A look at cybersecurity for rail systems, building automation and the future of critical infrastructure

Waterfall Security Solutions announced a major expansion into new markets and industry verticals. In support of this expansion, Waterfall has secured a significant new funding round to enable aggressive growth. We caught up with Lior Frenkel, CEO and co-founder of the company, to find out more.

So Lior, you folks just announced a big new expansion and investment. What are your main priorities for Waterfall Security in the next 5 years?

Well, let me first say that our priorities are unchanged as a result of this new investment. CPMG and our other investors made their decisions because they liked what they saw in our vision and plans. We will be doing more and faster, expanding into new markets and innovating more in our fields of expertise.

We serve the most secure industrial sites on the planet. Some of the markets we are planning to expand into are rail transport and Building Automation Systems (BAS) markets.

OK, let’s dig a little deeper. What is the state of cybersecurity for the world’s rail systems, and why do you see an opportunity there?

The rails industry is very focused on safety. In most of the world, the industry is also increasingly focused on physical security. The entire industry though, is only just waking up to cyber threats. Starting only one or two years ago, we saw the entire industry kind of look around and say “Safety is job one, and cybersecurity is essential to safety. Oh rats!” And we saw a lot of operators start looking seriously at cybersecurity. Standards are starting to emerge, and best practice guidance.

And so very recently we have seen many inquiries from rail companies, from North America, Europe, and APAC. We have a bunch of big installations protecting rail systems already, in all these regions, and we see a huge opportunity for our Unidirectional Security Gateway technology in this industry. There is a big push building in this market to really, thoroughly protect safe, reliable and efficient rail systems operations from cyber attacks.

And how about building automation? That’s a huge market and really diverse, isn’t it?

That’s right, and as in any large market, we are setting our targets and priorities. We are focused on the mid and high end of the market – think airports, casinos and large government and office campuses. Medium-sized and large airports, for example, are not really buildings – it’s more accurate to think of them as small cities. They have everything from lighting, escalators, elevators and air conditioning to runway lights, baggage systems and radar systems. A lot of this is safety-critical, like the elevators and runway lights. A lot of this is operations-critical – if the baggage systems go down customers get very unhappy, very quickly, and very publicly.

And like rails, these industries are only starting to look up from what they’re doing and saying “Cybersecurity? Well rats,” and are starting to put some serious security in place. Airports have long had robust physical security programs and even robust cybersecurity for things like personally identifiable information. But physical operations have historically been ignored cybersecurity-wise.

In this market too, we have already many successes for our Unidirectional Gateway technology at some of the world’s largest airports. As you said, this is a huge market and we see a huge opportunity for expansion in the next couple of years.

How do you see the critical infrastructure market more generally evolving in the near future?

It is hard to give one answer for such a large, global and diverse market. One of the interesting changes we see is the involvement of enterprise IT teams in OT environments. People have been talking the talk of IT/OT integration for 15 years now, but in the last 1-2 years we see enterprise security teams not just kicking tires, but for the first time starting to act in large numbers. The first big investment many such teams make is in security and network monitoring – extending the reach of the enterprise SOC into operations. This lets the SOC finally see what’s happening on some of the most important networks in the business.

The problem with effective monitoring though, is that to monitor industrial networks you need to connect from deep inside those networks to a central SOC. We have technology that enables this, but without the risks of interconnecting all of your industrial networks, and connecting them to an external, Internet accessible network.

From the threat angle, the trend of the last decade continues: our adversaries and their attack tools continue to become steadily more powerful and more sophisticated. We see an increase in ransomware propagation into industrial networks, extortion related attacks on OT networks, as well as rapid growth of state-backed reconnaissance and infiltration campaigns.

Industrial enterprises are steadily increasing the strength of their security programs to address the steadily increasing threat. And so, a lot of industrial enterprises are looking hard at the example of the world’s most secure industrial sites and are adopting some or all the techniques that those sites use. These are of course the techniques Waterfall has been pioneering the last 15 years, and so again, we see huge opportunity here.