Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends



Similar documents
McAfee Security Architectures for the Public Sector

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cyber Security Seminar KTH

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Document ID. Cyber security for substation automation products and systems

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

How To Buy Nitro Security

SCADA Security Training

Defending Against Data Beaches: Internal Controls for Cybersecurity

Update On Smart Grid Cyber Security

Cybersecurity Implications in the US Chemical Industry. Modernization and Greenfield Opportunities

Phone: Fax:

Verve Security Center

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG All rights reserved

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Ecom Infotech. Page 1 of 6

Energy Cybersecurity Regulatory Brief

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

ICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

Security Services. 30 years of experience in IT business

CYBER SECURITY Audit, Test & Compliance

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Industrial Cyber Security 101. Mike Spear

Effective Defense in Depth Strategies

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Cyber Security and Privacy - Program 183

Cyber Security for NERC CIP Version 5 Compliance

INSERT COMPANY LOGO HERE

Practical Steps To Securing Process Control Networks

The Benefits of an Integrated Approach to Security in the Cloud

1 Introduction Product Description Strengths and Challenges Copyright... 5

Symphony Plus Cyber security for the power and water industries

Phone: Fax:

IBM QRadar Security Intelligence April 2013

IBM Security Strategy

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Industrial Security for Process Automation

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Решения HP по информационной безопасности

North American Electric Reliability Corporation (NERC) Cyber Security Standard

How To Achieve Pca Compliance With Redhat Enterprise Linux

Security and Privacy

Feature. SCADA Cybersecurity Framework

The Attacker s Target: The Small Business

The Cyber Threat Profiler

Cybersecurity and internal audit. August 15, 2014

Q1 Labs Corporate Overview

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Increasing Situational Awareness and Multi-zone Protection of Utility Infrastructure

Ovation Security Center Data Sheet

Cisco Security Intelligence Operations

What is Security Intelligence?

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Trend Micro. Advanced Security Built for the Cloud

Capabilities for Cybersecurity Resilience

Clavister InSight TM. Protecting Values

Jort Kollerie SonicWALL

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Italy. EY s Global Information Security Survey 2013

Defending Against Cyber Attacks with SessionLevel Network Security

Smart Grid Cyber Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

SCADA Security: Challenges and Solutions

How Secure is Your SCADA System?

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Enterprise Cybersecurity: Building an Effective Defense

TRIPWIRE NERC SOLUTION SUITE

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

ISACA rudens konference

Unified Security, ATP and more

Emerging Trends in the Network Security Market in India, CY 2013

Critical Infrastructure Cybersecurity

The Education Fellowship Finance Centralisation IT Security Strategy

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

How To Create An Insight Analysis For Cyber Security

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

An International Perspective on Security and Compliance

Transcription:

Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1

Worth over $ 50 Billion globally in 2014 Cyber security ICT Security in the Private Corporate Domain $ 28 Billion Cyber Warfare $ 22 Billion ICT Investigation $ 1 Billion Some Key Players: Boeing, Lockeed Martin, Raytheon, Thales, Selex SE, Nothrop Grumman, BAE, Qinetiq, Mc Afee, Norton, Symantecs 2

What is our response to a cyber security incident? 3

UK: Cyber capability development Their main aims are to increase awareness of the risks of cyber attacks, to share any threat intelligence The Government must be more vigorous in its approach to cyber security, says the Defence Committee in its report published in Jan 2013. 4

Is Cyber Warfare perceived as a threat? Whatever the objective the cyber option is appealing, but Source: MMC 5

Critical Infrastructure Industries at Stake USA: Over 200 incidents across all critical infrastructure sectors in the first half of 2013 100% increase over 2012! Energy Segment 2011 2012 2013 (H1) 31 82 111 Cyber attacks in the energy sector may be on the rise but so far they have been characterized by espionage and intellectual theft purposes and not system disruptions. Source: ICS-CERT; Frost & Sullivan 6

The Evolving Strategies Emerging Industrial Models Market Trends Fragmented High level of cloud security is expected, as control system solution providers consider the possibilities of transcending SCADA systems and the Ethernet into the cloud. Consolidation and Partnerships Evolving Markets On-demand hosted services will present significant revenue potential. Security solutions for virtualized and cloud technologies will represent high growth potential. Increasing Role of Managed Services Source: Frost & Sullivan 7

Existing Solutions Transition from Static Solutions to Adaptive Solutions Types of Security Solutions, NA, 2012 Identify Threat Monitor Network Solution Themes Isolate Threat Threat Management Resolve Threat After Stuxnet and Night Dragon attacks we are now moving towards a proactive rather than reactive approach will require security intelligence solutions. Source: Frost & Sullivan 8

