SDR · 20 MS/s · N 52.2297 · E 21.0122
SCAN · ACTIVE
// Origin HiveNODE · US
Operating from Warsaw
// Layer Physical · 0
Hardware Authentication
Layer 0 · Hardware Authentication

We're building the verification layer for the physical world.

Every device that runs critical infrastructure — from industrial controllers to individual sensors — emits a unique electromagnetic signature. Until now, no one read them. EDO does. We make hardware identity verifiable, continuous, and impossible to forge in software. Starting with the factories, grids and facilities that the physical world already depends on.

CPU PLC-S7 XTAL C12
CFO · 24.000 MHz
PHN profile
XTAL · ±32 ppm
Signature locked
NIS2 Evidence Pack EU CRA 2025 Ready IEC 62443 Aligned SOC 2 Type II Roadmap Zero Network Touch No Line Downtime NIS2 Evidence Pack EU CRA 2025 Ready IEC 62443 Aligned SOC 2 Type II Roadmap Zero Network Touch No Line Downtime

Your firewall guards the network. Nobody guards the hardware.

You spent millions on PLCs, RTUs and IIoT sensors. They run your line, your grid, your treatment plant. But here's the question nothing in your stack can answer: are they still the same units the integrator installed? If a service tech, contractor, or someone in your supply chain swapped one — you would not know.

01 / The cloned PLC

A counterfeit unit will pass every check you currently run.

Same firmware version. Same Modbus replies. Same network behavior. The only thing different is the silicon — and nothing in your SOC stack looks at silicon. We do.

CISA · supply-chain hardware advisories trending up
02 / Legacy you can't replace

Your S7-300 fleet doesn't have a TPM. It never will.

Modern hardware authentication assumes secure boot, attestation chips, signed firmware. Most installed industrial gear has none of that, and ripping it out means stopping production. EDO works on what you already have.

Most plants run on pre-2018 hardware
03 / The audit you can't pass

NIS2 wants device-identity evidence. Show your auditor what you have.

"We trust the asset register" doesn't pass an Article 21 review. Auditors want a verifiable chain of custody — something you can hold up that says this exact device is the one that was installed. EDO is that something.

EU 2022/2555 · enforcement underway
04 / The implant that waits

A hardware backdoor sits quietly until the moment it is needed.

State-sponsored campaigns plant compromised hardware months before activation. By the time anomalous traffic shows up, the asset has been working against you for a year. The signature changes the day the swap happens — not the day the attack starts.

Five Eyes · Volt Typhoon advisory

Every device has a physical signature. We read it.

Hardware can lie about its software. It can't lie about its physics.

Every chip is built from real-world components — quartz crystals, power regulators, PCB traces. Each one is slightly imperfect in a way that's unique to that exact unit and stable for years. Together, those imperfections form a fingerprint that radiates out as part of the device's normal RF emissions.

EDO captures that fingerprint with a software-defined radio, places it in a sealed database, and compares every future reading against it. Swap the device and the fingerprint changes — even if the firmware, IP address, and Modbus replies stay identical.

What we don't do: touch your network, install agents, modify firmware, or stop your line. The sensor is passive. We listen, we don't transmit.

// Capture · 70 MHz – 6 GHz
SIGNATURE LOCKED
CFO · PHN · IQI · TRS
SDR · 20 MS/s
CFO
Crystal offset
The clock crystal in your PLC is off by a tiny, unique amount. We measure it.
PHN
Phase noise
The shape of the oscillator's spectral skirt is a chip-level fingerprint.
IQI
PCB tolerance
Component values on the analog path differ batch to batch — measurably.
TRS
Boot transient
How a device starts up is deterministic, unique, and almost impossible to fake.

From signal to early warning — the pipeline.

Every industrial device emits an electromagnetic signature. Our pipeline captures it, learns what "normal" looks like for each unit, and flags deviations before they escalate. No agents on your devices. No taps on your network.

// Step 01 Signal capture

Passive SDR measurement

Software-defined radio captures the electromagnetic emissions of each device — passively, at silicon level. 20 MS/s sampling, 12-bit resolution. No device interaction, no network traces.

