Industrial conglomerate Mitsubishi Electric has agreed to acquire OT and IoT cybersecurity specialist Nozomi Networks in a transaction that values the San Francisco-based firm near the $1 billion mark. The deal, slated to close in the fourth quarter of 2025, will see Nozomi Networks become a wholly owned subsidiary while continuing to operate independently.

The acquisition represents Mitsubishi Electric’s largest to date, with the company set to purchase the 93% of Nozomi shares it does not already own for $883 million in cash. Mitsubishi Electric previously acquired a 7% stake through Nozomi’s $100 million Series E funding round in early 2024, a relationship that laid the foundation for the takeover.

Following the transaction’s closure, Nozomi Networks will retain its brand, leadership, and personnel, maintaining its headquarters in San Francisco and its research and development hub in Switzerland. Both parties have indicated there will be no disruption to operations, roadmaps, or external partnerships.

Nozomi Networks focuses on security in operational technology (OT), Internet of Things (IoT), and cyber-physical systems (CPS). Its platform, designed for critical infrastructure and industrial organizations, focuses on asset discovery, continuous monitoring, anomaly detection, and vulnerability management. The company generated $75 million in revenue in 2024, an increase from $62 million the previous year.

The integration of Nozomi’s cloud-first, AI-powered solutions into Mitsubishi Electric’s portfolio grants the Japanese industrial giant a stake in advanced industrial cybersecurity at a time when OT and IoT environments are seeing increased attention due to rising threats of cyberattacks and operational disruptions. 

“By becoming part of Mitsubishi Electric, we will combine our strengths to drive the next generation of industrial security and innovation to bring additional value for customers around the world,” said Edgard Capdevielle, president and CEO of Nozomi Networks. “With the combined global reach and resources of both companies, we can supercharge our innovation engine, helping industrial organizations secure and accelerate their own digital transformations.”

Mitsubishi Electric, which brings more than a century of experience in industrial technology, sees the purchase as a way to accelerate the digital transformation of critical infrastructure clients globally. Combining its operational expertise with Nozomi’s technology is expected to result in the development of new AI-powered solutions tailored for OT and IoT use cases.

“This acquisition will enable us to co-create valuable new services while supporting Nozomi’s commitment to innovation and customer flexibility,” said Satoshi Takeda, Mitsubishi Electric’s senior vice president. “Together, we can help our customers achieve their digital transformation goals while enhancing security, efficiency, and resilience.”

The transaction is expected to receive all necessary regulatory approvals and is anticipated to close by the end of 2025. 

The post Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal appeared first on CyberScoop.

Data from sensors that detect threats in critical infrastructure networks is sitting unanalyzed after a government contract expired this weekend, raising risks for operational technology, a program leader at Lawrence Livermore National Laboratory told lawmakers Tuesday.

That news arrived at a hearing of a House Homeland Security subcommittee on Stuxnet, the malware that was discovered 15 years ago after it afflicted Iran’s nuclear centrifuges. The hearing focused on operational technology (OT), used to monitor and control physical processes in things like manufacturing or energy plants.

Amid a Department of Homeland Security review of contracts, the arrangement between the laboratory and DHS’s Cybersecurity and Infrastructure Security Agency to support the CyberSentry program expired Sunday, the laboratory program manager Nathaniel Gleason told lawmakers under questioning Tuesday. An agency official told CyberScoop later Tuesday that the program is still operational.

CyberSentry is a voluntary program for critical infrastructure owners and operators to monitor threats in both their IT and OT networks.

“We’re looking for threats that haven’t been seen before,” Gleason told California Rep. Eric Swalwell, the top Democrat on the Subcommittee on Cybersecurity and Infrastructure Protection. “We’re looking for threats that exist right now in our infrastructure. One of the great things about the CyberSentry program is that it takes the research and marries it with what is actually happening on the real networks. So we’re not just doing science projects. We’re deploying that technology out in the real world, detecting real threats.”

But the lab can’t legally analyze the data from the CyberSentry sensors without funding from government agencies, and funding agreements were still making their way through DHS processes before the contract expired this weekend, he said.

“One of the most important things is getting visibility into what’s happening on our OT networks,” Gleason said. “We don’t have enough of that. So losing this visibility through this program is a significant loss.”

Spokespeople for the lab did not immediately provide further details on the size or length of the contract. Other threat hunting contracts have also expired under the Trump administration. 

Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement to CyberScoop that the “CyberSentry program remains fully operational.”

