Investments Boost Industrial Cybersecurity

April 27, 2017
External funding is boosting the industrial control system cybersecurity market, as evidenced by Tinicum’s $40 million growth investment in PAS, a supplier of cybersecurity, safety and compliance software.

You’ve likely noticed an increase in the number of new entrants into the industrial control system (ICS) cybersecurity field over the past year or so. Even longstanding companies in this space have been expanding their cybersecurity-related products and services. Further evidence of the increasing interest in this space can be seen in the outside investments being made here. A case in point is the investment of $40 million by private investment firm Tinicum into PAS.

According to PAS, the funding from Tinicum will expand PAS sales and marketing across its global offices as well as increase research and development for Cyber Integrity, the company’s cybersecurity software product.

Asked about the driving factors behind this investment in PAS, Eddie Habibi, founder and CEO at PAS, said, “Quite simply, oil and gas, chemical, power and other critical infrastructure industries are investing in ICS cybersecurity. They understand that the stakes are high with production, safety, environmental, brand and even personal liability at risk from a cyberattack. In fact, we are seeing a significant number of ICS cybersecurity initiatives being driven by boards of directors, who are highly concerned, having seen what can happen to companies—such as Target—that get breached. At a macro level, the challenge these companies face is wanting to apply well-understood cybersecurity best practices, such as inventory, configuration, vulnerability, patch and compliance management on a set of ICS endpoints into which they have little visibility today. They can tackle the workstations, servers and routers that exist in a process control network, because standard IT-based cybersecurity solutions work there. But they cannot take those same IT solutions and apply them to highly complex, proprietary DCSs, SISs, PLCs and smart field instruments primarily because those solutions have architectural constraints. These unaddressed endpoints comprise 80 percent of the cyber assets that exist within a facility.”

Explaining why Tinicum invested in PAS in particular, Habibi said, “We have technology that is architected to interrogate DCSs and other proprietary systems for complete configuration data which, in turn, gives companies the ability to apply the cybersecurity best practices they so eagerly want in their ICS environment.”

More specifically, Habibi noted that Cyber Integrity gives companies “immediate, day-one visibility into the highly complex configuration of industrial control systems that are typically tracked with a spreadsheet today. If you can see it, you can begin to secure it. This visibility gives our customers the ability to go further and detect breaches pinpointing not only that an unauthorized change occurred, but the detail of what exactly changed.”

Tinicum’s investment will be applied to PAS’ three-year technology roadmap, which is focused on proprietary control systems. The funds will reportedly be used to introduce new products and new functionalities related to PAS’ cybersecurity offerings.

In the joint release by PAS and Tinicum announcing the investment, there were several references to critical infrastructure. Considering that PAS is most known for its work in the oil and gas industry, we asked if this reference to critical infrastructure meant that PAS planned on expanding further into other industries, like the electrical grid and power generation industries. Habibi said, “The same ICSs that provide automated control and safety functions in oil and gas are deployed in power as well as other critical infrastructure industries. Cyber Integrity is ICS vendor independent and sector agnostic. One of the reasons for raising investment was to expand our cybersecurity footprint within these verticals as well as others. In fact, the need for ICS cybersecurity software goes beyond critical infrastructure. We have customers in other sectors, such as consumer goods, pulp and paper, mining and pharmaceuticals who are equally concerned their ICS is vulnerable to the same threats facing our oil and gas customers, such as ransomware, disgruntled employees, nation-sponsored attackers and more.”

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. He is also the chief program architect of the annual Automation World Conference & Expo. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Companies in this Article

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...