If you want to see the future of cyber warfare, look to Ukraine. Two days before Christmas in 2015, a massive cyberattack on an electricity generation station in Western Ukraine knocked out power for 250,000 people in the region—the first confirmed hack to take down a power grid. Exactly one year later, attackers struck again, this time taking out Ukraine’s national grid operator Ukrenergo, causing blackouts across a large chunk of the Ukrainian capital Kyiv. While Kyiv’s power remained out barely one hour, subsequent research demonstrated the 2016 attackers’ real objective was to cause widespread physical damage to Ukraine’s grid, something which could have knocked power out for months on end. In the dead of winter, this could have been catastrophic.
It’s not just Ukraine, though. In 2018, the first Western electricity infrastructure—a part of the transmission grid in Utah, Wyoming and California—was also knocked out. And widespread reports of hackers penetrating and mapping Western power grids—perhaps laying the groundwork for future attacks—have also been documented.
While cyber defenders traditionally have concentrated on threats to organizations’ IT networks, the real threat to critical infrastructure operators are their operational technologies (OT)—the complex industrial control systems used to manage the generators, pumps, valves and other equipment used to run factories, power and water utilities, trains, oil refineries, ports, chemical plants and other industrial assets.
Historically, the OT remained separated, or “air-gapped,” from the internal IT networks connected to the internet; however, this is now changing dramatically. However as organizations seek to leverage AI and big data analytics to drive efficiencies in their operations through “smart networks,” IT and OT networks are converging. In a word, these complex industrial control systems are now connected to the internet, making them vulnerable to hacking. Because many of these industrial control systems were not designed with cybersecurity in mind, it’s not surprising they draw hackers’ attention when these older systems are connected to the internet. Throw in the exponential growth of the internet of things (IoT), and it’s clear the threat vector faced by critical infrastructure operators has grown substantially.
Luckily though, there are several Israeli companies that are world leaders in cybersecurity, and the Start-up Nation offers a nice mix of established firms, and very early stage new entrants:
Waterfall Security Waterfall Security Solutions develops industrial cybersecurity solutions. Based on Waterfall’s Unidirectional Security Gateway technology, the company’s products offer an alternative to firewalls. Its solutions enable safe and reliable IT/OT integration, data sharing, cloud services, and all required connectivity for industrial control systems and critical infrastructures.
ClarotyClaroty was conceived to secure the safety and reliability of industrial control networks. The Claroty platform is an integrated set of cyber-security products that provide extreme visibility, unmatched cyber-threat detection, secure remote access, and risk assessments for industrial control networks (ICS/OT).
SCADAfence SCADAfence develops solutions for operational technology (OT) cyber security. The SCADAfence platform enables organizations with complex OT networks to use Industrial IoT technologies by reducing cyber risks and mitigating operational threats.The non-intrusive platform provides full coverage of large-scale networks, offering high-quality detection accuracy, asset discovery, and user experience with minimal false positives.
Radiflow is a leading provider of cybersecurity solutions designed for critical infrastructure networks (i.e. SCADA) such as power utilities, oil and gas, water, and others. The company’s security toolset validates the behavior of both M2M applications and human-to-machine (H2M) sessions in distributed operational networks.Radiflow’s security solutions are available both as inline gateways for remote sites and as a nonintrusive intrusion-detection system (IDS) that can be deployed per site or centrally. Its solutions are sold either integrated into a wider end-to-end solution of global automation vendors or as a stand-alone security solution by local channel partners.
IXDen IXDen provides security software solutions for IoT devices, industrial control systems, and sensors. IXDen introduces patent-pending technology to protect critical infrastructure from attacks via IoT devices by implementing a biometric-like multi-factor authentication approach.IXDen provides a solution for operational technology and enables users to manage their IoT assets safely and remotely. IXDen employs a new technology to secure IoT devices and brings the equivalent of human identity verification (something users have, something they know, something they are) into M2M communication security while establishing elaborate and strong device identity.
Cynamics Cynamics is a network monitoring solution built specifically for smart city, public safety, and critical infrastructure networks. The solution uses just 1% of network traffic to achieve 100% visibility, offering city operators unlimited visibility at exceptional scalability. Cynamics provides a complete, continuous, holistic view of what is taking place on smart city networks without needing all traffic to be routed through the solution.
OTORIO OTORIO delivers industrial-native cyber solutions that enable reliable, safe, and resilient digital manufacturing. The company empowers secured-by-design rollouts of industry 4.0 initiatives by making cyber security an integral part of the operational lifecycle. Simplifying complex operational-technology cyber-security processes, OTORIO enables continuous management, qualification, and remediation of production cyber risks based on their business impact, safety, reliability, and productivity.
Check Point Check Point’s ICS security solution minimizes risk exposure across IT and OT environments, and blocks attacks before they reach critical assets, all in a way that is easily scalable and non-disruptive to critical processes.