Mission Secure: aiming to snuff out cyber threats for asset owners
EU
RenewablesMarket UpdateIn the run up to our InfraTech conference next week inspiratia sat down with David Drescher, CEO and co-founder of industrial cybersecurity specialist Mission Secure, ahead of his appearance at the conference, to discuss cyber threats faced by asset owners
Following its launch in 2014, the Charlottesville, Virginia-based Mission Secure has offered its proprietary MSi Platform for use in the industrial control systems of its clients to help them bolster their cybersecurity protection.
Formed in reaction to requests from the US Department of Defense to root out cyber attacks on its weapons systems, the company has grown to provide its services not only to the US military, but also to energy, infrastructure and smart cities operators.
This growth delivered a more than US$8 million Series A funding round in October 2018, featuring backing from players in Mission Secure's target sectors such as Chevron Technology Ventures, as well as Macquarie Capital and its technology-in-infrastructure partner R/GA Ventures, among others.
And it was on the topic of the financing round where we picked up the conversation with Drescher.
What drew companies like Macquarie and Chevron to invest in Mission Secure?
A company like Chevron, its motivation is to see this technology adopted in its areas of operation. Yes, they want to make money on the investment, but it's all about how we get this deployed in the oil and gas industry and that's what motivates those types of investors.
Macquarie is also an investment bank so we're one of the most promising energy companies and might grow up to be a unicorn someday, and they want to have a piece of that.
We're talking to other investors – strategic as well as financial – for the next round and it's a mix: some see this as an extension of their potential business, whereas others are just looking for financial gain.
What are the plans for the next funding round that you mention, and beyond?
We've raised US$17 million to date, including our Series A last fall. We are now talking to investors about our Series B, from multi-billion-dollar venture funds to smaller funds and strategics.
Whether we then go and do a Series C and a D, or we get taken out at some point, we're in it for the ride and we'll take it wherever destiny takes it. Certainly, we want to grow it as big as we can.
We're also very cognisant of what's happening in the financial markets and prognosis for recession. The good news is half of our business is with the military and the way things are going they're not going to be cutting cyber security spending even if there is a recession.
So, our plans are to grow as big as we can, we're pulling like crazy, we've doubled our customer count in the last 12 months, we've doubled the size of our head count, and we've quintupled our revenue. So, we're checking all the boxes.
In terms of your work in the energy sector, what are some of the most pressing cyber security issues faced by operators in that space?
The most pressing issues is that they are the targets of attacks, in particular from nation states, and we've been seeing that in the US and Europe for the last year. These are very real threats that traditionally companies probably didn't think they had to worry about, but we live in a world where Iran, China, Russia and North Korea are not really our friends and they won't think twice about doing something to impact operations.
On the renewables side they can very easily translate this to a solar farm or wind farms, in particular these multi-billion-dollar offshore wind farms, they're automated and run by control systems and it probably wouldn't take a lot to disrupt those and have a pretty serious impact. Not just to the production, but then there's the cost of repairing and getting them back online.
You mention some countries there, is it mostly state agents carrying out these attacks or is there also an organised crime element to consider?
On the lower end of the spectrum you have you have what we call script kiddies and novices. The high schooler, the teenager down the street doing mischief. Those aren't huge threats to a lot of the energy companies because they do have some kind of cyber security in play.
The next step up the chain would be what we call technical insiders, I recently met with the CEO of a Fortune 50 client of ours and he said his greatest concern is of an insider doing damage. They have insiders that have taken a wrench to control system equipment in a plant and done a lot of damage, well you can imagine if they have passwords, access, and are disgruntled they can carry out some kind of cyber-attack.
But the real greatest threat has become criminal organisations which sometimes operate in countries such as Brazil and eastern Europe and they're often intertwined with the government. They're looking to basically capture things for ransom for their purposes, and that's become a big business.
So how does this translate into an area like the transport sector, particularly as many operators are looking to add connectivity to their networks, which will be a topic at our upcoming conference?
What's happening is connected vehicles are grabbing a lot of attention, a lot of money, everybody's really excited. But connected vehicles are connecting into a 90's infrastructure that was definitely not designed for cybersecurity and has not been and won't be upgraded anytime soon because it's cost prohibitive.
So, there's massive amounts of security vulnerabilities that not only can impact the infrastructure, but by hacking the infrastructure you can essentially get into the connected vehicles and everybody will be affected, so you can imagine the problems we're facing.
To give you a sample of that, we have a client where we've discovered the Chinese essentially logging into some of their remote traffic controllers.
There are lots of ways the attackers can use that, but the bottom line is this kind of transportation network - whether it's traffic, rail or transit, same problems - there are a lot of vulnerabilities and operators are trying to do a lot of fancy things which are great, but you need to not forget about the cyber security.
Hear more from David and other leading players at Wednesday's InfraTech conference. Register here.