One of the big questions looming over Internet of Things with regard to cyber security is how well legacy security products will adjust to the IoT context. I think its safe to say that many of the tools and technologies that populate traditional IT environments (think: antivirus) aren’t well suited to use with Internet of Things devices which are often power and resource-constrained.
IoT is a “ten-years-from-now” problem for enterprises. But for manufacturers like GE, it’s a “today” problem. That’s why GE is already investing in technology that it thinks is well suited to securing IoT and industrial environments. Last week, the company announced one such deal: acquiring the firm WurldTech of Vancouver Canada. The deal, announced on May 9th, will add Wurldtech’s technology and professional services to GE’s portfolio, with GE saying that Wurldtech products and services will “help to enhance the reliability of Industrial Internet operations.” Wurldtech makes security software specifically for use with industrial systems. Its products include Achilles Test, which can find vulnerabilities in critical infrastructure systems and then perform root cause analysis of them. The company also makes Achilles Threat Intelligence – apparently a firewall for ICS products (even though its name would suggest otherwise). Finally, the company offers a range of professional services and certifications that can be used to evaluate the security of industrial deployments. The terms of the deal were not announced, but Wurldtech will retain its name and operate as a wholly owned subsidiary of GE. Evaluating and addressing the security of industrial systems has proven to be a major headache for firms that operate in the industrial control space. Writing on Cylance’s blog in March, researcher Billy Rios discussed many of the limitations that exist when securing industrial systems. Tools developed for traditional enterprise IT environments are often unable to “see” ICS systems in mixed network environments. Beyond that, industrial systems are often brittle and unable to be scanned or otherwise interrogated by security assessment tools like vulnerability scanners, Rios wrote. GE to Acquire Wurldtech to Advance Cyber Security Efforts for Critical Infrastructure and Operations Technology Wurldtech cyber security technology and services to help audit, protect and certify critical infrastructure and industrial products Wurldtech to operate autonomously while capitalizing on GE resources to accelerate key technology programs and market expansion SAN RAMON, Calif., May 9, 2014– GE (NYSE: GE) announced today a definitive agreement to acquire privately held Wurldtech, a Vancouver, British Columbia-based company and recognized leader in cyber security solutions. This move is one of several by GE to help protect critical infrastructure and advance cyber security efforts globally for key industries. Wurldtech solutions and services are used in complex environments such as oil refineries, power transmission grids or for individual assets like medical devices or smart meters. Traditional information technology (IT) approaches for securing systems and data are challenging when applied to the operations technology (OT) world.Wurldtech solutions offer a strategic approach to cyber security that help to better protect the OT that connects people, data and machines – maximizing system uptime and mitigating exposure to vulnerabilities. This acquisition will help to enhance the reliability of Industrial Internet operations. Wurldtech Technology & Professional Services Wurldtech’s technology and professional services are designed to Assess, Protect and Certify. This strategic approach to cyber security is performed using: Achilles®Test products to discover operational vulnerabilities in products and critical infrastructure and then assess the root cause, Achilles Threat Intelligence product to secure OT networks with an industrial firewall, and Achilles Communications and Practices Certifications to evaluate device communications and best practices. Wurldtech will retain its name and operate as a wholly owned subsidiary to continue providing the necessary focus on services to its broader customer base. Financial terms were not disclosed. “Securing connected machines has a unique set of complexities that are very different from protecting a data center,” said Bill Ruh, a vice president in GE Software. “At GE, we are focused on software platform security, protecting critical infrastructure and helping to ensure the reliability of Industrial Internet operations for our customers and industries.” GE is just the latest mainline manufacturing firm to snap up a promising industrial security firm. In March Lockheed Martin acquired Industrial Defender, which makes cyber security solutions for control systems in the oil and gas, utility and chemical industries. A recent report by the analyst firm Gartner Inc. noted that the security industry is at a ‘inflection point’ as traditional IT systems give way to “purpose-built, industry-specific technologies that are tailored by where and how that technology is used and what function it delivers.” “CISOs will need to deconstruct current principles of IT security in the enterprise by re-evaluating practices and processes in light of the IoT impact,” said Earl Perkins a research Vice President at Gartner.