The scene on the news this past May looked like something you’d see in the leadup to a hurricane or the aftermath of a major environmental catastrophe. Lines of cars, stretched as far as they eye could see, slowly inched into gas station parking lots as panicked buyers clamored to fuel-up in the face of what they thought was an imminent gas shortage. The intense demand caused fuel disruptions throughout the Southeast and on the East Coast, raised prices and fomented fear amongst consumers that life was about to grind to a halt for the foreseeable future.
Unlike gas runs in the past, though, this one was much different. Instead of an oil spill, weather event or international conflict, the disruption to the Colonial Pipeline that triggered the chaos was caused by a cyber attack to the company’s IT systems. The hack, a ransomware attack that took all of Colonial Pipeline’s systems offline, left consumers shocked at the scale of its effect, finally crystallizing in the public’s minds just how much real-world damage could be done by something that had previously seemed abstract.
Ron Indeck was not shocked at all. As CEO of Olivette-based Q-Net Security, events like the Colonial Pipeline attack are on his mind every day, and have been well before they entered into the public’s consciousness. For decades, he and Q-Net’s founder and President Jerry Cox, have dedicated their professional lives to understanding the threats posed by nefarious actors to the world’s information technology systems. This passion for the subject culminated in their founding Q-Net in 2015 as a company uniquely positioned to thwart cyber attacks by doing something different than other security companies – using an impenetrable physical hardware barrier that makes it impossible for even the most sophisticated, state-sponsored bad actors to break through.
Cox and Indeck’s road to Q-Net is as impressive as it is long. For Cox, a computer science elder statesman whose accomplishments include serving as the founding chairman of Washington University in St. Louis’ Computer Science Department, introducing small computers to biomedical research and helping to invent the personal computer, the notion of securing information has been woven throughout his decades of work. After meeting Indeck at Washington University 35 years ago, the two became regular collaborators; when Indeck founded the university’s Center for Security Technologies in the late 1990s, Cox served as his associate director, and since then, the colleagues have worked on a variety of computer-related entrepreneurial endeavors together, both in conjunction with and outside of Washington University.
It only made sense, then, that when they both noticed major flaws in cybersecurity, that they would work to address it together. About six years ago, Cox and Indeck were talking with a friend about how much attention the cybersecurity field was starting to get, as the uptick in both the frequency and severity of attacks became increasingly difficult to ignore, even for those not in the information technology field. Though the problem was real and significant, Cox and Indeck wondered why there was no good solution to it. For Indeck, the answer seemed clear: Break a seemingly endless cycle that had previously placed computer security providers behind the curve.
Cox and Indeck recognized that there was a straightforward solution. While other companies were using software to patch flaws in code that could be exploited by those wishing to do harm to systems, they understood that the better answer was to create a physical piece of hardware, based on quantum mechanical noise that can be leveraged but not controlled, to create a barrier between IT systems and the outside world. Their hardware, called a Q-Box, gets dropped into existing networks, creating an impenetrable mechanism by which two different endpoints can communicate with one another.
“Think of it as if we are talking on two phones,” Indeck explains. “Everything I send you over the telecommunications path goes from my phone to your phone. My phone knows how to encode and your phone knows how to decode. Within a second, we have gone through so many of these keys [quantum generated sets of ones and zeros] that it would take a trillion years to crack the system. We’ve added orders of magnitude that are a million times harder by being able to generate these keys so quickly.”
As the strongest commercially available IT security system on the market, Q-Net’s Q-Box is currently being employed by several government and non-government entities to secure everything from critical infrastructure and medical systems to IOT (Internet of Things) and transportation systems. Because Q-Net works with highly-sensitive information and signs non-disclosure agreements with all of its customers, Indeck cannot name the companies and government entities it is working with. However, he can speak publicly about Q-Net’s contracts with the Air Force and the Army. Additionally, he notes that the company’s number one commercial customers are utility companies, especially those working with solar, wind and similar distributed energy resources, and that additional clients include an unnamed country’s national health system, another country’s ministry of defense and several banks in Latin America.
“We are bringing solutions to critical infrastructure networks that prevent adversaries from going in and monkeying with our systems; it’s that simple,” says Indeck. “It also keeps data in the networks. We read about data that comes from a company going out to China or another state actor; that data exfiltration might contain important trade secrets. Our systems keep people out, but they also prevent data from being leaked out. It provides a provably secure solution to securing this sensitive information.”
Indeck believes being located in St. Louis has been particularly beneficial for Q-Net’s success and is quick to point out the many factors that led him and Cox to found the company here. Though he admits it was convenient – since Cox and Indeck are affiliated with Washington University in St. Louis, the metro area was the natural choice for Q-Net’s headquarters. However, the decision was not only one of convenience. As Indeck explains, a company like theirs can be located anywhere, and there are advantages to being located in the middle of the country. With customers across the United States, having a central location makes it much easier to get from coast to coast. This, coupled with the region’s manufacturing and agriculture industries that demand high security means a reliable customer base – one that is only going to grow as the area builds its geospatial industry with the expansion of the National Geospatial Intelligence Agency.
“This is actually a very good place to do high-technology solutions,” says Indeck. “We have a lot of high tech here; you might not think of us first and instead think of Silicon Valley, the East Coast, Houston or Denver, but if you think about it, we have good universities, good people and we also have an awesome quality of life that you don’t see in those other places. People want to move here, and be here, and live here.”