By: Rick Grinnell, co-founder and managing partner of Glasswing Ventures.
In this modern connected age, there’s no shortage of risks to fret about. I hate to add one more, but cyberattacks against utilities and power plants have recently rocketed to the top of the list of major security concerns.
For instance, a June report from ESET released new research revealing that the Ukrainian power grid was taken down in late 2015 by the Win32/Industroyer malware. This malware has been considered the biggest threat to industrial control systems since Stuxnet. In addition, the fact that Iranian hackers were able to infiltrate the New York Dam in 2013 is further proof that taking down power plants, power grids and other key components of critical infrastructure, both within the United States and overseas is a big goal for hackers.
However, the news isn’t all dire. One reason for optimism is the fact that hackers have not yet been able to cause significant damage thus far. The other is these mounting threats are a huge opportunity for innovation, particularly for firms that are well-versed in artificial intelligence and machine learning applied to security defense and response.
Growing threats lead to growing market
Overall, cybercrime is not going away and is only getting worse, and businesses continue to increase investments in solutions to thwart cybercrime.
While some of that spending is going to the usual suspects like Symantec, Cisco, IBM, and Raytheon, there is a healthy market for cybersecurity-focused startups. Many of those firms employ AI/machine learning. For instance, Dragos a startup focused on protecting industrial control systems (ICS) and critical infrastructure from cyber threats, recently announced a $10 million funding round.
In addition, Microsoft bought Hexadite for $100 million and Amazon purchased Harvest AI for $20 million last year. Both firms employ AI to detect and fight cybercrime. Crowdstrike and Cylance have also zoomed to $1 billion-plus valuations for their AI-focused cybercrime solutions.
Why AI? As the level of threats keeps increasing, the ability to monitor and respond to those threats has surpassed human abilities. According to Caleb Barlow, vice president of threat intelligence for IBM Security in a recent FT article, large companies may face as many as 200,000 “security events” every day. AI can mimic what a human cybersecurity analyst would do but the effect is magnified and runs 24/7 without human error.
Will AI save our power grids?
Of course, hackers can use advanced techniques and technologies like AI for their purposes, too. Just as the AI-enabled offensive and defensive solutions are becoming more commonplace, hackers are doubling down on the energy sector as a key target. A September report from Symantec identified Dragonfly 2.0, an international syndicate that appears to be interested in gaining access to energy facilities. Dragonfly 2.0 uses multiple techniques, including malicious emails, watering hole attacks and Trojanized software to attempt to gain such access. Once inside CI networks, the group operates in data-gathering mode, learning how these systems work, in order to potentially take control at some point in the future. The recent hurricanes in the Caribbean, Florida and Texas have caused massive destruction and power disruption for millions of people. A successful CI cyberattack, while hard to comprehend, could be even more devastating, impacting even more people around the world. It is more imperative than ever to stay ahead of hackers by using increasingly sophisticated and intelligent defenses.
While more sophisticated endpoint defense can solve some of these more PC-centric and OS-specific exploits, an emerging set of vulnerabilities tied to IoT deployments in CI networks becomes a more menacing attack vector. Fortunately, there are a few innovative cybersecurity companies and tools already on the market that address many of the IoT security needs of critical infrastructure (CI) facilities, including Pwnie Express* and Armis, which provide visibility into all of the malicious devices and activities trying to connect to CI networks. New players like Aperio Systems have introduced products that plug into CI control systems and use machine learning algorithms to study and identify the unique fingerprints of a system. They then use that baseline to judge anomalies, which raise red flags.
So far, this is a wide-open market and an urgent opportunity. There is a great business case to be made for pursuing AI-based solutions to CI security threats. There’s a marketing case too: For much of the public, AI is still perceived through Hollywood’s lens. Helping defeat CI hacking is good PR for AI and will help the public better understand the reality-based benefits of AI.
About the Author: Rick Grinnell is co-founder and managing partner of Glasswing Ventures. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage. During his 15 years of venture capital experience, he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital).