Security Experts:

Railway Cybersecurity Firm Cylus Raises $30 Million

Tel Aviv, Israel-based railway cybersecurity firm Cylus has raised $30 million in a Series B funding round led by U.S. firm Ibex Investors and joined by Vertex Growth Fund, Strides International Business, Magma Venture Partners, Vertex Ventures Israel, Zohar Zisapel, and Glenrock Israel.

This brings the total raised so far to $57 million (seed plus Series A). 

Cylus logoCylus follows the now standard template for Israeli firms – founded by former Israeli Defense Force (IDF) cyber specialists before expanding into the U.S. market. Current CEO Amir Levintal was Director of the Cyber R&D Division of the IDF’s Elite Technological Unit from 2014 to 2017, while CTO Miki Shifman was cyber researcher and R&D leader in the same division. To assist the U.S. expansion, William Heinrich, former CISO of Amtrak and BNSF Railway, and Mark Grant, former CISO of CSX Transportation, will join the company’s advisory board.

The rapid digitization of the railway industry over the last few years has, like all digitization processes, produced a rapid and not always adequately protected expansion of the threat surface available to bad actors. 

Railways are part of the critical national infrastructure (CNI). It is expected that the CNI will come under increasing cyberattack over the next few years, both by nation-affiliated groups keen on disrupting an orderly society, and criminal groups who believe CNI organizations are more likely to pay extortion demands more quickly than standard commercial organizations (consider, for example, the DarkSide ransomware attack on Colonial Pipeline). 

Railways are particularly susceptible to such threats. A successful compromise of railway OT could result in the takeover of a train in motion. Increasing the speed of the train could ultimately lead to a derailment, threatening the lives of anyone on board the train or in the locality of the derailment. The growth in autonomous trains over the next few years increases the potential risk. While an autonomous car can be stopped within a relatively short distance, the braking distance for an autonomous train is more like a kilometer.

But railway OT suffers from the same reluctance to change as many other OTs – why interfere with something that is working, when change could cause disruption? The need for continuity of operation often trumps the advice to install new security controls.

In 2018, NIST published its own recommendations in NISTIR 8219. It is an examination and demonstration that the use of off-the-shelf behavioral anomaly detection (BAD) systems can improve visibility, identify new devices, detect assets that have disappeared, and detect anomalies that might indicate a malicious presence in a non-intrusive manner; that is, without any interruption or performance impact to the ICS network. 

According to NIST, machine learning- or AI-enhanced anomaly detection can be introduced to OT networks to help detect malicious intrusions without disrupting the current running of the OT network. This is the approach taken by Cylus. Its solution will detect potential malicious activity, and pass the information with mitigation recommendations to human operators to decide what action may be necessary.

Cylus was founded in 2017 by Amir Levintal (CEO), Miki Shifman (CTO), and Nico Gramenz (strategic advisor). The company came out of stealth in January 2018 with $4.7 million in seed funding, and raised $12 million in a Series A funding round in June 2019 – rapidly followed by an additional Series A $10 million.

Related: OT Cybersecurity Firm Shift5 Raises $20M to Protect Planes, Trains and Tanks

Related: UK Warns Critical Industries to Boost Cyber Defense or Face Hefty Fines

Related: From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.