Deliver Us From Evil: How ICS Security and AI-Enabled Cyber Protection Can Protect Industrial Assets from Attack
Recently, cybersecurity has become a key part of industrial strategy. The increased deployment of sensors and wireless communication of data to cloud-based processing has increased vulnerabilities. In many cases, these may be connected to legacy assets, which do not have sophisticated security measures in the case of cyber-attack.
An Attractive Market
Globally, the industrial cybersecurity market is projected to reach $18B by 2023 at a 7% five-year compound annual growth rate. Protection of industrial assets is crucial for both commercial and national security reasons. For example, corporates are looking to upgrade their cybersecurity to reduce financial losses from asset downtime and avoid regulatory fines (as was the case in February 2019 when Duke Energy was fined $10 million for network breaches), and governments want to protect mission critical network assets and infrastructure from international threats, as was the case of the Ukrainian grid blackout in 2015, and the Russian hacker attacks on the US grid in 2019.
In 2016, there were three known families of malware focused on infrastructure; two new types emerged in 2017 (that we are aware of), with more expected. The increasing exposure of critical assets has led industrial corporates across electric utilities, manufacturing, and oil & gas to quickly seek new solutions. The wider establishment of new energy systems such as DERs will present specific challenges for cybersecurity, with a decentralized energy network leading to experimentation with decentralized solutions, such as blockchain protocol-based security.
Recent studies and simulations of critical infrastructure attack have also shown that there are significant long-term consequences for security breaches. According to a study by Cambridge University’s Centre for Risk Studies, a conservative estimate of the financial impact of a successful cyber-attack on the UK energy grid would cost the UK economy at around £12 billion (USD $17 billion), and a GDP reduction of £49 billion (USD $64 billion) over five years.
This increasing risk of attack has also created an auxiliary market for cybersecurity services. We spoke with Nick Bellamy, Principal Cyber Risk Engineer & Technology Industry Practitioner at Chubb, who pointed to further service needs for large corporations who are looking to partner with smaller IoT start-ups. These start-ups may have a strong offering in terms of IoT functionality, but many of these lean new businesses will not have robust cybersecurity protocols, which can create weak points in the networks of larger industrial incumbents.
“…a conservative estimate of the financial impact of a successful cyber-attack on the UK energy grid would cost the UK economy at around £12 billion (USD $17 billion), and a GDP reduction of £49 billion (USD $64 billion) over five years.”
To capitalize on growing demand, industrial cybersecurity start-ups have raised significant VC funding, attracting investors by developing AI-enabled protection solutions with applications across multiple industrial markets, such as oil & gas, manufacturing and electric utilities. Many cybersecurity products and platforms are horizontally embedded across these industries, allowing rapid entry into multiple markets.
But not all platforms are made to be so scalable across industries – some innovators are developing specific niche products for each vertical, which may scale more slowly, but provide a deeper understanding of the nuances within each market. For example, blockchain-based cybersecurity software developer Xage announced its energy-focused product suite in 2018, to provide distributed and scalable security to legacy systems.
We spoke to Kim Legelis, CMO at Nozomi Networks, who described the convergence of IT (information technologies) and OT (operational technologies) that we are currently undergoing. Nozomi is able to collect OT data at a large scale, using AI to discover cyber threats as well as create wider operational efficiencies within partner organizations (which include utilities such as Enel, as well as multiple large oil & gas companies). This secondary use of cyber data can create new markets for cyber monitoring companies such as Nozomi, where the data they collect can be harvested for optimization efficiencies in multiple business areas.
We also spoke to Jonas Hellgren, CEO of Aperio Systems, a US- and Tel Aviv-based start-up which is developing OT network monitoring solutions. The main vector that Aperio uses for cyber-attack analysis is data from sensors, with this data then analyzed via machine learning algorithms to explore hidden data which may indicate cyber manipulation that cannot be picked up via network level analysis. Jonas describes the energy market as a crucial one for Aperio, but with the rise of connected assets, it is providing an entry point into new areas, such as smart cities.
The IT/OT nexus is an increasingly competitive area of the cybersecurity value chain, with multiple start-ups attempting to provide a differentiated product offering, often via leveraging partnerships with large industrial players. Kim Legelis described Nozomi’s partnerships as three broad types:
- IT alliances
- OT alliances
- channel distribution.
By having a strong set of strategic partners across these areas, cybersecurity start-ups can maintain technological advantages through pilot programs as well as data-sharing with large industrial incumbents, as well as utilizing the strong channel distribution networks of these large companies.
We are also seeing start-ups emerge in the area of cyber-attack threat simulation. At the Cleantech Forum Europe in May, Foreseeti Co-Founder Mathias Ekstedt described the growing importance of pre-attack cyber resiliency, which can be tested by attack simulation programs to find the security blind spots before they can be exploited.