Why Protecting Critical Infrastructure is a Growth Business
Colin Dunn, founder and CEO of cybersecurity hardware maker Fend, sat down with ACG National Capital to discuss the digital security landscape facing modern companies and infrastructure.
This article originally appeared on ACG National Capital’s blog on Feb. 27.
Cyberattacks are a real threat to virtually every company and organization across every economic sector. Today, it’s accepted that virtually every organization will be the target of a cyberattack, whether they manufacture household products or operate the critical infrastructure and utilities that make modern life possible.
This means that our increasingly network-connected society must be secured against an ever-widening set of motivated and malicious actors.
Unfortunately, traditional IT security tools like firewalls and software might not be as ironclad a solution as one would need for infrastructure that literally keeps the lights on.
“Such defenses are always preparing you for yesterday’s war,” Colin Dunn, Founder and CEO of Fend told us when we sat down to discuss the cybersecurity landscape facing modern companies and infrastructure. “The stakes are too high to trust these industrial assets to a 99% effective solution.
During our conversation, Mr. Dunn shared with us the vulnerabilities and drawbacks of those traditional cybersecurity approaches, how critical infrastructure vulnerabilities are particularly worrisome in an election year and the unique value proposition of his company’s physics-based cybersecurity solution.
Here is what he had to say:
Corporate Growth…Capital Style (CGCS): Can you tell our readers a little bit about your past experience prior to the founding of Fend?
Colin Dunn: I started out as a mechanical engineer, designing the systems that keep our commercial and government buildings comfortable and safe. Over time I got involved with R&D programs at GSA and DoD with the goal of making these systems more resilient: using less energy, reducing operating costs, and lasting longer.
A key step forward in our ability to streamline maintenance operations and ensure system availability was the connectivity provided through the internet of things. Facility managers across the government and utility sectors are very conservative with respect to cybersecurity, so these large industrial systems were often left disconnected, or “air-gapped,” and consequently operations suffered.
Fend was created to get real-time insight into the hands of building owners, utilities, and logistics teams while keeping attackers out for good. We got our start with contracts from the Department of Defense and Department of Energy and have moved into commercial sales in the past year with the goal of protecting every building, utility, and factory in America from cyberattack.
CGCS: Can you introduce our readers to Fend and its technology? What does the company’s Data Diode technology do?
Colin Dunn: In an era when hackers have access to rentable bot nets, artificial intelligence, and unlimited cloud computing, traditional IT security tools like firewalls and software cannot keep ahead of threats. Such defenses are always preparing you for yesterday’s war. With critical infrastructure, a cyberattack means much more than stolen data and an expensive PR campaign. People’s lives depend on access to clean water, proper refrigeration of food and medicine, and the availability of electricity for hospitals, homes, and businesses. The stakes are too high to trust these industrial assets to a solution that cannot be counted on to be 100% effective.
Fend keeps 100% of hackers out of networks by physically enforcing one-way data flows. Inspired by techniques once reserved for the intelligence community and the nuclear power industry, Fend sends data using light in one direction, optically isolating the protected equipment or network from the outside world. What this approach produces is a way to get data out of one system and into the cloud with a physical barrier that stops attackers at the door. From there, we can use the power of predictive analytics and machine learning to improve productivity and efficiency.
CGCS: Why is the cybersecurity of critical infrastructure an issue today? What has changed in the past few years that has made this a problem now?
Colin Dunn: The internet of things makes it really tempting to bring critical infrastructure like our buildings, electrical substations, and transportation networks into the cloud to improve asset use and business performance. The initial excitement over the benefits of connectivity has outpaced our understanding of attackers’ capabilities. We have maintenance people able to control building systems from their smart phones while on vacation. As convenient as this may sound, this level of access can be exploited by attackers. With the penetration of the US power grid by the Russians and with entire cities being held captive by ransomware, many are beginning to believe we’ve taken unchecked connectivity a bit too far.
CGCS: Why is critical infrastructure the target of malicious actors? What types of hackers would want to attack critical infrastructure? What consequences could result from a successful cyberattack to critical infrastructure?
Colin Dunn: America’s enemies like Iran and North Korea attempt to take down our infrastructure on a daily basis, but the ability to cause harm is now more widely distributed and attacks are being carried out for a wider set of motives. The tools needed to take down our physical infrastructure have never been easier to obtain and the stakes have never been higher. Ransomware has finally given a business model to those who might otherwise need a state-sponsor to bother attacking the grid or building automation systems. As a hospital, for example, when your chiller is held for ransom, you cannot perform surgery, use the MRI, bill customers, or save lives.
CGCS: What types of organizations need to worry about this? What types of organizations should be looking at security solutions like Fend’s Data Diode?
Colin Dunn: Organizations that have physical assets (buildings, commercial vehicles, power generation equipment) that if lost would disrupt business operations. Fend can provide the operational intelligence and security they deserve. Utilities, government agencies, and commercial real estate owners are just a few of our target customers. Building and industrial control systems are served by just a handful of equipment manufacturers and even though a hacker isn’t targeting your specific asset, it may be caught up in a “shotgun” attack looking to take down millions of similar devices. Fend’s hardware can also be connected directly to the cloud for organizations that are seeking a deeper level of analytics and insight delivered directly to their operations teams.
Fend has done well with organizations bombarded by cybercity salesmen pitching safety through software-defined networks and artificial intelligence. The challenge with these alternatives is that software is inherently vulnerable to exploitations, requires ongoing patching and updates (at a cost to the customer), and in the case of AI, the vendor doesn’t often know how their technology works or who is liable when a problem occurs. Fend’s straight-forward, physics-based approach resonates with cybersecurity and facility personnel alike and the value is attractive to CFOs.
CGCS: The calendar just turned over to 2020. Can you give our readers three cybersecurity predictions for the coming year? What cybersecurity trends will we see in the coming year? What cybersecurity stories will make headlines?
Colin Dunn: This is an election year in the U.S. and since more and more voting systems have gone digital, I think we are going to see cybersecurity in the spotlight throughout the year, particularly in instances where election results are close or where any hint of irregularity – real or perceived – exists.
But the real story of election cybersecurity this year may have nothing to do with the voting machines. It’s possible we may see a full-on cyberattack on our electric grid and polling stations this November.
Trend-wise, I think you’ll see an increasingly serious public conversation around cybersecurity and the Internet of Things. You see some of this happening already with households and items like connected camera doorbells and in-home assistants like Alexa and Google. I think that same serious conversation will also happen around critical infrastructure.
Ultimately, this will be the year that America fights back and starts winning against the hackers.
To learn more about Colin Dunn and Fend, click HERE.
