The fact that industrial connected devices and machines can be highjacked or manipulated by outsiders has worried critical infrastructure providers and manufacturers ever since it was revealed in 2010 that Stuxnet, a malicious computer worm that targeted Supervisory Control and Data Acquisition (SCADA) devices, caused substantial damage to Iran’s nuclear program. The digitalization of industry and tensions with Russia have heightened those concerns. NanoLock Security, an Israeli scale-up, aims to allay those fears with technology that promises to prevent cyberattacks, sabotage and human error-based accidents involving IIOT, SCADA devices, industrial machines, programmable logic controllers and industrial control systems. NanoLock applys a device-level Zero Trust security approach to prevent unauthorized attempts to modify the way machines or devices function. Customers include electric companies, manufacturing companies, industrial machine manufacturers and logistical centers. It’s worldwide clients all have something in common: they operate machines that are “a critical part of the organization” and disrupting their function “can harm lives, operational integrity and business continuity,” says CEO and Co-Founder Eran Fine.
The company expects to announce a new funding round in July, bringing the total of capital raised to more than $30 million.
In April the U.S. Cybersecurity and Infrastructure Security Agency (CISA) briefed over 13,000 critical infrastructure industry stakeholders about the possibility of “Russian cyberattacks” during the next 12 months. Cyber experts say tensions with Russia are also likely to impact industrial operations in Europe. Sectors such as renewable electric generation, electric transmission, upstream and midstream oil and gas, water and wastewater management are likely targets but so are small and medium-sized manufacturing firms in Europe due to lack of security in both their IT and the operational technology (OT) environments.
Fine says threats also come from the inside. A negligent engineer or a disgruntled employee can wreak havoc with physical assets either by accident or intentionally. Firewalls don’t safeguard against such attacks. “Protection from the outside is not enough, adversaries can come from any direction,” he says. “There are energy and food shortages, threats from state actors, financial motivations and increasing connectivity. It’s the perfect storm and it can lead to cyber chaos.”
NanoLock can “prevent and detect outsiders, insiders, human errors and cyber events and protect against them. Our solution is a preventive technology, rather than a detection one.” says Fine. What’s more the five-year-old company can work with both new and legacy devices. Its technology does not use a lot of computing power or introduce latency, he says.
The Israeli scale-up’s patent protected technology is based on a device-level, Zero Trust approach, a security framework requiring all critical access, whether in or outside the organization’s network or even physically, at the device level, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access . By deploying such a solution even if the target device or machine has a vulnerability and bad actors can access it, they can’t execute a devastating attack. Any command that changes the function of a machine needs to be authorized by a server that NanoLock provides its customers, Fine says. A dashboard alerts companies of hacking attempts, which are blocked at the device-level, and provides an audit trail for further analysis.
If a bad actor attempted a StuxNet-type attack “our technology would have blocked it,” he says. “It is so easy to conduct a devastating insider attack and we were able to show it with countless products and major brands such as a major smart lighting maker that sells products to consumers, factories, cities and even military bases,” says Fine. “It’s so easy to infiltrate and it’s truly feasible to protect.” Click here to see a demo of how the technology works.
Competitors include Karamba Security, which provides embedded cybersecurity solutions for connected systems, Sternum, an IoT cybersecurity startup, and Red Balloon which specializes in securing embedded devices across a range of critical industries.
Last month, NanoLock added Tamir Pardo, a former Director of Mossad, Israel’s national intelligence agency, to its advisory board. Pardo headed the Mossad from 2011 to 2016 and is the co-founder of XM Cyber, an Israeli hybrid cloud cybersecurity startup, which was acquired for $700 million in November 2021.
NanoLock has its R&D center in Israel and offices in the U.S., Europe, and Japan.
This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.