Reports concerning Stuxnet first emerged in 2010 — it was a sophisticated and malicious computer worm that had been deployed to destroy nuclear centrifuges in Iran. It was designed to appear as a series of industrial mishaps and operational failures rather than a coordinated attack. It is estimated that nearly 1/5th of Iran’s centrifuges were destroyed in that attack.
That may have been the first major report of an organized attack against industrial controls systems (ICS) but since then the frequency of attacks has rapidly escalated at a global scale. The U.S. Dept. of Homeland Security reported that in 2015 such attacks in the US alone numbered ~300. These attacks against critical infrastructure are perpetrated by other governments, competitors or criminals, and sometimes disgruntled insiders. The impact is measured in lost lives, billions of dollars in damages, more billions of dollars in liabilities, and significant data/IP loss.
Unlike traditional cyberattacks, ICS follows different protocols than IP and traditional cyber security solutions are not effective. However, as more ICS come online, they become vulnerable to threats. And by design these attacks are hard to detect, design against and prevent. This is an emerging field in the world of cyber security, and one that we expect will gain quite a lot of attention in coming months/years.
Outstanding ICS Security Leadership Team
Today, we are proud to announce our investment in Nozomi Networks, a company providing operational visibility and industrial cyber security to major industrial clients worldwide. Lux Capital co-led their $7.5M Series A investment round, and I have joined their Board of Directors, along with Glenn Solomon from GGV Capital.
As investors in manufacturing industries ranging from satellites in space to autonomous cars, nuclear waste management and advanced chemicals production, we understand the value/ROI Nozomi Networks offers to their clients. We believe we can be partners in helping them grow across industries and geographies — now with offices in both the USA and Switzerland.
Edgard Capdevielle, Andrea Carcano, and Moreno Carullo are a phenomenal team. They have a deep background and understanding of complex industrial systems, and fully appreciate how both IT and OT (operational technologies) need to work together to implement solutions to fully harness the value proposition.
Andrea and Moreno founded the company in 2013 to utilize advances in machine learning and artificial intelligence to build the core Nozomi Networks’ platform. Then they deployed it across multiple industries in Europe and the US in the form of their first product — SCADAGuardian. Now they have brought on board a security industry veteran, Edgard, as the company’s CEO to pursue aggressive growth.
Nozomi Networks’ team understands that the value for their customer resides in both securing the networks but also in providing unprecedented operational visibility into the network. SCADAguardian provides security and anomaly detection, trouble shooting and remediation, automated reporting and compliance tracking, and prevents extraordinary corrective maintenance that can be very costly.
Advanced Industrial Security and Visibility Technology
For example, their solution can model entire industrial processes and detect deviations from process profiles, rather than relying on simple threshold violations. The company already has clients in the Oil & Gas, Pharmaceuticals, Power & Utilities and Manufacturing/Transportation industries. Our diligence quickly showed that their capabilities, and world-view of industrial controls security was far ahead of competitors.
The industrial cyber security market today is estimated to be between $2–3B, and expected to grow to >$10B over the next 10 years. From Stuxnet in 2010 to last year’s BlackEnergy attacks against Ukranian power grid, this problem is not going away, and is only expected to require more sophisticated technologies to defend against such distributed attacks.
Nozomi Networks will have more exciting team and customer related announcements to make in the coming weeks/months. In the meantime I recommend those interested in learning more to check out their case study on Enel Power Company, as well as analyst profiles from 451 Research and Lux Research.
This article was originally published on the Lux Capital blog.