Dragos Inc., a four-year-old threat intelligence company focused on industrial control systems and critical infrastructure, received $110 million in new funding – predominantly from industrial companies looking to ensure their own operations remain secure.
The cash injection comes from investors National Grid Partners, Koch Disruptive Technologies, Saudi Aramco Energy Ventures and Hewlett Packard Enterprise. In statements included in the announcement, several pointed to the increasing volume of digital threats facing critical infrastructure and Dragos’ expertise as motivation for their investments.
“Koch Industries has more than 500 global manufacturing facilities, and the need for protection from cybersecurity threats grows each day,” said Byron Knight, managing director of Koch Disruptive Technologies. “As we continue to transform and modernize operations, Dragos will be a key partner in helping protect these assets to ensure we can continue providing products and services our customers prefer.”
As part of the deal, Knight and Andre Turenne, director of National Grid Partners, will join the Dragos board.
According to the release, the new funding will “enable the company to continue to build its worldwide operations to meet the cybersecurity needs of critical infrastructure at all levels, no matter the size or complexity of the organization.” In a blog released the same day, Dragos co-founder Robert M. Lee reflected on why he started the company four years ago, largely because there were so few companies offering threat intelligence and cybersecurity services relevant to industrial control systems and operational technology.
“What we were seeing as ‘answers’ were a copy/pasting of IT security best practices into the ICS networks with little regard for the unique mission and threats those systems faced,” Lee wrote.
Indeed, many ICS systems are operated by entities that are explicitly classified by the Department of Homeland Security as critical infrastructure and at heightened risk from nation-state hacking groups. Saudi Aramco, one of the world’s largest oil companies based in the Gulf kingdom and the parent company of Saudi Aramco Energy Ventures, has itself been targeted in the past by hackers believed to be aligned with its regional rival, Iran.
The investments reflect the extent to which critical infrastructure has become a proxy battlefield for geopolitical fights between world powers. Even as the U.S. government and others have sought to elevate and prioritize critical infrastructure, baseline cybersecurity protections can greatly vary across different sectors, or among companies within the same sector. The concern is that the breach of one company operating at the intersection of critical service like water, power or healthcare could have cascading negative effects on society.
Many entities still operate with legacy systems, encounter problems with newer patches and face an increasing volume of sophisticated attacks from foreign governments looking to burrow in, sabotage operations, conduct espionage or steal intellectual property. The recent explosion of ransomware over the past two years has also led to fears that threat actors will increasingly gravitate towards targeting companies who provide essential services, on the logic that they may be more desperate to pay up.
For years, Lee said investors poured cold water on the idea of a robust market for ICS/OT cybersecurity services. He said that while he was personally excited for the company’s future, “the point isn’t about Dragos’ financing but instead the amazing realization that OT cybersecurity is worth doing, a large enough market to do it in, and that it can be done.”