SDR · 20 MS/s · N 52.2297 · E 21.0122
SCAN · ACTIVE
// Origin HiveNODE · US
Operating from Warsaw
// Layer Physical · 0
Hardware Authentication
Layer 0 · Hardware Authentication

We're building the verification layer for the physical world.

Every device that runs critical infrastructure — from industrial controllers to individual sensors — emits a unique electromagnetic signature. Until now, no one read them. EDO does. We make hardware identity verifiable, continuous, and impossible to forge in software. Starting with the factories, grids and facilities that the physical world already depends on.

CPU PLC-S7 XTAL C12
CFO · 24.000 MHz
PHN profile
XTAL · ±32 ppm
Signature locked
NIS2 Evidence Pack EU CRA 2025 Ready IEC 62443 Aligned SOC 2 Type II Roadmap Zero Network Touch No Line Downtime NIS2 Evidence Pack EU CRA 2025 Ready IEC 62443 Aligned SOC 2 Type II Roadmap Zero Network Touch No Line Downtime

Your firewall guards the network. Nobody guards the hardware.

You spent millions on PLCs, RTUs and IIoT sensors. They run your line, your grid, your treatment plant. But here's the question nothing in your stack can answer: are they still the same units the integrator installed? If a service tech, contractor, or someone in your supply chain swapped one — you would not know.

01 / The cloned PLC

A counterfeit unit will pass every check you currently run.

Same firmware version. Same Modbus replies. Same network behavior. The only thing different is the silicon — and nothing in your SOC stack looks at silicon. We do.

CISA · supply-chain hardware advisories trending up
02 / Legacy you can't replace

Your S7-300 fleet doesn't have a TPM. It never will.

Modern hardware authentication assumes secure boot, attestation chips, signed firmware. Most installed industrial gear has none of that, and ripping it out means stopping production. EDO works on what you already have.

Most plants run on pre-2018 hardware
03 / The audit you can't pass

NIS2 wants device-identity evidence. Show your auditor what you have.

"We trust the asset register" doesn't pass an Article 21 review. Auditors want a verifiable chain of custody — something you can hold up that says this exact device is the one that was installed. EDO is that something.

EU 2022/2555 · enforcement underway
04 / The implant that waits

A hardware backdoor sits quietly until the moment it is needed.

State-sponsored campaigns plant compromised hardware months before activation. By the time anomalous traffic shows up, the asset has been working against you for a year. The signature changes the day the swap happens — not the day the attack starts.

Five Eyes · Volt Typhoon advisory

Every device has a physical signature. We read it.

Hardware can lie about its software. It can't lie about its physics.

Every chip is built from real-world components — quartz crystals, power regulators, PCB traces. Each one is slightly imperfect in a way that's unique to that exact unit and stable for years. Together, those imperfections form a fingerprint that radiates out as part of the device's normal RF emissions.

EDO captures that fingerprint with a software-defined radio, places it in a sealed database, and compares every future reading against it. Swap the device and the fingerprint changes — even if the firmware, IP address, and Modbus replies stay identical.

What we don't do: touch your network, install agents, modify firmware, or stop your line. The sensor is passive. We listen, we don't transmit.

// Capture · 70 MHz – 6 GHz
SIGNATURE LOCKED
CFO · PHN · IQI · TRS
SDR · 20 MS/s
CFO
Crystal offset
The clock crystal in your PLC is off by a tiny, unique amount. We measure it.
PHN
Phase noise
The shape of the oscillator's spectral skirt is a chip-level fingerprint.
IQI
PCB tolerance
Component values on the analog path differ batch to batch — measurably.
TRS
Boot transient
How a device starts up is deterministic, unique, and almost impossible to fake.

From first call to first audit-ready report — eight weeks.

No agents on your devices. No taps on your network. No change windows. We bring a sensor cart, walk the line, and listen. Your operations team does not need to do anything.

// Step 01 Week 1 — 2

Site walkthrough

Half-day visit. We map your devices, identify scope, agree on the asset list with your team. NDAs and security clearance handled here.

// Step 02 Week 3 — 5

Signature capture

Our engineer captures the EM signature of every device in scope. Passive listening only. Your line keeps running. Average: 80–150 devices per shift.

// Step 03 Week 6 — 7

Signature analysis

We process the captures, build your Digital Twin, flag any anomalies. You get a draft report and a 90-minute walkthrough call.

// Step 04 Week 8

Final report

Sealed PDF with per-device verdict, NIS2 / IEC 62443 evidence pack, and a recommendation on continuous monitoring. Auditor-ready.

