Cyber-attacks on Sony, Ashley Madison, eBay, Domino’s Pizza, Target and Jeep garnered headlines everywhere. But cybersecurity experts and government leaders say those hack crimes are peanuts compared to what’s around the corner.
One of the biggest fears on the digital battlefield is a cyber-attack on critical infrastructure and manufacturing industries. Power-generation systems, transport networks, manufacturing industries, financial services, health and safety systems and telecommunications are all vulnerable due to Internet of Things(IoT) connectivity.
“Until a few years ago, these industries were considered safe because they were completely isolated from the outside world,” says Yoni Shohet, founder and CEO of SCADAfence, a startup that develops cybersecurity solutions for the critical infrastructure and manufacturing industries.
“Today, many of these systems are connected in order to make them more efficient. But by connecting them to outside networks or the Internet, this has exposed them to threats and attacks. The financial potential of such an attack – for example, shutting off the power supply, damaging the process of drug production or explosions within the systems themselves – is enormous.”
“Israel is a small country surrounded by enemies and always has to be at the frontline when it comes to technologies. Therefore we’re at the front line of cybersecurity.”
At its graduation ceremony earlier this year from Microsoft Venture’s startup accelerator program, SCADAfence attracted a lot of local attention. That the startup can save governments billions of dollars was just one of the reasons.
The seven-member company is based out of the JVP Cyber Labs in Beersheva, Israel’s desert city on track to becoming the cyber capital of the world.
SCADAfence’s solutions are “designed specifically for industrial networks, which are found in manufacturing industries and critical infrastructure. The solutions are designed to leverage the unique characteristics of these networks to protect against cyber attacks and ensure operational availability,” Shohet tells ISRAEL21c.
SCADA refers to a computer system that gathers and analyzes real-time data to monitor and control a plant or equipment in industries such as telecommunications, water and waste, energy, oil and gas refining and transportation.
Shohet tells ISRAEL21c that cyber-attacks on critical structures aren’t theoretical anymore but very much a serious threat, as proven by recent attacks such as Dragon Fly (against energy-grid operators, major electricity-generation firms, petroleum pipeline operators and energy industry industrial equipment providers) and the BlackEnergy cybercrime toolkit targeting Ukrainian government officials.
“We’re offering a new technology arena, new solutions,” Shohet says of his company’s goal to bridge the gap between increased connectivity and security. “What we’ve found in this industry is it’s an emerging market. There is a real opportunity to solve these problems. There’s no consensus on how these problems need to be solved so there’s a lot of room for innovation. We can really be one of the pioneers and shape how this market will look.”
Frontline of cybersecurity
Just about every day, a new cyber report is released on the potential financial damage from cybercrimes against critical structures.
American policymakers and cybersecurity experts say energy is the most vulnerable industry, according to a report by the US Council on Foreign Relations, which noted that a massive attack could temporarily cut the supply of water, electricity and gas, or obstruct transportation, communication and financial transactions.
A report by Cambridge University and Lloyds insurance group predicts that if a cyber-assault breaches America’s electrical grid, it could create $1 trillion worth of damages.
In 2015, US President Barack Obama earmarked $14 billion for fighting cyber-attacks. Yet the United States is expected to be hit with a massive cyber-attack by 2020 that will cripple banks, power plants and communications, according to The San Francisco Chronicle.
“There are hundreds of attacks taking place against the UK and US nuclear industry and financial system every day. There is this non-stop badgering of the system by hackers who are hoping that one day the system will crack,” E.J. Hilbert, who heads Kroll’s cyber unit for Europe, the Middle East and Africa, and a former FBI agent in the cybercrime and counterterrorism field, told CNBC.
While Hilbert warns of hundreds of attacks on US and UK grids, in 2014, the Israel Electric Corporation registered some 20,000 attempted hacks on its smart grid each hour, according to a Bloomberg report. During the Gaza war last summer, hack assaults on Israeli infrastructure and industries reached a reported two million a day.
How has the country managed to stay almost hack-free? “Israel is a small country surrounded by enemies and always has to be at the frontline when it comes to technologies. Therefore we’re at the frontline of cybersecurity,” Shohet tells ISRAEL21c.
Working from the same incubator space as cybersecurity company CyActive used to work from – until PayPal acquired it in March 2015 – Shohet says that deal inspires him but is not the path he’d like his company to follow.
Instead,he talks about CyberArk, whose software protects from cyber-attacks that have made their way inside the network perimeter. Israel’s largest private cyber-security software company, CyberArk listed revenues of $66.2 million for 2013, and since September 2014 has been traded on NASDAQ.
“That’s the kind of company we’re aiming to be,” says Shohet.
For more information, click here.