A Spanish company called Opscura said this week that it had raised $9.4 million to defend industrial IoT devices that sit deep within the operational technology network. The startup also announced a name change from Enigmedia, and laid out plans to integrate its technology within the products of other big manufacturing equipment OEMs.
David Hatchell, the relatively new CEO of Opscura, told me the company’s technology is designed to work in concert with network monitoring products from Dragos, Nozomi Networks, and Claroty, among others. He joined the company last August after positions at Crowdstrike and Forcepoint. Most of his previous roles have focused on boosting the capabilities of existing cybersecurity players when it comes to industrial or IoT cybersecurity.
In announcing the funding round, Opscura didn’t go into too many details about its technology, but did explain how it works. The company’s software sits on gateways that communicate with OT equipment and acts to hide the types of equipment and what it might be doing. The idea is that encryption, especially encryption that is designed to not interfere with regular OT operations by adding latency or losing data, can prevent hackers from going after the hidden assets.
As it stands today, if you want to introduce malware to a device, you have to understand what exactly it is and find the right vulnerability for it. Because the industrial IoT is made up of hundreds of proprietary chips, firmware, and real-time operating systems (RTOSes), it’s not as simple as releasing a vulnerability to attack iOS or Windows or Android. A hacker has to be specific.
That, however, is changing as companies streamline their RTOSes and silicon in order to make updating and managing these embedded devices easier after they connect them to the internet. But for now, the risk is real, and companies are trying to prevent hackers from accessing their industrial and operational equipment largely by trying to segregate those devices onto their own networks — which theoretically should never touch the internet — and buying tools to monitor network traffic.
So cloaking industrial assets can offer an advantage, and with its funding Opscura will work toward getting industrial giants to validate that its software will interoperate smoothly with their programmable logic controllers and other OT gear. As of now, Schneider Electric has validated that the software works smoothly on its hardware, and Hatchell told me he’s hoping to get other industrial OEMs to validate Opscura’s software as well.
In the meantime, the company’s software already runs on equipment from Siemens, Honeywell, Rockwell Automation, and ABB. The trick will be to get validated on that equipment, which will enable easier sales to incredibly risk-averse industrial customers.
Eventually the goal will be to connect data to the cloud securely. That may be related to the product details that Hatchell declined to share with me, saying only that Opscura would be making product announcements later this year.