02 February 2019
We sat down with David Drescher, Chief Executive Officer, Co-Founder and Board Member at MSi to delve more deeply into the company’s genesis, its mission and his insights into the cybersecurity space.
A. In 2010, Stuxnet, a cyber attack on the Iranian nuclear program, was discovered by the InfoSec community. It was one of the first publicly recognized, successful cyber attacks on control systems that resulted in physical damage. Around that time, the US Department of Defense began funding research at the University of Virginia to see if weapons systems and platforms could suffer a similar fate from a cyber attack. In 2014, MSi’s co-founders, including myself, teamed up with UVA researchers to help protect the military’s critical assets from cyber attacks. The team quickly realized the problem was much broader than we initially thought, and the control systems that were widely used throughout the industrial world faced similar cyber risks. It was clear that an opportunity existed to build a great business that would solve this meaningful – and potentially paralyzing – problem.
A. The patented MSi Platform1 provides both visibility and protection for control systems and the critical, physical assets they operate. The MSi Platform has four components: MSi Console, MSi IDS, MSi 1 and MSi Sentinel. Together, these components monitor a control network for abnormal activity, detect an abnormal event and block a cyber attack from reaching critical control components.
A. All start ups could benefit from help improving their marketing and positioning, and R/GA will help us tremendously in these areas. Macquarie is a global infrastructure leader with an unparalleled network of relationships and many companies in its network could potentially benefit from the types of protection that we offer.
A. Industrial control focused cyber attacks continue to evolve in frequency, complexity and speed. In 2015, the Ukraine power grid was attached, taking over 50 substations offline and causing major power failures. In 2016, a large portion of the power in Kiev was taken out in mere minutes. Attacks evolve in ways similar to how software and products evolve. In 2017 alone, 56 per cent of organizations have experienced a security breach in their industrial control systems, and that number continues to grow.2
A. As of January 2018, 89 per cent of industrial companies have experienced a cybersecurity break in their control systems.3 These cyber threats against critical infrastructure and real assets include: tactical, where production may go down a few days and have a modest revenue impact; significant, where equipment may be damaged for a prolonged period with long replacement times (months) having a material impact on product, revenue and cash flow; and strategic, essentially a company killer, that could involve loss of life from a catastrophic explosion, an environmental disaster like Deep Water Horizon and more.
A. The initial challenge is a lack of awareness or unwillingness to acknowledge a need for improved cyber security. Companies believe that the absence of a previous attack implies safeties. This would be akin to living in a multimillion-dollar home but not having any security measures because you haven’t been robbed yet. After acknowledging the need for cyber security, a next step is to understand the status quo in the control networks, where the greatest cyber risks exist and how to mitigate them quickly and cost effectively. MSi offers a two-phase assessment and secure design service, including use of the MSi IDS technology. Energy control systems are unique, with proprietary protocols and require an understanding of both the networking and the underlaying process in order to do this effectively, without having any impact on operations. MSi specializes in these kinds of control networks.
A. The vast majority of cyber protections today focus on the enterprise IT side of the business. That worked well when industrial networks were air gapped and totally isolated. However, today’s industrial control networks are highly connected and also tied back to the corporate enterprise and out to third-party vendors. Because there are multiple entry points, monitoring and protection needs to come from within the industrial control network. The MSi Platform provides visibility and protection in the industrial control network, which can be synced with traditional enterprise IT cyber solutions to provide a unified look (single pane of glass) in both enterprise and control networks.
A. Companies should follow guidelines published by the US Department of Homeland Security on protecting Industrial Control Systems from cyber attacks, as well as guidance from other standards setting organizations. These range from assessing risks to deploying protections and having plans in place to respond to a cyber attack. The best tools are the ones that can continuously monitor systems from cyber attacks, detect if something is abnormal and most importantly, stop an attack from unfolding before it has an impact on operations. These tools and features are all inherent in the patented MSi Platform and being used by large oil and gas companies, the US military and more.
David Drescher is the Chief Executive Officer, Co-Founder and Board Member of Mission Secure. A seasoned entrepreneur and business leader, David has a strong background in information technology, energy, finance and security/risk management.
David was also previously the Co-Founder and CEO of Gravity Renewables, a private equity-backed renewable energy company based in Boulder, Colorado. He was also the Founder and CEO for Roam Secure (acquired by Cooper in 2007 and now a part of Eaton Corporation), a leading provider of text alerting systems to government and industry. Roam Secure was created to help address emergency response communications and mass notification issues discovered in the wake of 9/11.
David is a certified public accountant and attended The London School of Economics and Political Science.
The Macquarie Capital Venture Studio is a unique initiative to identify and promote companies with the potential to accelerate industries including utilities, transportation, and environmental services.