ABB Ltd. (ABBN), the world’s largest maker of power transformers, sees Hewlett-Packard Co. (HPQ) and International Business Machines Corp. (IBM) as new competitors jostling for orders to protect factories from cyber attacks.
The Swiss company is employing its venture-capital arm to expand its arsenal of firewalls and security as customers face the threat of trojan viruses and denial-of-service attacks, Girish Nadkarni, head of ABB Technology Ventures, said in an interview. The investment arm already bought a stake in cyber- security company Industrial Defender in 2010.
“We are currently looking at a couple of companies in the cyber-security space,” said Nadkarni, a former Wall Street lawyer specializing in mergers and acquisitions. “We all need to get a lot smarter about information technology.”
ABB, which began making electric motors and power- generation equipment more than 100 years ago, is bolstering its factory-automation businesses with forays into digital technology at a time when Microsoft and Oracle Corp. (ORCL) are muscling into the same market. These firms are competing to provide the software to operate factories and nuclear power plants, historically the domain of ABB and Honeywell International Inc. (HON)
“People from industry want to become more digital, and people from the IT industry want to develop more industrial expertise: at some point they start bumping in to each other,” Nadkarni said.
ABB Technology Ventures, which made its first investment in 2010, has invested more than $100 million in start ups and funds. Nadkarni, who previously worked at Prudential Plc (PRU) and GE Capital, says he and his team sift through 1,000 investment opportunities a year to arrive at just a few completed deals.
The extent of industrial cyber-security attacks is clouded by the fact that companies are loathe to admit incidents. Chrysler Group LLC is estimated to have lost $14 million dollars in three hours during a 2005 attack by the Zotob worm which blocked its car assembly lines, according to Eric Byres, chief technology officer of Tofino Security, which makes firewalls for industrial networks.
In 2010, control systems made by Siemens AG (SIE) suffered an attack by the Stuxnet malware that targeted uranium processing equipment in Iran. The worm could penetrate controls, send data back to its creators and eventually make the industrial process destroy itself through rapid changes in operating speeds. While not the intended target, several manufacturing operations in North America were also impacted, Byres said.
More recently, major gas pipeline companies in North America have been the target of attacks, he said.
The number one method for gaining control is “spear- fishing,” or sending an email to a manager or engineer which looks like an email from a colleague. Attachments contain malware which insert a backdoor to allow the attacker entry, and can lay dormant in a system for years, Byres said.
ABB Chief Executive Officer Joe Hogan hired Prith Banerjee, a veteran of Hewlett-Packard, as its chief technology officer in May. Enhanced technology for utilities to control power plants came with the $1 billion acquisition of energy management software maker Ventyx in 2010. In June, the Zurich-based engineer purchased Tropos Networks, a wireless network provider for Smart Grids.
Hogan oversaw the creation of ABB’s technology ventures unit in 2009, and as a member of the venture capital unit’s board he has a hand in overseeing all transactions. It highlights ABB’s push into new business as divisions supplying longer-cycle investment projects in power suffer from weaker spending in Europe and China.
China State Grid has halved its annual investment in ABB’s large power transformers to about $300 million to $400 million from $800 million in 2008. By contrast, Ventyx’s orders in the first- and second-quarter of this year have been encouraging, Hogan has said.
Newer industries like cyber security are expected to grow as hacker attacks remain a constant threat and become increasingly focused on financial returns, Byres said. There are about 20 reported industrial cyber attacks per year and he estimates less than one in 100 attacks are reported.
“The days of mafia-boy hacking into AT&T and making a mess of things are over,” Byres said. “The really dangerous stuff gets into the system and waits.”