Level of Attractiveness Investing in the Right Technologies to Aid in Business Continuity Solutions designed specifically for the cloud and virtualization environments will be the next frontier. Technology Placement in the Industry, 2012 Mature Low Growth Emerging High Growth Application whitelisting BYOD-specific solutions Cloud-specific solutions Deep packet inspection SIEM Solutions for virtualization Unidirectional diodes Mature Low Growth Intrusion prevention/ detection systems Emerging Low Growth Next-generation firewalls Anti-virus Host intrusion prevention Growth Rate Source: Frost & Sullivan 9

Government Initiatives A Necessary Backbone for Growth Key targets from regulatory initiatives Total Automation Cybersecurity Market: Regulatory Targets, NA, 2015 2018 2015: all COTS cyber ICS and standalone components are secure-by-design. 2016: A certification center with the capability to verify that cyber vulnerabilities for ICS and components are secure and available. 2017: Self-configuring, secure ICS network architectures. 2018: Secure ICS architectures are designed, installed, and maintained with built-in, end-to-end security. Information Sharing Monitoring Projects such as SHINE and ICS-CERT aim at providing visibility and information sharing in terms of providing information on automation system vulnerabilities. Project SHINE has revealed about 50,000 IP addresses that connect to about 7200 control systems in the United States. To improve monitoring capabilities, the Federal Information Security Management Act (FISMA) has initiated a compliance reporting tool through the new automated CyberScope. Implementation A good security solution is one that has been implemented effectively. The ISA100 incorporates basic security by design, a concept that incorporates security into all aspects of network design, construction, and operations. Source: Frost & Sullivan 10

Energy, Oil & Gas Segments 11

Oil and Gas A Target Rich Environment The oil and gas industry is moving to a more digital, integrated operating environment. Understanding the Oil and Gas Industry Third-party connections People Subsea systems 3D virtual technology & visualization Technology Digital Oilfield Digital oilfields enable a real-time, multidiscipline way of connecting with all the disparate assets. Reporting Process Digital map of an average oilfield Exploration Seismic/simulation projects Drilling Optimization Production (offshore fields) On an average, 1000 I/O points Average data streaming: 10 GB/day Refining On an average, 30,000 I/O points 1Terabyte/day raw data Transactional processing Real-time data and remote operations Connectivity and information are key enablers for the digital oilfield. Despite the numerous advantages, security solutions and implementation can be restrictive factors. 12

Security Opportunities Oil and Gas Industry Solution providers need to focus on security analytics and training. Security Opportunities in Oil and Gas Industry, NA, 2012 Training and certification Focus on security analytics to aid in data flow blueprints Change and compliance management solutions Industry collaboration Solutions that are interoperable in the cloud Solutions that focus on safety integrated systems Dependence on patching solutions Raise Create Reduce Source: Frost & Sullivan 13

Efficient but Complex Smart Grid The smart grids face implications in terms of access control, asset integrity, and data confidentiality. Power Industry Security Perspective, NA, 2012 Previously known attacks Current status of the security systems Several incidents that include malware and slammer worms in an electric utility as well as a weaponized virus and found in a turbine control system. A likely cause of the Florida blackout is attributed to a security breach. Modern SCADA systems There is a growing requirement for tools to manage, monitor, and maintain the widely dispersed assets. Challenges in the Smart Grid Space: Two-way communication systems Distributed connectivity: Distributed solar or wind farms have less control over physical access Access to customer utilization data Weak authentication and access control Interoperability Conflicting focus points: Power distribution and transmission in smart grids is becoming an increasing concern for solution providers due to the privacy issues involved While control systems focus on availability first, these grids look at confidentiality first. This further complicates security and operating priorities. Source: FERC; Frost & Sullivan 14

Security Opportunities Power Industry Security Opportunities in Power Industry, NA, 2012 Individual equipment solutions Change and compliance management solution Data access control and authorization Raise Simulation tools for training End-to-end solutions Product bundling strategies Partnerships with IT vendors Create Replace redundant regulations Reliance on compliance alone as it does not address zeroday threats Reduce Source: Frost & Sullivan 15

What next Rise of the Managed Service Provider Total Automation Cybersecurity Market: Understanding Managed Services, NA, 2012 Security Industrial automation and process control system Operational assurance Compliance Examples of companies providing managed services for control systems Company Industrial Defender IBM Dell/Secureworks McAfee Solution Compliance, protection, and change management SCADA security solutions NERC CIP compliance Application control, change control, integrity control Source: Frost & Sullivan 16

For Additional Information Philipp J. Reuter Managing Director, Frost & Sullivan Turkey & Region Tel: +90 212 244 69 41 Philipp.reuter@frost.com 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information