Military-grade cybersecurity startup Periphery is donating its expertise and software to support the Ukrainian war effort.
Drones have transformed the battlefield in Ukraine and armed conflict in general. The relatively cheap and effective tools have driven a shift from kinetic to cyber warfare.
Periphery's embedded AI-driven technology was developed specifically for IoT devices, such as drones, by a team of former military and defence security engineers.
The company will work with Ukrainian military and drone operators to ensure their IoT devices are hardened from cyber-attacks, using Periphery's AI-driven, military-grade threat management system.
I spoke to Toby Wilmington, co-founder and CEO of Periphery, to learn more.
Ukraine is "one of the most contested electronic warfare environments in history."
According to Wilmington, the cybersecurity risks surrounding UAVs are still relatively new, but the rapid pace of adoption is bringing increased attention to this space.
In October 2024, President Volodymyr Zelensky announced the country was now capable of manufacturing up to four million drones annually.
In January 2025, it was estimated that 100 types of drones are in use in Ukraine, ranging from toy-sized systems to larger models with wingspans of almost 20 metres. Consequently, the country has become an innovation centre for drone technology.
"What started as hobbyist technology a decade ago has accelerated at an unprecedented rate, now forming a critical component of modern warfare and national security — much like the IoT landscape, which has evolved from niche applications into an essential part of critical infrastructure."
The biggest cybersecurity threats facing Ukraine's drone fleets
According to Wilmington, Ukraine's drone fleets and unmanned aerial vehicles are subject to a variety of serious threats.
The most critical are:
GPS jamming and spoofing
"Russian forces have employed electronic warfare tactics to disrupt Ukrainian drone operations by jamming GPS signals, causing drones to lose navigation, land, or crash. "
Hijacking and takeovers
According to Wilmington, there is a concern that adversaries could remotely take control of drones by exploiting vulnerabilities in their communication systems.
He notes, "While specific incidents in Ukraine are less publicly documented, the potential for such attacks remains significant."
Malware and firmware exploits
Captured drones can be reverse-engineered to extract sensitive data or introduce malware.
"For instance, researchers are demonstrating methods to extract telemetry information and identify vulnerabilities in drones through reverse engineering."
Data exfiltration and recon interception
Intelligence, Surveillance, and Reconnaissance (ISR) drones collect critical battlefield data. If intercepted, adversaries could access sensitive information, compromising military operations.
Periphery's technology embeds real-time threat detection and adaptive countermeasures within resource-constrained technologies, such as unanned systems.
Its AI-driven security system continuously analyses attack patterns, detects anomalies, and will soon be able to defend against cyber intrusions proactively.
The embedded security solution is easy to install at the point of manufacture for any architecture and maintain with its software.
Adapting to emerging threats in real time
Currently, the predominant cyber security industry strategy involves monitoring network-based activity. Wilmington shared:
"This approach not only overlooks most security indicators but is also frequently ineffective due to encryption."
Periphery's threat management system is proactive, constantly updating and adapting to protect against emerging threats.
"Embedding detection within a device itself (as we do at Periphery) provides a unique perspective into anomalous memory and process activity, which are typically precursors to malicious events.
Our agents constantly send information back and forth to our central AI, where we compile intelligence, give the data context, and use that to better protect against evolving threats."
Periphery's proprietary AI and ML algorithms detect subtle behavioural shifts indicative of cyber threats or risks, providing insights and decision-making information that has not been available before, to power defensive measures.
"Because of that, we can flag threats within 1 day rather than months, minimising damage and downtime."
How do you future-proof devices?
Tech moves fast, especially as AI makes cyber attacks more sophisticated, automated, and difficult to detect.
Periphery's goal is to help manufacturers and their users to ensure devices remain secure, compliant, and resilient with the observability needed to detect risks inside of their devices, without costly redesigns.
For defence, critical infrastructure, and national security, cybersecurity regulations and attack methods are shifting rapidly.
Wilmington asserts that "static security models and approaches are ineffective and are no longer enough in an enterprise network, so we enable devices to adapt over time to emerging threats and regulatory changes (within reason)."
Some key aspects are:
Device hardening: attack techniques are shifting, from firmware exploits and supply chain attacks to AI-powered cyber threats.
"Our intelligence-led approach allows device makers and customers to tackle the key threats to their technologies aligning with what is actively being exploited today."
Regulatory alignment: we follow the likes of EU CRA, NIS2 and MITRE EMB3D, to make it more efficient for customers to ensure their technologies are compliant and reflect the resilience needed in their respective environments.
Further, Periphery continuously evolves its detection and mitigation capabilities, leveraging its experience in securing NATO nations and critical infrastructure worldwide.
"Insights from real-world threats drive our product iteration, ensuring our customers' solutions adapt as the cyber threat landscape shifts. Security is never static, and our approach reflects that."
How do you do cybersecurity in an active war zone?
There are many unique challenges to deploying Periphery's security solutions in an active war zone.
Having worked in multiple air-gapped systems, tempest environments, and 'rapid deployment' scenarios (Resolute Support Afghanistan), Wilmington offered a few examples:
Limited connectivity: Intermittent network access necessitates that security functions operate locally on the device.
"We have to design for where LTE or satellite is accessible but must also function effectively even in disconnected or air-gapped environments."
Rapid deployment needs: Frontline teams require swift integration of security measures.
"We focus on ease of use and the ability to quickly embed into existing platforms without necessitating hardware modifications. Periphery's setup and installation time is less than a day."
Captured device risks: "To prevent adversaries from extracting valuable intelligence from captured drones, our roadmap includes implementing tamper detection and data self-destruct mechanisms."
Cyber-physical battlefield overlap: Drones serve as both cyber assets and physical tools in warfare.
"Our solutions are lightweight and efficient, ensuring they do not impede drone performance."
"Ultimately, we work with the warfighters and units to try to provide something that is moldable and reliable whilst also providing our expert support."
The cybersecurity threat is ever evolving
While much of the focus is on the security of drones themselves, significant risk exists in drone manufacturers' software and supply chains.
Recent intelligence highlights that UAV and counter-UAV (C-UAV) technologies are becoming prime targets for cyber espionage, supply chain attacks, and potential system takeovers.
Wilmington contends that the industry "is not far from its own SolarWinds-scale attack, where an adversary could exploit vulnerabilities in manufacturer networks or embedded software to compromise fleets at scale."
But Periphery is proud to stand with Ukraine:
"As former NATO operators, we stand with Ukraine and are giving them cutting-edge technology to protect critical assets and provide a digital barrier to defend against cyber-attacks.
Our technology will focus on providing digital walls, drawbridges, and gates to guard Ukraine's unmanned systems, so they can continue to focus on their innovation which has catalysed a step change in drone technology. We call on others, especially in Europe, to do the same."
Samuel Burrell, Partner at Expeditions Fund, said:
"As a former Royal Marine turned mission-driven investor, I was fully supportive when Toby called me with the idea of donating Periphery's technology to Ukraine.
At Expeditions, we back companies that don't just push the boundaries of technology but apply it when and where it matters most. That time is right now. I'm confident that their technology will be a game-changer for Ukrainian forces."
Lead image: Toby Wilmington, co-founder CEO of Periphery. Photo: uncredited.
Would you like to write the first comment?
Login to post comments