Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: Forbes
In 2013, a U.S. dam was targeted by digital mercenaries working on behalf of Iran’s Revolutionary Guards Corps, forming part of an espionage mission to infect and disrupt the nation’s critical services. Or, at least, that was the fear-inducing narrative at the time.
The Bowman Avenue Dam was, in reality, a 20-foot-tall sluice gate, keeping a stream from flooding the lower-ground floors and basements of houses in a quaint village a short drive from Brooklyn, New York. As it was indexed by Google and other search engines, the gate’s controls weren’t too difficult to find. Not to mention that the attack was hopeless as the online controls had been disabled at the time. This was no fodder for bad Hollywood cyber scripts.
But beyond the hyperbole, it was a reminder that American infrastructure takes many forms, whether run by corporate giants electrifying metropolises or small organizations just trying to maintain small communities. Rob Lee, a former National Security Agency (NSA) intelligence officer and co-founder at critical infrastructure-focused cybersecurity firm Dragos Inc., wants to protect them all. And his company has just raised $10 million in a Series A round to do just that.
The biggest chunk of the money, $8 million, is coming from two investment firms: Energy Impact Partners (EIP) and Allegis Capital. DataTribe, a start-up “studio” that previously pumped $1.2 million into Washington D.C.-based Dragos, is bringing in another $1 million, with a handful of offers being considered for the remaining $900,000, according to Lee. He won’t reveal the company’s current valuation. The funding will go into expanding the team and spreading the firm’s Dragos Platform technology. Built on the founders’ knowledge of attacks on actual industrial control systems, it looks out for and acts on anything that looks abnormal.
An offer for Iran?
Fearing outside influence, Lee wasn’t convinced by the need for venture capital until recently. His company already had the talent; Dragos’ two other co-founders are also ex-intelligence agents who’ve spent time researching real-world attacks on infrastructure. “I have never viewed the venture view of industrial security that highly,” Lee told Forbes. “I think venture has done well in other places, but when it comes to industrial security, we can’t apply the same best IT practises and we can’t apply the same sales tactics.” But the need for outside funding came, in part, from customers pondering the long-term future of Dragos, added Lee.
It’s not just America that will benefit from Dragos’ expansion, says Lee. He says he’ll help private companies working anywhere, as long as it’ll protect civilians. “Out tagline is ‘safeguarding civilisation,’ not just safeguarding the top 20 energy companies that can pay for it… it’s about how can we bring protection to all the mom and pop energy companies too.” Marc DeNarie, CIO at one of Dragos’ lesser-known customers, wind farm operator NaturEner, says he’s benefitting from deeper insight than typical IT products provide: “If new devices come up, or interesting traffic, I can track it down with my vendor, and ask them what the heck those guys are doing.”
Lee says geography is no barrier too. “If it’s the Iranian power grid, they deserve to be protected against everyone else as well.” He isn’t expecting a call from Iran anytime soon, however.
To avoid any conflicts of interest, Lee is turning down all public sector contracts. But he will continue to advise those on Capitol Hill on how to deal with the impending threat of hacks of the nation’s power grid. It’s a threat with which he’s recently had first-hand experience, researching malware dubbed CrashOverride, believed by some to be the work of Russian hackers, due to its release in Ukraine.
Lee and researchers from anti-virus firm ESET believe CrashOverride is the most advanced cyberweapon aimed at taking out power supplies ever seen, even though it’s impact in Ukraine over Christmas 2016 was minimal. The attackers behind it, known as Electrum Group, were thought to be using Ukraine as a lab for future attacks in other parts of the globe.
“We’re very surprised to see they’re very active, and it looks like some of the activity is going towards other sites in Ukraine,” Lee added. Others could now plagiarize their work, he warned: “Their attacks have become instantly replicable for other people in the world.”
The competition
Dragos certainly isn’t the only attractive cybersecurity player in the power grid game, nor is it the only one that can boast an impressive staff of former spy agency employees. Claroty, founded by former Israeli Defense Force cyber experts, came out of stealth last September, having secured a whopping $32 million in funding. Indegy, a other company full of Israel’s ex-intelligence analysts, has also caught the eye of investors, with a $12 million Series A. And Darktrace, founded by former GCHQ and Cambridge mathematicians, recently secured a $75 million round after impressing investors with a digital “immune system” that promises to detect threats on any network, including those responsible for industrial controls.
According to Dragos investors Sameer Reddy from EIP and Allegis’ Bob Ackerman, Lee’s recent experience gives him the edge. He was recently out in Ukraine, assisting triage efforts following the 2015 and 2016 attacks on the country’s power grid, the first known episodes of their kind. Indeed, Lee thinks Dragos outdoes competitors by providing expertise on the ground, rather than just technology.
“In industrial controls, this is the A-Team,” said Ackerman. With the threat of hacker-induced blackouts rising, the world may need more than one.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India