“Through this program, CISA gains deeper insight into network activity of CyberSentry partners, which in turn helps us to disseminate actionable threat information that critical infrastructure owners and operators use to strengthen the security of their networks and to safeguard American interests, people, and our way of life,” Butera said. “CISA routinely reviews all agreements and contracts that support its programs in order to ensure mission alignment and responsible investment of taxpayer dollars. CISA’s ongoing review of its agreement with Lawrence Livermore National Laboratory has not impacted day-to-day operations of CyberSentry and we look forward to a continued partnership.”

Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, told the subcommittee there aren’t enough federal OT cybersecurity resources in general.

“We must better resource OT security,” Bolton said. “From addressing the growing tech debt,  hiring cybersecurity experts, to procuring and building updated systems, OT owners and operators don’t have the necessary funding to defend their networks.”

Those owners and operators spend 99 cents of every dollar on physical security and 1 cent on cybersecurity, she said. Reauthorizing the State and Local Cybersecurity Grant Program, due to expire in September, would help with that, Bolton said.

The Trump administration has made large cuts in CISA’s budget since the president took office in January.

This story was updated July 22 with comments from CISA’s Chris Butera.

The post Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab  appeared first on CyberScoop.

Congress is set to revisit Stuxnet — the malware that wreaked havoc on Iran’s nuclear program 15 years ago  — next week in the hopes that the pioneering attack can guide today’s critical infrastructure policy debate, CyberScoop has learned.

The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a hearing July 22 to examine the operation that, according to independent reports, was carried out by the U.S. and Israeli governments and targeted Iran’s nuclear enrichment facilities in Natanz.

Witnesses listed for the hearing are Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition; Kim Zetter, cybersecurity journalist and author of “Countdown to Zero Day”; Dragos CEO Robert Lee; and Nate Gleason, Lawrence Livermore National Laboratory program leader, according to a copy of the notice.

Stuxnet malware included a rootkit for programmable logic controllers and was built specifically to target industrial systems. Deployed at the Natanz facility before 2010, it was engineered to covertly manipulate the speed of the rotors used to spin nuclear centrifuges, causing them to accelerate and slow unpredictably. The Institute for Science and International Security estimated in 2010 that the worm led to the damage and removal of more than 1,000 centrifuges, or approximately 10% of Iran’s total enrichment capacity at the time.

But the subcommittee led by Rep. Andrew Garbarino, R-N.Y., is interested in more than a history lesson.

“Stuxnet signaled a new age in the targeting of operational technology, an attack vector that has increased in complexity over the past 15 years,” Garbarino said in a statement to CyberScoop. “This moment showed how malware can be used to target and potentially cripple critical infrastructure operations, which has raised the stakes for critical infrastructure resilience for sectors across the globe.” 

Stuxnet also kicked off an era where many countries — and the United States in particular — have seen its domestic critical infrastructure come under threat from criminal and nation-state hacking groups.

“Today, bad actors will not hesitate to use malware to gain a foothold in the services Americans rely on every day and wreak havoc on our way of life,” Garbarino said. “Given increasing threats to critical infrastructure from actors such as Volt Typhoon, it is important to examine the legacy of Stuxnet – –the world’s first cyber weapon.”

In the 15 years since Stuxnet, U.S. critical infrastructure has itself been pilloried by cybercriminals, ransomware groups and nation-states alike. Policymakers are revisiting Stuxnet in the hopes that it can help them learn to better defend their own domestic industries.

A committee aide told CyberScoop that Stuxnet “is part of the story of OT cybersecurity.”

“It marked a pivotal moment in critical infrastructure resilience and the way we think about both offensive and defensive cyber operations,” the aide said. “Now that we are at the 15-year mark since the discovery of Stuxnet, it is timely to review how the cyber threat landscape has evolved to ensure our OT is resilient, especially as DHS warns about heightened threats from Iran against critical infrastructure.”

The hearing also comes weeks after the U.S dropped a total of 12 “massive ordnance penetrator” bombs on several Iranian nuclear facilities, including Natanz, during Operation Midnight Hammer.

The aide added that the lessons could be valuable to legislators with Congress set to tackle a pair of important cybersecurity laws that are set to expire this year.

“We still see gaps in understanding about the risks [in OT] – something we are striving to address through the reauthorizations of CISA 2015 and the State and Local Cybersecurity Grant Program,” the aide said.

Bolton brings a wealth of cybersecurity experience in the federal government, Congress and the private sector. She has worked at Google and the Cyberspace Solarium Commission, where she helped shepherd a broad slate of cybersecurity legislation through Congress.

Zetter’s book is widely considered the most comprehensive and definitive look at how U.S. and Israeli officials built and then covertly deployed the malware in an effort to damage and slow down Iran’s nuclear program.

Lee, a former NSA and Air Force cyber official, now leads one of the most well-known cybersecurity firms, specifically geared toward operational technology and critical infrastructure.

The post House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats appeared first on CyberScoop.