The company that finds the energy system's security weaknesses
The risk of IT attacks has increased in recent years. Using simulated attacks, foreseeti helps companies to work proactively with IT security in complex systems, for instance in the energy domain. It is all about assessing the risks and testing what measures that give the most return on investment.
The digitization of critical infrastructure such as power grids and energy systems has been explosive in recent years. Much of the operations can be done remotely, which facilitates the technology manager's everyday life. At the same time the risk of cyber-attacks increases, where unauthorized people can get in and manipulate the systems.
- IT security is difficult for most, especially in large complex systems that no one can overlook on their own. It is important to identify the risks, understand how big they are, where the weak links are, and then figure out how much to focus on different measures to get the best possible effect. Today, these analyses are mostly manually, says Joakim Nydrén, CEO and one of the founders of foreseeti, whose business is based on long-term IT security research from the Royal Institute of Technology (KTH) in Stockholm in close collaboration with industry.
Since the start in 2014, the company's focus has been on developing a product that streamlines the security experts' work and helps them prioritize their efforts based on objective risk assessments. Today, companies in energy, finance, and transport as well as defense industry are among the customers.
"Common to these industries is that they have critical infrastructure where it is extremely important to work proactively to handle threats and vulnerabilities. You cannot afford to wait and see what's happening, but you need to make sure you have a secure system in advance. Otherwise, it may have devastating consequences, says Joakim Nydrén.
In addition, in the energy sector, there are particularly high requirements for accessibility, which IT researchers in terms of foreseeti's product have considered in the method development, which has been carried out in close collaboration with energy distribution experts.
- In many other industries, it may be ok to shut down the systems for short periods, such as night time, to test the security. But it's not possible when it comes to energy systems that always have to be up and running. With our tool, we simulate attacks in a virtual model, so the systems won’t be affected, "says Robert Lagerström, researcher at KTH and co-founder of foreseeti.
He explains that the tool is based on advanced network analysis and can be used for evaluating existing IT infrastructure as well as planning new systems and introducing various architectural changes.
- We structure and visualize the information in a graph that shows the likelihood of different attack paths. Known vulnerabilities are always available, so it's important to know which ones are most important and need to be managed at once. Our tool tests different actions and compare them before they are implemented. There is no other tool vendor that does this as well as we, as far as we know, "says Robert Lagerström.
Interest from major energy and transport companies has been great and now the Swedish KTH spin-off is aiming at the international market. So far, the product is mostly used in northern Europe, but customers are also in the USA, where the company is experiencing extra-large demand.
Stepping out on the world market is an important part of foreseeti's long-term plan. So far funding has been made through venture capital and innovation project support from the EU, Vinnova and the Swedish Energy Agency.
"Support is crucial for doing things in the right order. In the early years the focus was on getting a really good product. Now we are investing in growth and continued development of technology, for example, to increase the degree of automation and integrate our solution with other tools. Our vision is to be the world leader in threat modeling and attack simulation, "said Joakim Nydrén.
Autor: Susanna Lidström. (Translation foreseeti)
Original article in Swedish from Energi Världen: https://www.energivarlden.se/artikel/foretaget-som-hittar-energisystemens-sakerhetshal/