Shift5, an operational technology (OT) cybersecurity company based in Arlington, announced Tuesday it raised $50 million in Series B funding. The round was led by the well-known New York global private equity and venture capital firm Insight Partners and will help Shift5 invest in product development and new hires across departments. This funding round comes just months after Shift5’s $20 million Series A in October of 2021.
Cyber attacks on OT systems — those that power various infrastructure from public utilities to military vehicles — can have major consequences from denial of access to gaining control of systems. According to Cybertalk.org, reports of ransomware attacks targeting the transportation industry increased 186 percent between 2020 and 2021. The threat to maritime operations is even higher, with a 900 percent increase in attacks since 2017.
A potentially devastating recent example was an attempt to poison the Florida city of Oldsmar’s water supply by remotely increasing the amount of lye in the water. Just last April, the New York Metropolitan Transportation Authority’s computer systems were also breached. Thankfully both breaches were identified before damage could be done.
Due to aging infrastructure and equipment used by military and transportation sectors, the demand for robust OT cybersecurity solutions is high. Even new equipment isn’t usually as secure as it ought to be, as upgrades to technology are usually done to increase efficiency rather than to protect them against cyber attacks. That’s where Shift5 comes in.
“We’re at a really unique moment in time where we’re witnessing defenders of legacy systems adopt crucial cybersecurity best practices. Our work with transportation operators and military commanders gives them the ability to see into and proactively defend the assets they rely on most heavily,” Shift5 CEO and co-founder Josh Lospinoso said in a statement.
Shift5’s technology can be used with existing OT systems, meaning even equipment that is decades old can be protected from cyber threats. The company installs its intake product and continually monitors OT systems for anomalies that could point to a potential breach. As it collects data, that information is shared with security teams to give them a better understanding of their OT landscape.
“Our job as a defender is not only to do everything we can to keep the attackers out, but to sort of assume compromise, and…put defense-in-depth [strategies] in place,” Lospinoso told Built In during an interview. “Assuming compromise, [Shift5] looks for attackers that are doing telltale things to that system to try to gain access to it or to deepen their hooks into the system.”
In order to continue its mission of protecting OT systems, Shift5 plans to use its new funding to accelerate product development. Part of that includes hiring new talent across departments, especially product engineers, data scientists and product management. The company currently has a dozen positions open on Built In with more to come. Lospinoso told Built In that the company is also open to creating roles for specific individuals.
“The most important thing is having A+ talented folks around the table. If the mission really resonates with you, we can figure out how to craft a role around your unique skill sets,” Lospinoso says.