Cyber attacks on utilities and industrial infrastructure are on the rise. There was Colonial Pipeline, where an American oil pipeline system carrying gasoline and jet fuel suffered a ransomware attack that affected computerized equipment managing it, and JBS, where the world’s largest meat processing company paid the equivalent of $11 million in ransom to put an end to a major cyber attack.
Israeli firm NanoLock Security was built to protect Industrial IoT (Internet of Things) and critical connected devices for three different industrial market segments including water, gas and electric utilities (smart meters), electric vehicle (EV) charging, and industry 4.0 (the fourth industrial revolution or cyber-physical transformation of manufacturing.) The company announced in May it has become the first company to produce protection for industrial machinery at the device-level, an important extra layer of necessary security.
Cyber attacks on industrial devices have increased dramatically during the COVID-19 crisis, as more companies have found ways to make connected machines and operational technologies (OT) an integral part of their digital environment and as more employees were told to operate from remote locations.
“Let me put it this way, the amount of reported attacks are actually about a third of the actual attacks, because people and companies are afraid to report on them or usually tend to refer to them as an operational event. So we do notice a huge spike in attempts to jeopardize systems to modify their integrity and cause damage,” Yanir Laubshtein, VP of Cyber Solutions at NanoLock, tells NoCamels.
“NanoLock is a mature startup established in 2017 with one goal — to prevent and protect against unauthorized changes in connected devices and to maintain the device integrity. This is the vision of the company,” he adds.
Last month, NanoLock added former Director of Mossad Tamir Pardo to its Advisory Board. Pardo headed Israel’s national intelligence agency from 2011 to 2016. He co-founded XM Cyber, an Israeli hybrid cloud cybersecurity startup, which was acquired by Schwarz Group, the world’s fourth-largest retailer, for $700 million in November 2021.
NanoLock’s solution is used by utilities, industrial companies, and ecosystem partners in Japan, Italy, Netherlands, Switzerland, and the US. The company has its R&D center in Israel and offices in the US, Europe, and Japan. Last year, the company raised $11 million in a Series B round by OurCrowd, HIVE2040, and others and previous raised $5 million in a Series A round.
Laubshtein also suggests that the fact that we are in the post-COVID-19 era merely emphasizes the increase in cyber attacks “because the fact that you are allowing people to operate remotely and the fact that technology by itself makes things more advanced, automated, and digitized” expands the spectrum of attacks significantly.
NanoLock calls itself an “embedded gatekeeper,” meaning that it’s cyber solution is embedded into a device or machine and features a strong locking mechanism that blocks modification attempts unless they are signed by a trusted authorization server.
According to Laubshtein, the company is known for its flexibility to operate in different operating system environments. “To be more clear about that, if our competitors, knows how to operate at the higher level of operating systems like Windows and Linux, we can also operate on lower [level] operating systems like Bare Metal, which is usually very sensitive to memory consumption and energy consumption,” he says. This gives the company a “huge advantage” because it can help them operate on low consumption or even batteries.
Sign up for our free weekly newsletterSubscribe
Meanwhile, the company also offers a lightweight software solution, which makes it easy to operate. One of the biggest advantages of the NanoLock system is its zero trust approach.
“That allows us to prevent human errors from occurring. And you’ll be surprised how much of the cyber event – we call it cyber event, not attack because it isn’t on purpose – is caused by human errors. You know, the engineer trying to modify or change a specific system or device or approach a different one. Our system mitigates the risk from human errors and prevents it from happening.”
Laubshtein gives another example of why the zero trust approach is an important part of the NanoLock system when there is malice or negligence by trusted sources. He refers a multinational manufacturing company with some 300 employees working at different shifts, that recently approached NanoLock for help after a cyber attack on industry infrastructure that had serious implications and could have turned deadly.
“A former employee of a manufacturing company we now work with was fired, not in a decent manner, and left backdoors open to the system itself. The company found out he was tampering with one of the systems at home that he had left open and almost caused the death of 10 people working on a manufacturing floor! He tempered with the configuration of the system,” he explains.
The company looked for a specific end device solution and decided to use NanoLock because of its proven ability to prevent the reoccurance of such an event. Laubshtein calls it a “beautiful example of NanoLock being there to mitigate risk from internal employees, human errors, and so on.”
“If I look back at my time at NanoLock, I think this is the most beautiful example that I can think of — where a former employee left a backdoor open and later tampered with the machine itself, because he has the credentials. And our ability to block and prevent those events from occurring is something that I think is unique.”
This is exactly what the company is trying to do for global manufacturers, Laubshtein adds. By adding another layer of security at the device level for machines, NanoLock is doing “something that most of the industries don’t have at the moment. They are protecting the network. They’re protecting it from outsiders, but no one has that last layer of defense — protecting the device and protecting the machine.”
In the coming years, some of the most important global manufacturing trends will be driven by industrial machinery, including the electrification of mobility, the transition to clean energy and more. NanoLock is ready to combat the difficult cybersecurity challenges that along with it.
“The chaotic reality of the cybersecurity landscape is that there is no way to know where the next attack will come from, so the world must move away from detection to prevention to ensure business continuity. The recent joint cybersecurity advisory emphasizes the need to adopt a different security approach, to better protect the industrial/OT environment for both legacy and new machines,” NanoLock CEO, Eran Fine, said in a statement.