systems are typically mission-critical and processes for updating them aren't simple and mostly they don't get updated.Over time, more vulnerabilities will be found leaving these systems exposed.
Do operational systems require protection?
Attacks such as TRITON are being performed by cyber threat actors, and most OT systems are not well protected against modern attacks. Many safety systems, for example, are triple redundant for reliability and safety, but this is not the same thing as cyber hardened.
Does YOLO require heavy resources?
Unlike a IT endpoint system, YOLO does not require anti virus databases, heuristics and heavy resources to operate. In fact, most OT systems don't have the capabilities to do scan and process such information without disrupting their core mission. YOLO uses anti-persistence to break the kill chain.
Can I request YOLO for my DoD system?
Yes!   We can work with your program office and help you understand the program protection plan requirements.
Does Chip Scan have a contract vehicle for acquisitions?
Yes!   We have an ANTX contract vehicle managed by Navy Information Warfare Center (NIWC).

Level up your security today

Schedule a consultation with us. Let's talk.

Other products we offer

Chip Scan offers proven complementary tools and capabilities for protecting the various layers of your hardware systems.


Discover stealthy undocumented functionality in your designs including hardware trojans, backdoors and other vulnerabilities.

Deep Lift

Real introspection of digital microelectronics, rapidly decompile and recover critical design elements and high level source from the gate level.