Cybersecurity Implications in the US Chemical Industry. Modernization and Greenfield Opportunities

Transcription

1 Cybersecurity Implications in the US Chemical Industry Modernization and Greenfield Opportunities April 2015

2 Contents Section Slide Number Executive Summary 3 Research Scope, Objectives, Methodology, and Background 6 Definitions and Segmentation 13 Market Overview 17 Mega Trends and Industry Convergence Implications 22 Technology Analysis 29 Chemical Manufacturing and Processing Segment Analysis 35 Chemical Storage and Transportation Segments Analysis 40 Region Analysis The United States 45 Conclusions and Future Outlook Cybersecurity in the Chemical Industry 49 Appendix 53 2

3 Key Findings Cybersecurity in the Chemical Industry: Key Takeaways, US, Although the overall cybersecurity has improved in the US chemical industry, approximately two out of three attacks are not discovered internally, but are reported by an external agency. 2 The annual budget spent on cybersecurity for smaller companies ranges from to %, while the budget spent on larger companies ranges from to %. 3 Regulatory compliance with government agencies is crucial and chemical companies take penalties seriously because of potential government investigations and fines. 4 In order to combat cyber attacks, it is necessary to ensure the privacy of company data and cybersecurity information sharing within the industry, as well as provide clarity and compliance about regulations. 4

4 Key Findings and Future Outlook Cybersecurity in the Chemical Industry: Current and Future Outlook, US, 2014 and 2017 Parameters Current Outlook (2014) Future Outlook (2017) Market Status Although cybersecurity has improved, the security needs of small and medium-sized companies will have to be dealt with. Chemical factories of the future will be designed on standardized and modular platforms, requiring specialized and focused security solutions. Competition Solutions Customers focus on vendors with significant expertise and knowledge in the cybersecurity space that can also offer cost-effective solutions. Vendor strategies are more focused on risk assessments, audits, and evidence management. Implementation is taking a siloed approach; however, a more standardized and central approach will be required. Vendor strategies in the future will have to incorporate useful intelligence reporting, perimeter and intrusion management, protection management, and regulatory-change management solutions. Solutions will have to develop and follow Standard Operating Procedures (SOP) for routine functions such as backups, antivirus, user management, remote system access, removable media use, and access policy. Vendors will have to certify compliance with cybersecurity standards and include the tests as part of their Factory Acceptance Testing (FAT). Technology Value Proposition Market Entry Barriers Security intelligence, hot patching, intellectual property protection, penetration testing, and device control systems are frequently used technologies. The industry is slowly moving from a reactive approach to a proactive approach. Operational safety and information confidentiality are key factors driving cybersecurity investments. However, there is still an imbalance between the world of Information Technology (IT) and Operation Technology (OT). The complexity of regulations and lack of sufficient industry resources restricts the development of more proactive solutions. Adoption of intelligent devices will require focus on awareness and training to aid in the implementation, effective management, and prioritization of cybersecurity solutions. Virtualizing assets and placing them in isolated networks may also become a possibility. Operating systems will need to evolve to the point where they do not operate in silos. The industry will move towards a lifecycle model to manage control systems and safety systems. IT and OT will need to improve communication and awareness of the different requirements for each platform. The limited cybersecurity-focused workforce hampers implementation improvements and management of advanced defence solutions making it difficult for end users to continuously develop their security solutions. 5

5 Research Scope Base Year 2014 Industry Focus Chemicals Geographical Scope The United States Study Period

6 Research Aims and Objectives Aim The aim of this study is to research and analyze various parameters, such as industry drivers, challenges, customer behavior, vendor support, and best practices that influence the cybersecurity market in the chemical industry. Objectives To evaluate and assess the current state of cybersecurity preparedness To determine the unmet needs and pain points related to cybersecurity To understand buyer behavior To identify industry best-practices, next-generation practices, and new business models 8

7 Key Questions This Study Will Answer Cybersecurity in the Chemical Industry: Key Questions This Study Will Answer, US, 2014 What is the current state of awareness and concern regarding the issue of cybersecurity in the US chemical industry? What are some critical challenges regarding cybersecurity awareness and adoption that are facing the industry; how are these challenges being addressed? How can vendors optimize their support role in executing a cybersecurity strategy? What are the new business models emerging from the evolution of smart chemical plants? What are the best-practices related to cybersecurity within the chemical industry? 9