The right question isn't "is it talking correctly?"
It's "is it the right device?"

// Layer 0 · The question your stack can't answer

Start with an audit. Stay with monitoring.

Most customers begin with a one-time audit to satisfy NIS2, find what's already wrong, and put a baseline in place. From there, continuous monitoring runs against that baseline — and flags every drift, swap or anomaly going forward.

// 01 — Audit

EDO Audit

A one-time, full-line baseline. Audit-ready in 8 weeks.

For when your auditor is asking, when you suspect something's off, or when you simply want to know what's actually in your facility.

  • Per-device EM signature capture
  • Sealed Digital Twin you own
  • NIS2 evidence pack, auditor-ready
  • Anomaly report with remediation steps
  • 90-minute walkthrough with your team
Request a quote
// 02 — Monitor

EDO Monitor

Continuous verification. Every drift, every swap, every time.

After the audit, the sensor stays. Your Digital Twin gets compared against live readings — and you get an alert the moment a signature changes.

  • 24/7 passive monitoring
  • Alerts to your SOC stack (SIEM, Splunk, Sentinel)
  • Drift, swap, tamper detection
  • Quarterly executive report
  • Annual signature refresh included
Request a quote
// 03 — Shield

EDO Shield

Hardened deployments for critical and classified sites.

For air-gapped facilities, defence procurement, and sites where the stakes don't allow third-party SaaS. Custom signature library, ruggedized sensors, on-prem control plane.

  • Air-gap and TEMPEST-compliant deployment
  • Custom signature library on premises
  • Defence-grade integration (NATO sphere)
  • Pre-mission and pre-deployment verification
  • Dedicated cleared engineer
Talk to us

The same sensor protects an assembly line and a forward command post.

The physics doesn't care whether the device is bolted to a chassis in Munich or a Pelican case in the field. If it has silicon, it has a signature. We read it.

// FACILITY-A · LINE 03 142 PLC · MONITORED
// Industrial OT

Manufacturing, energy, water, pharma.

If your operation runs on PLCs and you have an NIS2 obligation — or a CISO who lost sleep over Volt Typhoon — this is for you.

  • Automotive · counterfeit actuators on safety-critical lines
  • Power · substation RTU integrity at scale
  • Water · SCADA endpoint verification
  • Pharma · GxP equipment chain of custody
// FOB-7 · MOBILE C4ISR RF SCAN · ACTIVE 2 SIGNATURES MATCH · 4 PENDING
// Defence & Government

Mission hardware. Procurement. Forward operations.

When the supply chain itself is the threat surface, you need a way to verify hardware integrity before it goes downrange — and again after it comes back.

  • Mobile C4ISR · field hardware verification
  • Weapons electronics · pre-mission integrity check
  • FOB infrastructure · IoT and sensor authentication
  • NATO procurement · attestation at acceptance

Honest answers to the five questions we hear most.

Every other vendor told us to put more agents on the network. EDO was the first one that asked whether the devices on the network were the right devices in the first place. That question changed how we think about OT security.

CISO · European industrial operator
Pilot engagement · 2026

Do we have to install anything on our PLCs?
No. EDO is fully passive. We bring a sensor, point it at your equipment, and listen to the RF emissions every device already produces. We don't touch firmware, we don't open ports, we don't push agents. Your operations team doesn't even need to acknowledge we're there.
Can we run this without stopping the line?
Yes. Capture happens during normal production. The sensor sits a meter or two away from the cabinet, listens for a few minutes per device, and moves on. Most plants can be baselined during a single shift without any change window.
Will this interfere with our network or our SCADA?
No. EDO is receive-only. We never transmit, never inject packets, and never connect to the OT network. From your network's perspective, we are not there.
What does the deliverable actually look like?
A sealed PDF report with a per-device verdict (verified · drift · anomaly), an evidence pack mapped to NIS2 Article 21 and IEC 62443-2-1 controls, and a Digital Twin file you own. Auditors get a clean artefact; engineering gets actionable findings.
How is this different from network anomaly detection?
Network anomaly tools watch what a device says. EDO watches what it physically is. A cloned PLC running a perfect firmware copy will look identical to anomaly tools — same packets, same timing, same behavior. To us, it looks completely different, because the silicon is different. We complement your network stack; we don't compete with it.

Find out what's really running on your line.

A 30-minute briefing, no slide deck. We bring the SDR, walk through a redacted result from a comparable facility, and tell you straight whether EDO makes sense for your environment. If it doesn't, we'll say so.

Book the briefing See how it works first

// No deck.   No demo.   Just the answer.