In the digital age, communications, weaponry, and critical infrastructure all exist on networks operated by trusted personnel. But what happens when the enemy steals the keys?
Karl Holmqvist is the founder and CEO of Fredericton-based identity verification software Lastwall, the digital key keeper for the United States and Canadaâs agencies and critical infrastructure. It may not be guns in the trenches, but in this era of warfare, he says nothing is off-limits.
âWe’re seeing foreign nation-state[s] hacking our critical infrastructure, our water, our power, the food supply chains; all those things need to be defended.â
Karl Holmqvist, Lastwall
âWe’re seeing the legitimization of attacking commercial targets that would not, in an earlier era, have been considered necessarily fair game,â Holmqvist told BetaKit in an interview on Friday. âWe’re seeing foreign nation-state[s] hacking our critical infrastructure, our water, our power, the food supply chains; all those things need to be defended.â
According to the US Cybersecurity and Infrastructure Security Agency, 90 percent of cyberattacks begin with a phishing email, where a bad actor hijacks a victimâs sign-on credentials through a malicious link. If a government or power station employee gets phished, adversaries can impersonate them in critical systems, gathering intelligence or conducting sabotage. The impact, Holmqvist says, can only get worse in the AI era.Â
âRight now, if I steal your identity ⊠that’s bad, and I can cause damage,â Holmqvist said. âIf you’ve got 40 agents that you have delegated authority to do things to, and I managed to steal your identity, the blast radius of that attack is so dramatically magnified.â
Lastwallâs IDCommand software is meant to mitigate those attacks by assessing over 200 characteristics of each login attempt, like keystroke cadence, mouse movement, and hardware configurations. If something seems off about that power station employeeâs login attempt, IDCommand prompts for additional authentication and alerts security teams. Its work landed Lastwall in this yearâs issue of BetaKit Most Ambitious.Â
Holmqvist, whoâs based in Vancouver, said his startup went âhard mode.â Instead of building out a minimum viable product and working their way up, they built Lastwall for the big fish customer first and foremost: the US Department of Defense. After many years of working with the agency, the gambit has paid off; Lastwall now has FedRAMP Moderate Authorization, clearing it for use in the entire US federal ecosystem. Holmqvist said this also sends a signal to private sector institutions that care about strongly regulated tech, like banks or other defence contractors.Â
âWhen they see an organization has hit FedRAMP standards, they know that the company is passing a 400-plus control audit every year,â Holmqvist said. âItâs a big gold standard trust mark to have FedRAMP certification for your tech, and that plays through to Canada.â
The certification, alongside a fresh $16 million Series A extension round, will aid in Lastwallâs mission to scale up and protect more government agencies and critical infrastructure providers across North America. The round was led by BDC Capitalâs StrongNorth Fund, with participation from the New Brunswick Innovation Foundation, Frostbite Capital, and its existing investor base, including Blue Bear Capital, 18West, and Blue Wing Ventures.
RELATED: BDC expands Defence Platform to $6 billion and names a StrongNorth Fund leaderÂ
As part of the round, BDCâs vice-president of defence strategy, Peter Dawe, is joining Lastwallâs board of directors. Holmqvist said Dawe, who is a recently retired Major General with 35 years of experience in the Canadian Armed Forces, understands the strategic value of Lastwallâs technology.
Dawe has âoperated at an international level and has ⊠seen the scenarios where you need an identity platform that can serve groups from multiple nations,â Holmqvist said. âHe also is very well respected and maintains connectivity with a lot of the right places, so he’s definitely somebody who can help us have some of these discussions.â
Holmqvist hinted that his companyâs fundraising efforts may not be over, as âthere’s a larger appetite than anticipated for Canadian defence tech,â including from banking partners that might supply Lastwall with venture debt. Lastwall will take every dollar it can get as it strives to digitally protect more of Canada and the US, two countries that are, for better or worse, linked as one.
Canada and the US are âall part of the same power grid, so an attack on the Canadian side is an attack on the American side, and an attack on the American side is an attack on the Canadian side, so there is more blurring of lines,â Holmqvist said. âYou can’t defend one without defending both.â
Feature image courtesy Lastwall on LinkedIn.