Deloitte buys industrial cybersecurity expert aeCyberSolutions

17 August 2021 Consulting.us 2 min. read

Deloitte US has acquired the industrial cybersecurity business (aeCyberSolutions) of Greenville, SC-based Applied Engineering Solutions.

Operating since 2014, aeCyberSolutions helps industrial companies meet their most pressing needs in industrial control systems and operational technology (ICS/OT) security with offerings in corporate and plant-level assessments, remediation recommendations, program frameworks, and training.

The firm’s consultants help industrial firms establish cybersecurity policies and practices, manage exposure to risk, mitigate system vulnerabilities, and establish resiliency.

The acquisition will boost Deloitte’s cybersecurity offering with additional resources in frameworks, methodologies, and technology-enabled tools for the industrial sector.

Deloitte buys industrial cybersecurity expert aeCyberSolutions

"Cyberattacks on industrial controls systems for critical infrastructure are increasingly sophisticated and far-reaching, making cyber resilience and regulatory compliance more important than ever," said Wendy Frank, cyber 5G and IoT leader and principal at Deloitte & Touche LLP, a subsidiary of Deloitte LLP. "As industrial organizations digitally transform to adopt more emerging technologies like 5G, the Internet of Things, machine learning, and artificial intelligence, our acquisition of the aeCyberSolutions business helps us to offer leading-edge ICS/OT technologies and related advisory services."

AeSolutions will retain its other business units, including its engineering business, which were not part of the transaction.

The deal follows Deloitte’s earlier 2021 purchase of Root9B, a cyber threat hunting provider, and Terbium Labs, a digital risk protection company.

“Joining Deloitte will enable us to scale the depth and breadth of our services, increasing our ability to help clients build more trustworthy, resilient, and secure environments," said John Cusimano, VP of industrial cybersecurity for aeSolutions, who joins Deloitte as a managing director.

The digitalization of the industrial and infrastructure landscape opens up increased threat surfaces to adversaries. The ransomware attack on the Colonial Pipeline in May 2021, which crippled the computerized equipment managing the pipeline, is the latest example of the expanding sea of cyber risk to critical operations. Should some areas be deemed so critical – such as power grids, pipelines, and refineries – to remain “dumb” and low-tech in the face of a relentless march to digitalization? Perhaps connectivity is too big of a detriment in certain applications.

Relatedly, there certainly wouldn’t be plant shutdowns in the automotive industry in the face of chip shortages if automakers didn’t decide to gradually transform a mechanical product into a computer on wheels. But manufacturers feel obligated to cram a computer into everything, including your fridge, because that's an easier marker of “innovation” than actually improving the core technologies of a product.