The WannaCry and Petya cyber-assaults on banks, airports and other businesses in Europe in May used a vulnerability in Microsoft software to infect machines and spread around the world. Microsoft had issued a patch to close the back door months earlier, but many users never installed the update. Ironically, when Microsoft creates a software patch, it tips off bad guys to a previously unrecognized vulnerability. Cyber-criminals can create a virus to exploit that vulnerability sure in the knowledge that many corporations will fail to update the all of the thousands of computers and devices in their system.
The single-most effective thing that any IT manager can do to maintain security is to promptly install software patches. The task sounds pretty basic. But it’s easier said than done.
Christiansburg-based FoxGuard Solutions helps clients keep software up to date on critical infrastructure such as power grids, wind turbines and nuclear power plants. Founded in 1981, the company has seen its cyber-security business expand at a compounded growth rate of 42% over the past five years.
As far as FoxGuard CEO Marty Muscatello is aware, none of its customers were affected by the WannaCry and Petya attacks, reports Jacob Demmit with the Roanoke Times, after accompanying U.S. Rep. Morgan Griffith, R-Salem, on a tour of the FoxGuard facility. The company’s software is used in 40 different states and 35 countries. Reports Demmit:
FoxGuard has been using a $4.3 million cooperative agreement from the U.S. Department of Energy since 2013 to develop tools to track software updates and patches for 128 companies in the critical infrastructure industry.
It’s pretty easy to keep a single home computer up to date, but that becomes increasingly difficult when an IT department is trying to protect a power plant that could have 100,000 different machines across a power grid. A company might not even be aware of some computers on its network that could let hackers in, like an air conditioning system.
FoxGuard, it would seem, has a bright future, for its market will expand exponentially. As the Internet of Things takes off, embedding microchips and wireless in billions of devices, corporations will be hard-pressed to keep track of them all. Patching them all will be almost impossible, for Original Equipment Manufacturers typically stop updating software for devices they no longer manufacture. The challenge is particularly acute for electric utilities, which have cobbled together multiple generations of technology to operate their systems. As they move increasingly toward flexible “smart grids” to accommodate solar and wind power, they will install thousands of sensors and actuators across their systems, potentially making them even more vulnerable to cyber-attacks.
For a monthly fee, says the Roanoke Times, FoxGuard tracks all those machines and makes sure the client knows of every update on a timely basis. The company can even download and test the update in its own lab to check for compatibility issues before installing it in the field.
Bacon’s bottom line: The news brings daily remembers of how vulnerable the global Internet-connected economy is, and how anyone with a good cyber-security technology or service can tap into a global market. Governor Terry McAuliffe is right about this: Cyber-security is one of the biggest economic-development opportunities to come along in Virginia in a long time.
