Shift5 picks up $50 million funding, set to protect planes, trains, weapon systems from cyber-physical threats

Operational technology (OT) cybersecurity company Shift5 announced on Tuesday that it had raised US$50 million in Series B funding, as it works towards securing military platforms and critical transportation systems from cyberattacks. It also offers protection to planes, trains, and weapon systems from increasing cyber-physical threats.

“Our Series B round is a growth stage round, which will allow us to significantly increase investments in product and hardware development, and to expand our team – we’re looking to hire aggressively in 2022,” Josh Lospinoso, CEO and co-founder at Shift5, told Industrial Cyber. “It comes on the heels of a banner year for Shift5. We’re expanding our platform to include defending unmanned aerial vehicles, manned aerial vehicles, maritime vessels, as well as commercial rail assets, and seeing early successes with commercial aviation,” he added. 

The funding round was led by New York-based global private equity and venture capital firm, Insight Partners.

Focusing on how the funding will help drive Shift5’s investments in product development and new talent across teams, Lospinoso said that “Tactically, we’ll hire technical talent that will enable us to scale our product. As a startup, we’re running at a sprint to keep up with customer demand, and we’re applying the full extent of our resources to get engineers, developers, and technical experts in our door,” he added.

OT is difficult to defend because it’s built on serial data networks, compared to other networks that IT leverages to operate, according to Lospinoso. “That’s why you don’t see many companies who are trying to solve the problem we’re solving. It’s difficult to get the experience, and even more difficult to gain mastery. We’re excited to find the technical experts who get as excited about this problem as we do,” he added.

Shift5 protects the inadequately secured OT layer of transportation and weapon systems, providing aviation, rail, metro, and military defenders complete visibility into their OT networks. The company allows operators to gain visibility, detect threats, and maintain the resilience of OT systems, as cyber-physical attacks ‘become an increasingly likely and attractive strategy for digital attackers.’ OT cybersecurity failures on such systems can jeopardize business and mission operations, create safety risks for operators, personnel, and passengers, and incur millions of dollars in downtime losses, remediation, and ransom payments, the company added.

The latest funding comes within four months of the company’s Series A funding round of $20 million last October. “Our Series A round was designed to extend our runway by 12-18 months,” according to Lospinoso. “We’ve raised this Series B round because of our success within the past year, and how we can apply that capital,” he added. 

“Our lead investor, Insight Partners is excited about our trajectory and we’ve hit key growth milestones that they recognize as critical to continued investment,” Lospinoso said. “There is tremendous appetite for earlier stage cyber deals, while competition is fierce for growth stage deals,” he added.

“Shift5 is addressing a critical visibility gap into operational technologies onboard military and commercial fleet assets,” Nick Sinai, senior advisor at Insight Partners, said in a media statement. “Shift5’s experienced founding team with deep national and cybersecurity experience, plus early success, makes the company a standout in the industry. We’re excited to work with Shift5 as it fills a crucial space in defending national infrastructure,” he added. Sinai will join Shift5’s board.

In light of the spate of recent cybersecurity incidents and ransomware attacks in the OT and ICS (industrial control systems) environments, Lospinoso said that “we’re working with many cybersecurity leaders in transportation and defense who see the risk to their operations presented by OT. But when one cyberattack after another makes major headlines for their loss of ability to conduct business as usual or due to data exfiltration, the risk of insecure infrastructure moves from a nebulous to tangible.” 

“We give companies visibility into their OT networks – something they have historically been unable to do – so they don’t need to panic when they see a peer in the headlines due to a major breach,” Lospinoso said. “We help companies move from a defensive to a proactive stance. With our Series B funding, we will bring that ability to see and take action to prevent OT cybersecurity risks to more commercial airlines, rail organizations, and federal groups,” he added.

He said that most OT systems are built upon legacy technology created by manufacturers long before the digital world emerged and before cybersecurity became a priority. “Today, the layer of OT deep within planes, trains, and weapon systems is connected with IT systems that are internet-facing, creating a new attack surface that has thus far remained unsecured. As a result, the transportation systems and other critical infrastructure that supports modern society are vulnerable,” Lospinoso added. 

The U.S. government is undertaking a constellation of efforts to secure transportation infrastructure and weapon systems, according to Lospinoso. “To provide context, the DHS designates the Transportation System Sector as one of 16 critical infrastructure sectors whose disruption would debilitate national security. These sectors are top priority for our government to defend, and we’ve seen increasing efforts by malicious actors to target them,” he added. 

“The transportation industry witnessed a 186% increase on a weekly basis – New York Metropolitan Transporation Authority, Toronto Transit Commission, Ann Arbor’s TheRide, and Class I freight operator CSX were each targeted, for example,” according to Lospinoso. 

The U.S. government published TSA and CISA advisories to align the efforts of industries in monitoring and reporting incidents, Lospinoso said.

“At the Reagan National Defense Forum, we saw the likes of General Paul Nakasone, commander of United States Cyber Command, Admiral Michael M. Gilday, chief of Naval Operations, and senior leaders from the Air Force, Space Force, and U.S. Cyber Command publicly discuss the imperative of weapon systems cybersecurity,” he added. 

Held last December, the Reagan National Defense Forum provided the political spectrum and stakeholders in the defense community an opportunity to review and assess policies that strengthen America’s national defense in the context of the global threat environment.

Lately, the industrial cyber security sector has consistently been witnessing fresh investments. In December, industrial cybersecurity firm Claroty raised $400 million in Series E funding, taking its total funding to $635 million, while Dragos secured $200 million in Series D funding in October at a valuation of $1.7 billion, reflecting increasing demand for OT cybersecurity techniques and solutions.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.