software that can detect viruses that might be present when different machines talk to each other, whether on the same rig or between them. Malware like Shamoon or Stuxnet hides itself in the network and only begins operating once it has infiltrated the entire system, Houmb says. SecureNOK’s software can detect such viruses before it can affect the system.
You would think that a trillion-dollar business like energy, with invaluable infrastructure scattered around hard-to-reach parts of the world, would already have locked down cyber-security systems to protect its operations. But Houmb says the energy industry had largely not focused on security—until recently.
For the most part, drilling control systems typically were isolated and in remote locations, but as companies installed IT infrastructure to integrate operations for more efficient processes and better monitoring, those operations became vulnerable. “When you have an IT connection to the rig, you then change from a specialized network protocol to an open-source protocol,” Houmb says, which creates opportunity for malware.
Houmb founded SecureNOK in Norway in early 2010. A security engineer by training, Houmb had been working on cybersecurity issues while employed at TeleNor, the country’s national telecom provider. Sensing opportunity in the oil and gas business, Houmb says she applied for the Surge program in Houston in order to build on its oil and gas expertise and contacts. So far, the company has raised funds from investors and supporters such as Surge and Innovation Norway. Houmb declined to provide an amount.
Houston, a global energy capital, is developing an oil-and-gas security niche, says Coburn of Surge, including Alert Logic. The Houston-based seller of “security-as-a-service” has grown from earning $2 million in annual revenue in 2005 to $50 million last year.
SecureNOK’s new hometown of Houston, as well as the growing awareness of the cyber threat to energy operations, has created a favorable business climate for the startup, Houmb says. “We weren’t really looking into oil and gas, but Stuxnet came on and it opened up the market I’ve been waiting for in terms of equipment and systems that don’t have security built into it,” she says.