The COVID-19 pandemic has made remote work more popular than ever before. At the height of the pandemic in April, 70 percent of United States workers responding to a Gallup poll said they were working remotely. And, in the months since, though that number has decreased, many are looking at adopting remote work for the long term.
Industrial environments have never been equipped for remote work. The operational technology used to monitor, detect and control changes to devices, processors and events of industrial equipment are popular targets for cyber attackers and unauthorized access to industrial control systems can be detrimental to critical infrastructure.
However, ever since the COVID-19 pandemic shut down operations around the globe, the team at SecurityGate.io has seen a new trend emerging. While industrial facilities have historically been resistant to digital transformation, the pandemic has expedited these initiatives.
“There are machines that have to be managed by people in these facilities. COVID put an end to that. With the advancement of COVID and social distancing, there’s even more of a need right now for digital transformation so that people can do things from a far,” says SecurityGate.io CEO Ted Gutierrez. “Digital transformation has always been a part of the plan for many enterprises, but it was usually about efficiency. Now it’s an absolute requirement because people fundamentally can’t travel to that facility and even if they can, people are already behind on their schedule.”
SecurityGate.io is a Houston-based cybersecurity software company. Their risk management platform helps companies improve OT/ICS risk management efforts and use digital automation and data intelligence to scale efficiently. The company was founded by Gutierrez, and Cherise Esparza, their Chief Product Officer, in February 2017.
“The election getting hacked in 2016, really made me realize that cybersecurity in critical infrastructure environments was going to be a major market that was going to grow,” says Gutierrez who has more than 20 years of experience in risk management. “We knew there wasn’t a solution like ours so we decided to build it.”
SecurityGate.io talked to Industrial Cyber about the current struggles facing OT environments now, trends the company has seen since its founding and the challenges facing organizations in the future.
“We still don’t have enough qualified operational technology focused cyber personnel and because of that we still see a huge dichotomy within the ICS sectors between companies that really have a handle on things and are actually improving their cybersecurity day-to-day and the people who are just patching holes,” Gutierrez says. “There’s not a holistic governance program. So we still see that the ICS sector is a mess in 80 percent of cases because they have the dollars but they don’t really know yet where to spend it and how to spend it effectively.”
SecurityGate.io is working to fill the knowledge gap they see in many industrial sectors. The company offers the only risk management automation SaaS solution on the market and they work with organizations at varying stages of their cybersecurity journey.
“We have customers that are rather far advanced with some pretty nice systems and then we have the other end of the market. They’re at the very beginning, but they’re asking the same questions: what do we do, how do we do it,” says Matt Wilbanks, SecurityGate.io CMO. “We’re able to help the companies that are coming in brand new and saying here’s how you build a risk management program for solving the challenges you have with OT, ICS cybersecurity.”
In addition to helping those organizations just starting out, SecurityGate.io works with more mature organizations to use the data they’ve collected through their current cybersecurity efforts to shape their strategy moving forward.
“We can serve these different companies even though they’re at very different stages of the maturity of their programs,” Wilbanks says.
Gutierrez says one of the barriers they encounter, and an issue plaguing critical infrastructure operators around the globe, is a late adopter mentality around digital investment. He says the static nature of these environments makes change difficult from not only a mental standpoint but also a practical one.
“It really comes down to minimizing the overall impact on people in OT environments,” Gutierrez says. “You can’t turn systems off and on; you can’t regularly upgrade and replace hardware in software in operational technology environments. Those environments are part of a much larger facility with moving parts and people.
“It’s about giving people their time back which is the most valuable return on investment for digital investment in an ICS environment.”
Gutierrez says that despite some pushback, many organizations were coming around to digital transformation even before COVID-19. In general cyber investment in the OT space is up, and he says that trend isn’t going away any time soon.
However, one of the things standing in the way of organizations getting the resources they need is the continued lack of attention to cyber attacks in industrial environments. Gutierrez says raising awareness is key to ensuring organizations are protected.
“I don’t think we’re sharing enough information. You have some small groups that are sharing information with each other, but there are a lot of cyber attacks that are either near misses or total hits that we still don’t read about on the news,” Gutierrez says. “So what we are at risk of is a fallacy in their mindset which is, because there haven’t been any major attacks in the last year or so, we don’t need to be spending this money and putting these resources behind it. It’s hard for this community to keep getting resources because they’re doing such a good job of blocking and tackling these attacks.”
For more information on how you build a risk management program for solving the OT check out SecurityGate.io