SecureNOK Rides the Wave With Cyberdefense for Energy Companies
Technology advances have made it easier than ever to install and monitor drilling platforms hundreds of miles out into the sea or deep into isolated parts of our planet. But it’s that very connectedness that makes these facilities so vulnerable to attack.
Enter SecureNOK, a Norway-born and Houston-bred energy cybersecurity startup, which says its software can detect and defuse malware before it can wreak havoc.
And it’s now signed a four-year contract with Houston-based National Oilwell Varco, NOV, one of the world’s largest oil and gas equipment suppliers. Starting in April, SecureNOK will deploy its software to Varco’s land rigs with an eye toward expanding offshore at some point.
“The software rests inside the equipment’s controller where it can see what happens inside the machine,” says Siv Houmb, SecureNOK’s founder. “It’s able to distinguish what’s normal and what’s potentially malicious.”
Terms of the contract were not disclosed but the companies will announce the partnership Friday at a Houston reception hosted by Innovation Norway.
Kirk Coburn, founder and managing director of cleantech accelerator Surge, says he’s not surprised NOV—with operations in 1,160 locations worldwide—would be keen to bring in SecureNOK’s software. “SecureNOK designed its solution from day one for oil and gas,” he says. “This is not a solution that was developed for multiple industries or a different one and then later applied.”
Houmb, who teaches cyber-security at Gjøvik University College in Norway, was one of Surge’s entrepreneurs last year, and she has since then opened an office in Houston.
In recent years, energy companies have been a particular target of cyberattacks. Oil and gas producers were hit by more targeted malware attacks in a six-month period in 2012 than any other industry, according to a 2013 report by the Council on Foreign Relations. Malware called “Shamoon” attacked Saudi Aramco in 2012, disabling about 30,000 computers at the state-owned oil company, which is OPEC’s biggest crude exporter. Stuxnet, which is believed to have been created by the United States and Israel to attack Iran’s nuclear program, ended up also affecting uninvolved companies such as Chevron.
The number of these attacks will only grow, Houmb says. Her company has developed software that can detect viruses that might be present when different machines talk to each other, whether on the same rig or between them. Malware like Shamoon or Stuxnet hides itself in the network and only begins operating once it has infiltrated the entire system, Houmb says. SecureNOK’s software can detect such viruses before it can affect the system.
You would think that a trillion-dollar business like energy, with invaluable infrastructure scattered around hard-to-reach parts of the world, would already have locked down cyber-security systems to protect its operations. But Houmb says the energy industry had largely not focused on security—until recently.
For the most part, drilling control systems typically were isolated and in remote locations, but as companies installed IT infrastructure to integrate operations for more efficient processes and better monitoring, those operations became vulnerable. “When you have an IT connection to the rig, you then change from a specialized network protocol to an open-source protocol,” Houmb says, which creates opportunity for malware.
Houmb founded SecureNOK in Norway in early 2010. A security engineer by training, Houmb had been working on cybersecurity issues while employed at TeleNor, the country’s national telecom provider. Sensing opportunity in the oil and gas business, Houmb says she applied for the Surge program in Houston in order to build on its oil and gas expertise and contacts. So far, the company has raised funds from investors and supporters such as Surge and Innovation Norway. Houmb declined to provide an amount.
Houston, a global energy capital, is developing an oil-and-gas security niche, says Coburn of Surge, including Alert Logic. The Houston-based seller of “security-as-a-service” has grown from earning $2 million in annual revenue in 2005 to $50 million last year.
SecureNOK’s new hometown of Houston, as well as the growing awareness of the cyber threat to energy operations, has created a favorable business climate for the startup, Houmb says. “We weren’t really looking into oil and gas, but Stuxnet came on and it opened up the market I’ve been waiting for in terms of equipment and systems that don’t have security built into it,” she says.