Connect with us

Hi, what are you looking for?


Cybersecurity Funding

OT Security Firm Shift5 Adds $33 Million in Funding

Shift5 has now raised $108 million in funding to bring cybersecurity to OT within fleet vehicles: planes and boats and trains – and military vehicles and weapon systems.

Shift5 Logo

Arlington, VA-based OT security firm Shift5 has raised an additional $33 million in its Series B financing. $50 million was announced in February 2022. The total venture funding now stands at $108 million.

Shift5 brings cybersecurity to the operational technology (OT) within fleet vehicles: planes and boats and trains – and military vehicles and weapon systems. Its customers go beyond the military, but founders Josh Lospinoso (CEO) and Michael Weigand (CGO) both have a background in US Army cyber operations. 

This, together with the Ukraine conflict and geopolitical tensions rising worldwide, has led to the DoD being a major customer, and perhaps partly explains the involvement of Booz Allen Ventures in the funding round. It is the venture firm’s first investment aligned with Booz Allen Hamilton’s National Cyber strategy.

“Since inception, we’ve worked with the DoD and we continue to make progress in working across different US military branches and combatant commands,” Lospinoso told SecurityWeek. “We work with the US Army, Navy, Air Force, Space Force, and Special Operations Command, and expect to further grow in the next year. Our work with Booz Allen will absolutely help us to accelerate our support of the warfighter across the DoD.”

Cybersecurity is central to Shift5’s solution offerings, but perhaps its USP is the ability to gather OT communications data in real time within a vehicle in motion. Shift5 calls this capability, ‘observability’. 

“If you look into the fuselage of a modern aircraft or inside a combat vehicle you’re going to be greeted by dozens and dozens of tiny little computers doing everything from controlling the engine to moving the turret and operating all of the hydraulic lifts,” says Lospinoso.

These tiny computers all work together. “Aircraft, locomotives and rolling stock, military vehicles, and weapon systems are supercomputers – they create massive volumes of data via serial buses that enable different systems and components to communicate,” he continues. Those communications can indicate the operational veracity of the vehicle – and can indicate a problem that could be a mechanical fault or a cyber intrusion.

Advertisement. Scroll to continue reading.

They are continuous but ephemeral, and can easily be missed. If they’re not captured, it is almost impossible to triage a problem, understand the root cause, and ultimately make the correct remediation for a vehicle in motion. “With observability,” he continues, “not only do you gain more accurate and timely security insights, but you also unlock the ability to detect anomalous behavior that may have simply resulted from a faulty part—to the point that you can actually start to look at leading indicators of failure and employ predictive maintenance measures to predict and prevent failures before they happen.”

In pure cybersecurity terms, Shift5’s observability of all IoT device communications provides the visibility that CISOs often lack. “Observability is about getting the most detailed, up-to-date, and accurate representation of exactly what’s going on with the OT asset in question at any given time, and using that information to make decisions and take corrective action as needed,” explains Lospinoso. 

“One of the things that makes observability as novel as it is impactful is the ability to take the appropriate actions in real time. With observability, we can dig into questions like: does this data show activity from a malicious actor? When did that happen? At what speed was the vehicle traveling; what altitude? Where was the vehicle – in a contested environment or US territory? These details paint a vivid, actionable picture that a rail, aviation, or DoD security team can use to triage a cyber threat, and that the CISO can use to better inform their security strategy.”

Shift5’s ‘observability’ serves the dual purpose of cybersecurity visibility (“and we will continue to innovate our novel cyber solutions for OT in the future,” says Lospinoso); and monitoring the physical health and performance of the mechanics. “There are other uses for onboard data by different teams on the operational side of the business, so we are working with customers to help them use onboard data to unlock operational efficiencies as well.”

Learn About OT Security at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech

Related: OT Cybersecurity Firm Shift5 Raises $20 Million to Protect Planes, Trains and Tanks

Related: SynSaber Raises $13 Million for OT Asset and Network Monitoring Solution

Related: Connected Cars Could be a Threat to National Security, Group Claims

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...