In 2015 Russian operatives started a phishing process that hacked the U.S. presidential election. Continuing throughout the following year, leading up to the election, the hackers repeatedly stole data from Democratic National Committee servers and used it to influence voter behavior.
Congress responded by passing the Cybersecurity Information Sharing Act and President Obama directed his administration to implement a Cybersecurity National Action Plan. The goal of these actions were to highlight the insecurity of our nations critical infrastructure and to drive a response that would catch us up to our threats and advance past them.
During these events, SecurityGate.io co-founders Cherise Esparza and Ted Gutierrez had been leading teams in the industrial cyber risk management space. With years of experience running cyber programs for some of the largest oil and gas companies in the world, they responded quickly to the government’s call to action.
Cherise and Ted identified a problem that was keeping critical infrastructure organizations from making progress in cyber initiatives: Operational Technology (OT) and Industrial Control Systems (ICS) were advancing with new technologies faster than the asset owning companies were able to assess risks and remediate security issues. Simply put, industrial companies couldn’t catch up to their cyber threats, much less move faster to get ahead of them. Without a fast ability to understand and take action on critical infrastructure risks, gaps would continue to open up and be exploited.
While OT and ICS technologies have rapidly moved ahead, the risk management teams that were responsible for them have been stuck using slow, manual processes and in-person interviews to try and understand their risk posture. For a large organization, it could take them years just to assess all their assets, and additional years to remediate the issues found. By the time the process is finished, the remediations are out of date, assets have changed and the entire long, expensive process ultimately gains them very little, compared to how much faster their threats can respond and change.
Less than 12 months from the 2016 election hack, Cherise, Ted and the assembled team delivered version 1 of the SecurityGate.io platform. The initial focus was to augment limited risk management staff sizes with a fast, scalable assessment process, purpose-built for critical infrastructure cybersecurity. A unique differentiator is in how the platform not only covers the technology at risk, but has special focus on identifying issues across people and processes (internal and external vendors/suppliers) as well. This gives companies a complete and wholistic view of their critical infrastructure risks quickly and cost efficiently.
Since then SecurityGate.io has expanded to become the most comprehensive industrial cyber risk management platform on the market. Covering all activities through the lifecycle of risk management processes, it provides automation, fast workflows and data intelligence to help companies understand their risks faster and know what to do about them sooner.
The mission today remains the same as it was when the platform was just an idea: to help secure the world’s critical infrastructure.