The how and why of raising OT security capital

Last year was huge for the cybersecurity market, fueled by rising incidents of cyberattacks, particularly ransomware that disrupted services and held companies hostage.

The numbers are striking: Investments in the space more than doubled from the year before to $29.3 billion, according to a recent report by investment bank Momentum Cyber. Two recent funding rounds, in November and February, even exceeded $1 billion. A record 286 M&A deals, worth $77.5 billion, were made, and 14 deals of those were over $1 billion each. This year is off to a promising start with Google’s $5.4 billion acquisition of Mandiant in March.

The market is responding to the evolving threat landscape. As new types of attacks arise, security vendors respond with new tools in what has become a cat-and-mouse game. This dynamic has driven the market for decades, but things are heating up now that the stakes are higher with hits on critical infrastructure and the U.S. supporting Ukraine in the Russian invasion.

One security area that has been seeing particular interest of late is operational technology.

Many attacks last year targeted companies that provide basic necessities of life, and consumers felt the pain. In February 2021, someone gained unauthorized access to the water treatment system in Oldsmar, Florida, and tried unsuccessfully to add more lye to the water supply.

And last May, drivers on the East Coast panicked when they couldn’t get gasoline after a ransomware attack disrupted Colonial Pipeline’s distribution network. That month, a ransomware attack on Brazilian meat supplier JBS resulted in beef shortages in South America, North America and Australia. JBS ended up paying $11 million in ransom.

The transportation industry has also been hit hard in recent years, seeing a 186% increase in weekly attacks from 2020 to 2021, and a 900% increase in maritime attacks since 2017. Recent incidents include attacks on the New York Metropolitan Transportation Authority and the CSX Class I freight railroad.

Critical infrastructure attacks and regulation

All these attacks on critical sectors have led to a slew of federal action plans and regulations affecting the water sector, pipeline operators and other critical industries.

In one example, the Department of Homeland Security’s Transportation Systems Sector-Specific Plan cites a number of elevated risks, including cyber and aging equipment, in guiding industry efforts to strengthen infrastructure security and resilience.

As Russian attacks on Ukraine have intensified, the U.S. government is increasingly concerned about Russia launching cyberattacks on American businesses, especially critical infrastructure. On March 15, President Joe Biden signed into law the Cyber Incident Reporting Act, which requires critical infrastructure providers to report cyberattacks to the Cybersecurity and Infrastructure Security Agency within 72 hours and ransomware payments within 24 hours.

Then, on March 21, the president reiterated earlier warnings, citing “evolving intelligence that the Russian government is exploring options for potential cyberattacks.”

Then the U.S. Department of Justice unsealed indictments on March 24, charging four Russians who worked for the Russian government with hacking operational technology (OT) of companies in the energy sector around the world over six years.

Legacy equipment in a modern world

For decades, cybercriminals focused on stealing information they could monetize, but now that OT environments are increasingly connected to the Internet, bad actors are trying to shut down infrastructure and conduct cyber-physical attacks like in Oldsmar.

The advent of ransomware and targeted attacks on critical infrastructure have changed the game and are putting operational technology security in the spotlight. At the end of the day, OT security is a national security issue.