// Step 02 Feature extraction

12-dimensional fingerprint

Signal processing extracts a 12-dimensional feature vector per device: Carrier Frequency Offset, PLL characteristics, phase noise, boot transient shape, PCB parasitic capacitance. Physical properties. Impossible to forge in software.

// Step 03 Baseline learning

Sealed Digital Twin

One-class classification learns the baseline signature space for each device. Sealed Digital Twin per unit. Cryptographically anchored. Serves as the reference for every future verification.

// Step 04 Continuous prediction

Anomaly detection

Real-time signatures are compared against the baseline. Drift, substitution, tampering, or degradation triggers auditor-ready alerts before they escalate. Predictive — not just reactive.

The right question isn't "is it talking correctly?"
It's "is it the right device?"

// Layer 0 · The question your stack can't answer

Start with an audit. Stay with monitoring.

Most customers begin with a one-time audit to satisfy NIS2, find what's already wrong, and put a baseline in place. From there, continuous monitoring runs against that baseline — and flags every drift, swap or anomaly going forward.

// 01 — Audit

EDO Audit

A one-time, full-line baseline. Audit-ready evidence pack.

For when your auditor is asking, when you suspect something's off, or when you simply want to know what's actually in your facility.

  • Per-device EM signature capture
  • Sealed Digital Twin you own
  • NIS2 evidence pack, auditor-ready
  • Anomaly report with remediation steps
  • 90-minute walkthrough with your team
Request a quote
// 02 — Monitor

EDO Monitor

Continuous verification. Every drift, every swap, every time.

After the audit, the sensor stays. Your Digital Twin gets compared against live readings — and you get an alert the moment a signature changes.

  • 24/7 passive monitoring
  • Alerts to your SOC stack (SIEM, Splunk, Sentinel)
  • Drift, swap, tamper detection
  • Quarterly executive report
  • Annual signature refresh included
Request a quote
// 03 — Shield

EDO Shield

Hardened deployments for critical and classified sites.

For air-gapped facilities, defence procurement, and sites where the stakes don't allow third-party SaaS. Custom signature library, ruggedized sensors, on-prem control plane.

  • Air-gap and TEMPEST-compliant deployment
  • Custom signature library on premises
  • Defence-grade integration (NATO sphere)
  • Pre-mission and pre-deployment verification
  • Dedicated cleared engineer
Talk to us

The same sensor protects an assembly line and a forward command post.

The physics doesn't care whether the device is bolted to a chassis in Munich or a Pelican case in the field. If it has silicon, it has a signature. We read it.

// FACILITY-A · LINE 03 142 PLC · MONITORED
// Industrial OT

Manufacturing, energy, water, pharma.

If your operation runs on PLCs and you have an NIS2 obligation — or a CISO who lost sleep over Volt Typhoon — this is for you.

  • Automotive · counterfeit actuators on safety-critical lines
  • Power · substation RTU integrity at scale
  • Water · SCADA endpoint verification
  • Pharma · GxP equipment chain of custody
// FOB-7 · MOBILE C4ISR RF SCAN · ACTIVE 2 SIGNATURES MATCH · 4 PENDING
// Defence & Government

Mission hardware. Procurement. Forward operations.

When the supply chain itself is the threat surface, you need a way to verify hardware integrity before it goes downrange — and again after it comes back.

  • Mobile C4ISR · field hardware verification
  • Weapons electronics · pre-mission integrity check
  • FOB infrastructure · IoT and sensor authentication
  • NATO procurement · attestation at acceptance

Honest answers to the five questions we hear most.

Every other vendor told us to put more agents on the network. EDO was the first one that asked whether the devices on the network were the right devices in the first place. That question changed how we think about OT security.

