Operational Update

THIS ANNOUNCEMENT CONTAINS INSIDE INFORMATION AS STIPULATED UNDER THE UK VERSION OF THE MARKET ABUSE REGULATION NO 596/2014 WHICH IS PART OF ENGLISH LAW BY VIRTUE OF THE EUROPEAN UNION (WITHDRAWAL) ACT 2018, AS AMENDED.  ON PUBLICATION OF THIS ANNOUNCEMENT VIA A REGULATORY INFORMATION SERVICE, THIS INFORMATION IS CONSIDERED TO BE IN THE PUBLIC DOMAIN.

 

29 September 2022

 

NARF INDUSTRIES PLC

 

OPERATIONAL UPDATE

 

Narf Industries plc ("Narf", the "Company", or the "Group") (LSE: NARF)(OTCQB: NFIN.F) the cybersecurity group specialising in high-end threat intelligence and critical infrastructure security, is pleased to provide an inaugural trading update, with an introduction and overview of operations, and a summary of the expectations on the near to medium term including forecasted revenues.

 

HIGHLIGHTS

● Completed the reverse takeover of Cyba plc in H1 2022

● Changed name from Cyba plc to Narf Industries plc in August 2022

● Signed agreement with partner SRI International ("SRI"), with SRI becoming significant shareholder

● Secured maiden contract for flagship TIGR product in July 2022 and commenced integration phase for large Oil & Gas ("O&G") commercial customer in August 2022 - expect roll-out by Q2 2023

● Advanced discussions with other potential TIGR customers, including Electric Grid customers

● Department of Energy ("DoE") recently launched $45m fund to support development of next-generation cyber tools to protect the power grid which is ideal for TIGR commercialisation efforts

 

CEO, Steve Bassi, said: "With our portfolio of specialist cybersecurity technology, a continually evolving pipeline of new products, a strong in-house R&D team, and an enviable customer base, Narf will become a market-leading supplier of cybersecurity software products. 

Most notably, our flagship product, TIGR, is poised to address a vital market need - namely protecting critical infrastructure against cyberattack ensuring the lights stay on and natural gas keeps flowing even after the utility suffers ransomware attempts and cyberattacks. The need for a product of this kind is clear; nation state and extortionate cyberattacks are constantly on the rise, in frequency and cost, becoming more dangerous to victims."

 

DETAILS

What Narf Does

Narf is a creator of Cybersecurity Products. It works with US government departments, Research  powerhouses and large public utilities, focusing on software solutions to safeguard critical infrastructures from targeted cyberattacks.

Narf has a successful history of tendering for, and winning, Research and Development ("R&D") contracts for potentially ground-breaking technologies, predominantly from the US Department of Defense ("DoD") and large R&D centres, like SRI International ("SRI"). 

R&D contracts tend to be for an initial period of between 12 and 24 months and will be extended by the client once a path to Productization is clear. Our government clients retain government purpose rights ("GPR") which allows Narf to remain the sole IP expert and supplier back into the government. Narf retains all intellectual property created as well as sole commercialization rights.

Narf will ordinarily go from the Research Phase to the Development Phase towards the second half of these initial contracts. Productization then kicks in after both the Research and the Development Phase as the team turns the R&D work into a commercially viable product. By the end of the R&D contract the team will have identified commercial partners/distribution channels, and first target Anchor customers as the Project moves from Productization into Commercialization Phase.

Commercialization is expected to take several months before the Roll-Out Phase where typically all anchor customers have signed and are fully utilising the product, providing both a reference point and platform to ramp up distribution.

At present, given the size of the team, consisting of less than 15 people, only those projects with a large commercial potential are being pursued through the Commercialization Phase. The Group plans to build its team over the next three years by hiring both through the current team's extended network and through further acquisitions.

Narf is now at an exciting inflection point in its business development and has made excellent progress in recent months including:

● Onboarded the Project Lead from SRI for TIGR last year, Dr. Michael Locasto, now our Chief Technology Officer;

● Increased contract wins for additional products helped by the team's past successful projects within DoD;

● Secured commercial rights and IP for TIGR following the contract with SRI, with a large addressable market;

● Commenced integration phase ahead of schedule last month with first O&G customer;

● Advancing four additional projects:

○ Ramping up the Commercialization of long established Software as a Service ("SaaS") Product in 2023

○ Safedocs product to move to Commercialization stage shortly

○ Our AI Social Cyber product to move to Productization Phase

○ Earlier stage product in R&D;

● Narf has identified and is in discussions with six key individuals that will accelerate the various stages of each Project and further establish our reputation within this industry for creating ground-breaking products; and

● Narf continues to pitch for these types of Projects feeding our Revenue Pipeline by a growing team with a well established relationship within the DoD, SRI and other large R&D houses.

