By Alexander Moiseev
Cybersecurity for industrial organisations is a hot topic, with the global ICS cybersecurity market expected to grow from 10.9% to 12.7% in a year and to reach approximately $24.4 billion by the end of 2023, according to different forecasts. Industrial cybersecurity seems to achieve a certain milestone, customers’ demands have changed and now some new trends should become apparent.
From what I learned by talking to our customers, downtime is one of the most frightening things for them, because business continuity is crucial for their industries. For example, in metallurgy manufacturing facilities, if a blast furnace stops working it can be impossible to start it again, so the organisation simply has to build a new one. And now, with automation being adopted, downtime can happen because of cyber-incidents.
Keeping in mind this insight, here are some suggestions on what new processes occur in cybersecurity for industrial control systems (ICS), why they happen now and how they eliminate businesses’ pain points.
From Stuxnet to nowadays
Let’s recall how it began. The notorious Stuxnet case showed in 2010 that critical facilities were not ready to rebuff cyber-attacks. Back in those days, protection technologies for ICS were not widely available, so companies were in great need of at least basic anti-malware protection for OT endpoints.
Then, more frequent cybersecurity incidents only reinforced this demand. For example, first appearing in 2014, an APT group known as Black Energy specifically targeted ICS and energy organisations worldwide; in 2015, a massive power outage in the Ukraine left more than 200,000 people without power; the NotPetya ransomware cost global shipping operator Maersk up to $300 million and in 2019, Norsk Hydro fell victim to a ransomware attack that cost the company more than £45 million.
The cybersecurity market reacted to this trend. Annual growth was around 8.8%, from $12 billion in 2016 to $15 billion in 2018, with new and existing cybersecurity vendors launching their solutions for critical infrastructure during this period. The market became much more mature as cybersecurity was prioritised on a state level with the organisation of national ICS CERTs (computer emergency response teams), such as in the US or the EU. The national and international cybersecurity agencies, such as European ENISA, established dedicated ICS recommendations. Standards were also developed for specific national industries, such as the NORSOK standard for the Norwegian petroleum industry.
As a result, industrial customers globally achieved the basic level of ICS endpoint protection. We asked 359 ICS professionals all over the world about the state of their organisations’ OT cybersecurity. The results revealed that the absolute majority of them (97%) claimed they already implemented an anti-malware solution for industrial endpoints. So, what is the next level?
New level unlocked: integration with automation systems
Industrial control systems should work smoothly to ensure manufacturing processes remain continuous. According to a 2019 survey, half of organisations (49%) are looking to increase OT efficiency while four out of five (79%) want better management of cybersecurity risks. If running a cybersecurity solution for network security may affect the OT automation process, this would create a big incompatibility challenge for OT engineers.
To meet this customer pain point, cybersecurity solutions for industrial facilitates should be developed to allow for closer integration of protection technologies into SCADA (Supervisory Control and Data Acquisition) systems. This enables the industry to move from simple endpoint protection towards creating an industrial automation system with built-in protection. More security services, such as asset management, incident response, and even security operation centers may then be added to this integrated system. We expect that this will be the primary development in the next five years, maybe with a little delay due to the Coronavirus outbreak.
Cybersecurity vendors who invest in the cooperation with other industry players will put themselves into pole position – in motorsport, it is the best start position. The expected challenge here is that OT vendors, specific service providers, and customers may appear at different levels of maturity – in terms of technology, automation and organisational processes. So, if a cybersecurity vendor, for example, establishes cooperation with other players, it probably should be ready to adapt its technologies to meet the maturity level of other participants and be ready to improve them accordingly.
What does it mean for customers?
Instead of a patchwork blanket of different automation and cybersecurity products that may affect each other’s efficiency, customers will be able to implement one integrated system that combines automation and protection, empowered with dedicated expertise.
User experience and a plug and play principle in the design of such unified solutions will offer the main competitive advantages. Adding one more security service, for example, an intrusion detection system, or a sandbox and managing them centrally, should be no more difficult than installing a smartphone application.
Centralisation and scalability of these solutions is primarily relevant for enterprises that are already actively using OT automation and asset management, or for vertically integrated industrial companies, such as mining, automotive and manufacturing, metallurgy, petroleum retail, electric grid complexes and transportation of petroleum products.
The ease of integration with third-party systems, low operating costs, simplicity of the solution, compliance with the requirements of supply chain security are relevant for private manufacturing companies and horizontally integrated ones – such as chemical manufacturing, mechanical engineering, the production of materials and components, the food industry and automated agriculture.
It is very exciting to see how the industry has evolved and this reveals a great dynamic between cooperation and transformation. We have not even mentioned IoT, which is another big journey for industrial organisations that can contribute to cybersecurity challenges.
Although the industry seems to be facing hard times because of the COVID-19 pandemic and the situation in the oil market, I believe it doesn’t stop processes. We at Kaspersky are betting on it and contributing huge efforts to the development of ICS threats expertise, dedicated services and protection solutions, as well as cooperation with other industry players.
(Alexander Moiseev is the Chief Business Officer at Kaspersky).