CISO · European industrial operator
Pilot engagement · 2026

Do we have to install anything on our PLCs?
No. EDO is fully passive. We bring a sensor, point it at your equipment, and listen to the RF emissions every device already produces. We don't touch firmware, we don't open ports, we don't push agents. Your operations team doesn't even need to acknowledge we're there.
Can we run this without stopping the line?
Yes. Capture happens during normal production. The sensor sits a meter or two away from the cabinet, listens for a few minutes per device, and moves on. Most plants can be baselined during a single shift without any change window.
Will this interfere with our network or our SCADA?
No. EDO is receive-only. We never transmit, never inject packets, and never connect to the OT network. From your network's perspective, we are not there.
What does the deliverable actually look like?
A sealed PDF report with a per-device verdict (verified · drift · anomaly), an evidence pack mapped to NIS2 Article 21 and IEC 62443-2-1 controls, and a Digital Twin file you own. Auditors get a clean artefact; engineering gets actionable findings.
How is this different from network anomaly detection?
Network anomaly tools watch what a device says. EDO watches what it physically is. A cloned PLC running a perfect firmware copy will look identical to anomaly tools — same packets, same timing, same behavior. To us, it looks completely different, because the silicon is different. We complement your network stack; we don't compete with it.

Find out what's really running on your line.

A 30-minute briefing, no slide deck. We bring the SDR, walk through a redacted result from a comparable facility, and tell you straight whether EDO makes sense for your environment. If it doesn't, we'll say so.

Book the briefing See how it works first

// No deck.   No demo.   Just the answer.

Questions we answer often.

What is electromagnetic signature analysis?

Electromagnetic signature analysis is a technique for identifying hardware devices through the unique electromagnetic emissions they produce. Every industrial device — controllers, sensors, embedded systems — generates a physical fingerprint driven by manufacturing tolerances in the silicon itself: crystal frequency offsets, phase-noise profiles, PCB tolerances, and boot transients. Together they form a fingerprint that is unique to the individual device, stable for years, and impossible to forge in software.

How does EDO verify hardware identity?

EDO verifies hardware identity in three steps. First, passive software-defined radio (SDR) captures the electromagnetic signature of each device at silicon level, without interfering with device operation. Second, the captured signal is processed through a machine learning pipeline using one-class classification on a 12-dimensional feature vector. Third, every device is continuously verified against its sealed Digital Twin baseline. Drift, substitution, or tampering triggers auditor-ready alerts.

What is Layer 0 hardware authentication?

Layer 0 hardware authentication is verification of a device's physical identity, as opposed to Layer 2-7 checks that verify network behavior, protocol responses, or firmware signatures. Traditional OT security tools watch what a device says on the network. Layer 0 authentication watches what the device physically is — reading electromagnetic signatures written into the silicon during manufacturing. This is the layer where hardware substitution, cloned firmware, and dormant state-sponsored implants like Volt Typhoon become detectable.

How is EDO different from RF fingerprinting?

Traditional RF fingerprinting analyzes intentional radio emissions from wireless devices (Wi-Fi, Bluetooth). EDO analyzes unintentional electromagnetic emissions from wired industrial hardware — controllers, sensors, embedded systems — using passive SDR near-field measurement. The technique targets a different device class, uses a different physical layer, and produces evidence for compliance frameworks like NIS2 and EU CRA that RF fingerprinting does not address.

Does EDO comply with NIS2 Article 21?

Yes. EDO produces a sealed audit artifact that provides technology-neutral evidence for NIS2 Article 21(2)(d) supply chain integrity requirements. The artifact documents device identity verification through electromagnetic signature analysis, drift monitoring, and any detected substitution events. Auditors accept this as verifiable evidence rather than declarative asset registers.

How does EDO detect anomalies in industrial hardware?

EDO uses predictive anomaly detection based on continuous electromagnetic signature analysis. The machine learning pipeline compares real-time signatures against the sealed Digital Twin baseline for each device, flagging drift, substitution, tampering, or degradation before they escalate. One-class classification on 12-dimensional feature vectors detects deviations at signal-level, not just behavioral outliers. This provides early warning for hardware compromise, supply-chain interdiction, and unauthorized device replacement.

What sectors does EDO serve?

EDO serves four primary segments: critical infrastructure operators (manufacturing, energy, water, pharmaceutical) needing NIS2 evidence; industrial device manufacturers preparing for EU CRA December 2027 deadline; defence procurement teams verifying supply chain integrity; and NIS2 auditors and compliance consultants needing verifiable evidence for their clients.