Cybersecurity for industrial organisations is a hot topic, with the global ICS security market expected to grow from 10.9 per cent to 12.7 per cent within the next year. With the industry predicted to reach approximately $24.4 billion by the end of 2023, customer demands are changing as we reach this new milestone and new trends are now becoming clear.
From my conversations with customers, I have learned that downtime is one of the most frightening things for them, because business continuity is crucial for their industries. For example, in metallurgy manufacturing facilities, if a blast furnace stops working, it can be impossible to start it again, so the organisation is forced to build a new one. And now, with automation being adopted, downtime can occur due to cyber-incidents.
Keeping in mind this information, here are some suggestions on what new processes occur in cybersecurity for industrial control systems (ICS), why they happen now, and how they can eliminate businesses’ pain points.
Stuxnet as a precedent
Let’s recall how it began. The notorious Stuxnet case showed in 2010 that critical facilities were not ready to rebuff cyberattacks. Back in those days, protection technologies for ICS were not widely available, so companies were in great need of at least a basic anti-malware protection for operational technology (OT) endpoints.
More frequently occurring cybersecurity incidents only reinforced this demand. For example, first appearing in 2014, an APT group known as Black Energy specifically targeted ICS and energy organisations worldwide; in 2015, a massive power outage in the Ukraine left more than 200,000 people without power; the NotPetya ransomware cost global shipping operator Maersk up to $300 million; and in 2019, Norsk Hydro fell victim to a ransomware attack that cost the company more than £45 million.
Then came the reaction from the cybersecurity market. Annual growth was around 8.8 per cent, from $12 billion in 2016 to $15 billion in 2018, with new and existed cybersecurity vendors launching their solutions for critical infrastructure during this period. The market became much more mature as cybersecurity was prioritised on a state level, with the organisation of national ICS CERTs (computer emergency response teams), such as in the US or the EU. The national and international cybersecurity agencies, such as European ENISA, established dedicated ICS recommendations. Standards were also developed for specific national industries, such as the NORSOK standard for the Norwegian petroleum industry.
As a result, industrial customers globally achieved the basic level of ICS endpoint protection. We asked 359 ICS professionals all over the world about the state of their organisations’ OT cybersecurity. The results revealed that the absolute majority of them (97 per cent) claimed they already implemented an anti-malware solution for industrial endpoints. So, what is the next level?
Unlocking new levels of integration
Industrial control systems should work smoothly to ensure manufacturing processes remain continuous. According to a 2019 survey, nearly half of organisations (49 per cent) are looking to increase OT efficiency while four out of five (79 per cent) want better management of cybersecurity risks. If running a cybersecurity solution for network security may affect the OT automation process, this would create a big incompatibility challenge for OT engineers.
To meet this customer pain point, cybersecurity solutions for industrial facilitates should be developed to allow for closer integration of protection technologies into Supervisory Control and Data Acquisition (SCADA) systems. This enables the industry to move from simple endpoint protection, towards creating an industrial automation system with built-in protection. More security services, such as asset management, incident response and even security operation centers may be then added to this integrated system. We expect that this will be the primary development in the next five years, though it may be slightly delayed due to the coronavirus outbreak.
Cybersecurity vendors that invest in cooperation with other industry players will put themselves into pole position – in motorsport, it is the best starting position. The expected challenge here is that OT vendors, specific service providers and customers may appear at different levels of maturity – in terms of technology, automation and organisational processes. If a cybersecurity vendor, for example, establishes cooperation with other players, it should be ready to adapt its technologies to meet the maturity level of other participants and be ready to improve them accordingly.
What does streamlined systems mean for customers?
Instead of a patchwork blanket of different automation and cybersecurity products that may affect each other’s efficiency, customers will be able to implement one integrated system that combines automation and protection, empowered with dedicated expertise.
User experience and a plug-and-play principle in the design of such unified solutions will offer the main competitive advantages. Adding one more security service, for example, an intrusion detection system, or a sandbox, and managing them centrally, should be no more difficult than installing a smartphone application.
Centralisation and scalability of these solutions is primarily relevant for enterprises that are already actively using OT automation and asset management, or for vertically integrated industrial companies, such as mining, automotive and manufacturing, metallurgy, petroleum retail, electric grid complexes and transportation of petroleum products.
The ease of integration with third-party systems, low operating costs, simplicity of the solution, and compliance with the requirements of supply chain security, are relevant for private manufacturing companies and horizontally integrated ones – such as chemical manufacturing, mechanical engineering, the production of materials and components, the food industry and automated agriculture.
What’s next for ICS
When I look back at the industry and realise how much it has already evolved, I am pleased and hopeful; it underlines a great dynamic between cooperation and transformation. This is before IoT has even come into the equation, which presents its own cybersecurity challenges, which industrial organisations need to face head-on.
In the face of the Covid-19 pandemic and the ongoing situation in the oil market, I believe hard times will not stop progress. We at Kaspersky are betting on it and are contributing huge efforts to the development of ICS threat expertise, dedicated services and protection solutions, as well as cooperating with other industry players.
Alexander Moiseev, Chief Business Officer, Kaspersky