SAN FRANCISCO – Today, Operational Technology (OT) and Information Technology systems are merging and changing security playbooks. Here at RSA Conference 2020, Waterfall Security‘s CEO and co-founder Lior Frenkel describes the front lines of the convergence.
Frenkel maintains that just as more companies, including SMBs, juggle an onslaught of smart equipment, business automation and connected devices, they also need to consider their broadening threat landscape. Ransomware tops Frenkel’s list of threats today against ICS companies. Earlier this month an unnamed natural gas compression facility in the U.S. had its ICS grind to halt after a ransomware attack.
“We are getting inquiries from building automation system vendors where you have big campuses or high-rises with HVAC systems, with elevators, with safety system, with water systems,” Frenkel said.
He said today’s OT systems are increasingly computerized and networked and that “customers need to understand it is not a good idea to have them exposed to attacks.”
Those attacks against OT networks, he said, are criminal based, not terror based. “They don’t care if you are big or small, they don’t care if you are important or not. They care only if you can pay the ransom.”
Waterfall Security’s solutions include a family of unidirectional gateways that provide protection from remote attacks. Solution strategies include customer tools for enabling visibility into operations through server replication, OT network monitoring and a strict adherence to scheduled updates.
What follows is a video interview conducted at the RSA Conference this week.
** What follows is a transcript of the interview **
Lindsay O’Donnell: Hi everyone, this is Lindsay O’Donnell with threatpost and I’m here at RSA Conference 2020, which has kicked off this week starting today. And I’m joined today by Lior Frenkel with Waterfall Security. He is the CEO and co-founder. Lior, thank you so much for joining us today.
Lior Frenkel: Thank you Lindsay. Thank you very much for having me and looking forward for a great RSA.
Lindsay O’Donnell: Yeah, lots to look forward to for sure. Waterfall Security is an industrial control system and operational technology security company focused on those segments. Can you tell us a little bit about, just to start, yourself and how you really got into this specific segment?
Lior Frenkel: We call ourselves the OT security company. We see ourself as more and more solving a bigger part of the OT security issue for our customers. We are now 13 years on the road. So we have a very nice track record.
Lior Frenkel: And at the beginning, prior to Waterfall, I was a CEO of a company I founded before that. And we were more on the offensive side. And what we saw time after time that getting in past perimeter security into the target’s network – It doesn’t matter if it’s an IT network or an OT network – is a task that we or the bad guys never fails in.
Lior Frenkel: Without even getting too technical, each and every attack that you hear of – cyber attack – got in to its target pathing operating a firewall or else you would have never heard of it, pay it and it wouldn’t be a non attack. And we thought that repeatedly; there’s a target, usually a firewall, sometimes some other means of security and the attack gets in time after time. It started making me feel relatively bad saying, “Hey, critical infrastructure are secured the same way.” Everything that you think about those that are connected outside are secured by Firewalls that everybody passes through. So what’s the point?
Lior Frenkel: And that was let’s say the thing that started Waterfall eventually as a company and got us to where we are now.
Lindsay O’Donnell: You make a really good point about how the industrial systems are becoming more connected and the digital transformation that a lot of critical infrastructure companies are going through. And that’s obviously increasing a bunch of the security threats in this space. What are some of the biggest cybersecurity threats that you are seeing when it comes to OT and different types of industrial control systems like HMIs, like PLCs, like all of those.
Lior Frenkel: Well we see it in a bit different perspective. I see this as an evolution of the threat more than a specific vulnerability in a specific product or whatever. Let’s say, back in the days, the main perceived threat was nation state players, terror groups, the least was hacktivist, trying to make a point. And so potential customers when they understood the risk, they understand that they aren’t… They even understand that they are vulnerable.
Lior Frenkel: But most of them, which are not the biggest and most public and most important for the state, for the nation, they didn’t really perceive themselves as a valid target. Who cares about whatever water system in somewhere in some country? Why should anybody waste time and trying to penetrate them and run a cyber attack probe? So some of them, the bigger ones, the one which are more in the focus were ones where regulators usually care more about, they prep themselves even them. But all the rest, which is the vast majority, usually just [inaudible 00:05:36], and what we see in the last few years is a big shift in that.
Lior Frenkel: One of the reason I think the market is starting to grow much faster in the last two or three years is the proliferation of ransomware attacks, which we are used to see in regular IT environments and enterprises, and even in SMBs, we now see more and more happening in OT environments because at the end these attacks, which are criminal based, not terror based, not related to any type of warfare, they don’t care if you are big or small, they don’t care if you are important or not. They care only if you can pay and they can pay.
Lindsay O’Donnell: Yeah, that’s really interesting that you bring up ransomware because you know, over the past year we’ve heard for example, the whole Norsk Hydro ransomware attack made the headlines. And then even a few weeks ago we had CISA warning about the U.S. pipeline that had been targeted by ransomware as well. But to your point, it’s not just these larger manufacturers in terms of ransomware, because a lot of these machines are, and systems are, downtime is so important for them. I feel like it’s, regardless of whether it’s like a big, like Norsk Hydro type company or even the small one, ransomware is so dangerous to industrial control systems and industrial companies as a whole. So is that something you’re seeing as well?
Lior Frenkel: That’s exactly what we, what we are seeing. You mentioned, the recent CISA report on the pipeline that actually had downtime and production. And if you read the report and read their conclusions and proposed mitigation, the first one is network segmentation. Don’t go and just connect your OT into your IT and expect nothing bad will happen because this is exactly what will happen. And it’ll happen again if you don’t change that. And inside the OT network don’t put a big flat network and connect everything and then connect to the IT and expect nothing happened because it’ll happen, it happened, it’ll happen again.
Lindsay O’Donnell: IT and OT convergence continue to be a big type of trend. But I wasn’t sure if you had anything else that you were seeing from your perspective?
Lior Frenkel: Well, what we are seeing so far in the years is that what we’ve just talked before about, about ransomware, that trend is continuing and growing. And we see that starting from the critical infrastructure, the big utilities, the big sites of these customers we are getting today customers and inquiries from prospects from totally different, different types of industries than before, which shows which is a precursor to I think what’s happening there from the maturity of the market.
Lior Frenkel: We are getting inquiries from building automation system vendors where you have big campuses or high-rises with HVAC systems, with elevators, with safety system, with water systems. All today are modern, all are computerized. Unfortunately, or for us, fortunately, all are networked and they are attacked or customers understand that this is not a good idea to have them exposed to attack.
Lindsay O’Donnell: Now that’s definitely a really good point. I’m sure that we’ll also see a lot of discussions around OT at RSA this week as well. So I’m sure lots of exciting things to look forward to at the show. Lior, thank you so much for coming on and chatting with us today.
Lior Frenkel: Thank you Lindsey. It was a pleasure.