Written by Sean Lyngaas
Dragos, a Maryland-based industrial cybersecurity company, said Tuesday it raised $110 million, the latest sign that investors are pouring money into securing the critical infrastructure frequently targeted by hackers.
The Series C funding round comes courtesy of the investment arms of chemical manufacturing giant Koch Industries; multinational electricity and gas utility National Grid; Saudi Aramco, one of the world’s largest oil companies; and Hewlett Packard Enterprise.
Once an obscure field for investors, the security of industrial control systems (ICS) — the ruggedized computer systems that help run global factories and power plants — is now prompting some of the world’s richest companies to open their checkbooks.
The investment shows that the security of such critical technology “is a large market that is something that the companies out there, the world leaders, really care about,” said Dragos CEO Robert M. Lee. It also shows that major industrial organizations are aware that state-affiliated hackers will be a persistent threat in the coming years, he added.
Roughly two years ago, Dragos opened a new office in Saudi Arabia, citing critical threats to industrial infrastructure there. Now, Lee says he will use the new injection of cash to open offices in Dubai, Australia, and the United Kingdom, and to expand the company’s intelligence and technology offerings.
Australia is “going through some geopolitically tense times, not only with China but others,” Lee said, adding that Australia’s mining industry and other sectors could be the target of malicious cyber activity.
The planned Dragos office in Dubai will focus on business in the rest of the Gulf Arab countries, Lee said, in addition to Saudi Arabia. Several of those countries have repeatedly been targeted by suspected Iranian hackers.
“For companies like ours…you kind of have to go where the fires are,” Lee said. “If you do it wrong, it can be ambulance chasing…If you do it right, it’s, ‘You’re going to face some challenges and we want to be ready to help you when you do.”
Quantifying the exact size of the ICS security market is difficult, though analysts agree that it has grown steadily in recent years as consulting and software firms such as Accenture and Tenable have built out ICS security teams.
Dragos, meanwhile, has swelled from a handful of employees since its founding, by veterans of the National Security Agency, in 2016, to more than 220 employees today. An annual ICS conference, S4, has drawn larger crowds as companies aim to differentiate themselves in an increasingly crowded market. While the coronavirus has put the next S4 on hold, the demand to protect critical infrastructure will outlive the pandemic.
Dale Peterson, founder of ICS consulting company Digital Bond, and host of the S4 conference, said the ICS security market has grown “slow[ly] and steadily” in recent years, and largely driven by venture capital investment. “It is still more promise than profit.” He said there was more growth potential in managed services and incident response than in standalone ICS products.
Now, investors outside of the traditional ICS security market are realizing what’s at stake.
“Koch Industries has more than 500 global manufacturing facilities, and the need for protection from cybersecurity threats grows each day,” said Byron Knight, managing director of Koch Disruptive Technologies, the investment arm of Koch Industries.
Koch Industries was founded by Charles and David Koch, whose organization has spent billions of dollars shaping U.S. politics and whose track record includes climate-change denial and union-busting.
But Lee, who hasn’t shied away from controversial decisions in the past (Dragos’ move to Saudi Arabia came in the wake of the gruesome murder of Saudi journalist Jamal Khashoggi), said politics was irrelevant when it comes to protecting critical infrastructure from hacking.
“I can’t focus on the politics and be in the business of infrastructure security,” Lee said. “I’m not willing to tell a factory worker that I’m not going to protect them because I disagree with the politics of somebody that runs the company.”