Indegy, a company which safeguards the gap between SCADA (supervisory control and data acquisition) and SIEM (security information and event management) systems and IT systems from cyber attack, is finding little enthusiasm within data centers for additional security at the DCIM level.
At the same time, it says the number of attacks against industrial targets is growing, and security of such targets is being eroded due to proliferation of Internet-connected devices.
Indegy is fresh out of ‘stealth mode’. It was founded in May 2014 and received an early-stage $6m worth of funding led by information security sector veteran Shlomo Kramer and involving Magma Venture Partners.
An idea whose time has come?
SCADA systems control a wide variety of industrial systems from oil pipelines to nuclear power stations, pharmaceutical manufacturing to vehicle manufacturing and they are critical assets for every organization which manages them.
The consequences of failures in such systems can be catastrophic – from major industrial accidents to environmental disasters. Indegy says it has discovered weaknesses in the organization of many industries.
The company has developed software that acts as the bridge between customer’s information technology and their operational technology.
For some time now, it has been standard practice to leave industrial networks alone. Since they are traditionally constructed separately from the corporate IT network, it has been assumed that this ‘air gap’ would protect ‘closed’ systems such as SCADA and SIEM.
However in recent years it has become increasingly common for this gap to be crossed in order to update software or perform certain operational tasks. And now many more organisations have converged their industrial and IT networks.
The ‘air gap’ myth is a dangerous management delusion, says Indegy’s CEO Barak Perelman: “There is always a connection to the Internet. In my experience there is no such thing as the air gap – there is always someone who doesn’t want to be dragged out of bed at all hours in an emergency and plugs in a modem so that they can connect from home.”
And the fact that SCADA and SIEM systems have a long lifespan is not helping: “Their age is showing. The controllers for these systems were developed more than thirty years ago. Most of them are over 20 years old. Authentication is non-existent. They are ripe for attack by malware. But worse, easy network access means an attacker can do almost anything they want once they get inside.”
Indegy’s software provides information about what is happening at the controller level of SCADA, SIEM and similar systems. Any change in the controller is signaled instantly to the IT managers.
If the dam bursts
“This is a new, emerging market. Up until now companies have had the perception of this arena as ‘security by obscurity’ - in other words, if the hackers didn’t understand it then we don’t have to worry about it,” Perelman explained. ”However it has become obvious in the last four years that corporate industrial engineers and IT engineers have never met and discussed a real solution to the vulnerabilities of control systems. In fact one client said to me: ‘The guys who do the physical security for the buildings won’t sit down with the IT security guys.’”
Indegy can also export its data to DCIM (data center infrastructure management) solutions but few clients are asking for that functionality at the moment.
The company’s warnings certainly seem to be timely, coming as they do hard on the heels of a cyberattack on a Ukranian electric utility which caused a blackout with 30 substations being disconnected from the grid with 80,000 users being affected. And just two years ago, a dam 20 miles from New York City had its control systems hacked into.
Indegy was founded last year by Barak Perelman, Ido Trivitzsky and Milo Gendelsman, all graduates of the Israeli Defense Force’s elite Talpiot Program. Amihai Shulman, CTO at Imperva, also participated in the funding round.