 

See the RTO Prospectus from 17 February (Pages 44 to 46) for more detail of the Group's operations and products (see https://narfgroup.com/investor-relations/corporate-documents )

 

Our Key Products

Our three key products are at various stages:

● TIGR - Commercialization

● RANGER (Social Cyber) - End of R&D Phase

● SAFEDOCS - Moving from Productization to Commercialization

 

TIGR - Threat Intelligence for Grid Recovery or "TIGR"

TIGR, the Group's flagship product, is a Hardware and Software Product developed to apply continual integrity monitoring and detect even stealthy cyberattacks deep inside Critical Infrastructure Industrial Control System ("ICS") devices.

In conjunction with a team of expert organisations including SRI International, Dartmouth College and NYU, Narf has developed a product that can be used by utilities and cyber first responders to both detect cyberattacks and enable rapid vetting and restoration of power grids, post attack. It is also applicable across different ICS devices in other utilities such as Oil and Gas ("O&G") and Water Networks.

TIGR consists of two main components:

1.  hardware appliance that is installed in electric grid substations and gas pipeline compressor stations.

2.  software subscription service allowing TIGR to continually identify and stop emerging

and advanced cyberattacks.

Narf is spearheading TIGR's transition to the commercial market. TIGR has taken four years to reach Commercialization coming out of the RADICS R&D Programme (Rapid Attack Detection, Isolation and Characterization Systems). The RADICS programme was funded by the US Government Department of Defense R&D agency known as DARPA (Defense Advanced Research Projects Agency) with a budget of over $200 million.

In May 2021, following the ransomware attack on the Colonial pipeline, President Joe Biden signed an executive order requiring federal agencies to improve cyber security for operational technology, and this was followed by the Biden administration announcing in the full year 2023 budget US$11billion towards civilian cyber security spending of which US$2.5billion going to the Cybersecurity Infrastructure Security Agency - both events providing a helpful background for the launch of TIGR.

In March 2022 the Group signed an agreement with SRI regarding SRI's intellectual property rights and patents related to TIGR with SRI becoming a significant shareholder in Narf and enabling us to act as the commercialising partner.

 

TIGR Operations Update:

● Narf signed its first customer just 3 months after completing the RTO (4 months ahead of schedule);

● Furthermore, it was a customer from Oil & Gas, expanding Narf's potential market opportunity;

● With the TIGR product Narf has a head start on the competition as this is the only product on the market that is custom-made to address this particular issue within Infrastructure protection;

● Given Narf's limited resources in terms of headcount Narf is focussed on the successful integration of its initial TIGR customer and anticipates engaging more fully with its electricity clients in Q4 2022 and Q1 2023;

● The regulator, the Department of Energy ("DoE"), recently announced their cybersecurity fund. The Board expect to provide news on Narf's involvement on this very shortly. The involvement will relate to DoE and academic partners looking at the commercial applications around TIGR (see https://www.energy.gov/articles/doe-announces-45-million-next-generation-cyber-tools-protect-power-grid).

● TAM on the Electric Grid is over US$8 billion and Oil & Gas Cyber Security spend is expected to rise to US$10 billion by 2025.

 

RANGER

Ranger relates to the Social Cyber R&D project for hybrid artificial intelligence ("AI") to protect the integrity of cloud based open-source code.

On June 4th 2021 Narf was awarded a contract for DARPA's hybrid AI to protect the integrity of open-source code. Narf successfully completed the initial R&D Phase for the project ahead of schedule and is expected to shortly be entering the Productization Phase to develop product(s) that detect supply chain vulnerabilities and attacks in open-source code, like the SolarWinds cyber attack in 2020 and the Kaseya VSA ransomware attack in 2021. Narf has developed several proprietary AI methods for recognising, alerting and remediating both intentional and unintentional security vulnerability introductions into open-source code bases (e.g. the Linux kernel) that power today's rapidly growing technology companies. Narf's new defensive technology product is called Ranger and is an Open Source Software ("OSS") solution.

