Ever since the Stuxnet malware was able to incapacitate an Iranian power facility in 2010, the specter of cyber-attacks against industrial control systems has been a concern. Among the technology vendors that have built platforms to defend ICSes is startup Indegy, which has raised $12 million in a Series A round of funding to support its efforts.
The Series A round of funding was led by Vertex Ventures Israel and included the participation of Aspect Ventures, SBI Holdings as well as Magma Venture Partners. Total funding to date for Indegy now stands at $18 million. The new capital will be used to help expand Indegy's sales, marketing and customer support efforts globally.
"The industrial cyber-security market is in its infancy, and many organizations aren't fully aware of the challenges they face in securing their ICS networks," Barak Perelman, CEO of Indegy, told eWEEK. "We need to invest in market education as well as Indegy brand awareness. We are also setting up a 24/7 support center for both Asia and the U.S., which requires substantial capital."
Perelman projected where he wants the company to be in 18 months, estimated how many people will be needed to get there and determined that $12 million will allow Indegy to take the steps necessary to reach its goals, he said.
At the core of most industrial networks is technology commonly referred to as SCADA (supervisory control and data acquisition), which is typically made with proprietary operating systems and purpose-built software. Providing security for SCADA requires a diverse skill set and research, which is where Indegy has invested a lot of effort. Perelman said that Indegy's research and development team comprises 70 percent of the employees in the company and its engineers have a deep background in researching various industrial devices.
"The one-of-a-kind infrastructure built by our team allows us to easily add support for different proprietary technologies and expand the solution's coverage," Perelman said. "We currently support about 65 percent of the SCADA devices in the world, and expect to reach 90 percent coverage by the end of 2016."
While Stuxnet was perhaps the first form of industrial attack, the current risk landscape for ICSes and SCADA systems is about more than just malware. Perelman emphasized that it is important to understand that in ICS networks, an attack doesn't have to be another Stuxnet.
"In these sensitive environments, even human error can have a catastrophic impact," Perelman said. "Since these networks lack visibility and control, when operational disruptions occur, it is very difficult to pinpoint the source of the problem, and the longer it takes to identify the problem and mitigate it, the greater the damage and mitigation costs."
Among the risk scenarios outlined by Perelman is, for example, a system integrator that leaves a 'backdoor' behind and causes a turbine to halt only to make the customer call back for some more billable hours. Another possible example is an engineer that connects a personal device to the SCADA network and enables Ransomware to reach the most sensitive computers. Perelman explained that Indegy's platform provides visibility to the ICS environment, which is typically filled with blind spots.
Currently, Indegy's main focus is the needs of large industrial enterprises looking to centralize IT and operational technology (OT) security management.
"We are working to enhance the integration between the Indegy Platform and our IT security partners to enable unified analysis and correlation of events from both IT and OT networks," Perelman said. "This will enable CISOs to establish a unified infrastructure for securing both IT and OT environments."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.