 

Ranger Operation Update:

● Ahead of schedule with SocialCyber, moving into the Productization stage with Ranger just 12 months after starting the original R&D work for the DoD;

● Productization is expected to start in Q4 2022, on which the Board will be updating the market shortly;

● Productization will last until Q4 2023, when Narf will begin the Commercialization of the Ranger product;

●   Team believes that given the widespread usage of OSS by governments, cloud operators and large software companies and its inherent vulnerability to cyberattacks there is a considerable market opportunity for Ranger;

●  With Ranger Narf will have several proprietary AI methods for recognising, alerting, and remediating both intentional and unintentional security vulnerability introductions into open source-code bases;

●    Cloud based OSS cybersecurity market is expected to reach US$28 billion by 2024 (see https://www.morganstanley.com/ideas/cloud-cybersecurity-convergence)

 

SAFEDOCS

The SafeDocs DARPA programme is investigating technology that strengthens the ability to parse complex document formats - safely. Document and file parsing (e.g. MS Word documents) is where the majority of security vulnerabilities leveraged by attackers are typically found. The R&D project was done in conjunction with Narf's partner SRI and is currently in the Productization Phase with initial customers, who process vast volumes of sensitive documents, already identified.

The product will verify, protect and harden document and file parsers against behaving unsafely, which will allow organisations to continue to interact with customer provided documents - with far less risk of compromise of their agents and privileged insiders.

 

SafeDocs Operation Update:

● Following a successful four year Research Phase SafeDocs is now moving into the Commercialization Phase;

● The Product's technology will be applied within customers respective Data environments on contracts amounting to between US$500,000 and US$1 million per customer; and

● Already commenced contract discussions with three potential customers and expect to update the market in due course. 

 

OUTLOOK

The last reported annual revenue for Narf was US$2.7 million. Narf is expecting to grow to $4.4 million for this year ended 31 December 2022 ("Year 1"). By year ended 31 December 2023 ("Year 2") with the impact of TIGR and the new DoD contracts we are expecting to generate revenues of approximately US$9 million of which we have around 80% visibility. We plan to increase headcount, in particular within the TIGR integration team, which will help drive us to our goal to reach revenues of over US$20 million by year ended 31 December 2024 ("Year 3").

 

ENDS

For further information on the Group please visit www.narfgroup.com or contact:

Robert Mitchell	NARF	Tel: +44 (0) 20 3468 2212
Catherine Leftley/Charlotte Page/Isabel de Salis	St Brides Partners	narf@stbridespartners.co.uk
Peter Krens	Tennyson Securities	Tel: +44 (0)207 186 9030

 

 

About NARF Industries plc

Narf Industries (LSE: NARF)(OTCQB: NFIN.F) is a US based cyber security group specialising in high-end threat intelligence with a focus on critical infrastructure. The Group leads commissioned cyber security R&D and is commercialising a portfolio of products including a DARPA-backed product (an agency within the US Department of Defence) that can be used by utilities and cyber first responders to restore power to electric grids and protecting other key infrastructure that have suffered a cyber-attack.  The Group aims to further strengthen its portfolio organically and via acquisition; its team of highly qualified cyber security experts is well placed to identify opportunities.

 

Important notice

The content of this announcement has not been approved by an authorised person within the meaning of the Financial Services and Markets Act 2000 (FSMA). This announcement has been issued by and is the sole responsibility of the Company. The information in this announcement is subject to change. This announcement is not an offer of securities for sale into the United States. The securities referred to herein have not been and will not be registered under the U.S. Securities Act of 1933, as amended (the Securities Act), and may not be offered or sold, directly or indirectly, in or into the United States, except pursuant to an applicable exemption from registration. No public offering of securities is being made in the United States. This announcement is not for release, publication or distribution, directly or indirectly, in or into Australia, the Republic of South Africa, Japan or any jurisdiction where to do so might constitute a violation of local securities laws or regulations (a Prohibited Jurisdiction). This announcement and the information contained herein are not for release, publication or distribution, directly or indirectly, to persons in a Prohibited Jurisdiction unless permitted pursuant to an exemption under the relevant local law or regulation in any such jurisdiction.