Worldwide, businesses are making investments in technologies that improve staff productivity and enhance organisational flexibility. Technologies such as cloud, analytics, and mobility are therefore helping organisations achieve their business goals more easily. The momentum of the Internet of Things (IoT) is driving several industries such as smart manufacturing to adopt and embrace the advantages of connecting to the Internet; however, this is also unknowingly exposing these industries by making them more vulnerable to the threats that IoT brings. In light of this, industrial vendors have started to innovate new offerings to help industries develop better security tools through consultation and system integration services. Similarly, security vendors that have traditionally helped business networks in the ICT space have started to move towards helping these industries receive better protection as they connect to the Internet.
Global businesses are currently focussed on making investments in technologies that primarily improve staff productivity and enhance organisational flexibility. Technologies such as cloud, analytics, and mobility are therefore helping organisations to achieve their business goals more easily. A rough scan of the industry has revealed that adoption of cloud services and IT consolidation have become the top priorities for most global organisations in 2016–2017, closely followed by the use of enterprise mobility, collaboration, and social media platforms. These emerging technologies are starting to significantly impact a whole range of industry sectors.
However, as a result of increased adoption of these technologies, security concerns across industries are witnessing an unprecedented rise. From most developed economies’ standpoint, it has become evident that given the abundance of funds to lock into large investments, high demand for technology and Internet, mobile penetration, and the thriving online services market are making industries an attractive target for cyber criminals. Exhibit 1 illustrates the various types of cyber criminals.
Exhibit 1: Cybersecurity: Types of Cyber Attackers
Exhibit 2: The Significance of Convergence of Information Technology (IT)/Operational Technology (OT)
The successful implementation of end-to-end management of IT and OT is usually expected to positively impact businesses that have invested heavily in OT; some examples would be manufacturing and transportation. Exhibit 2 portrays the definition of IT and OT in the ICS security market. Traditionally, there existed a significant disconnect between IT and OT departments in organisations due to reasons such as technology misalignment, cultural aspects, ownership, and governance. However, increasingly, businesses are starting to think about IT and OT convergence for two major reasons:
- Economic pressures as a result of intense competition and globalisation
- Competitive advantage and benefits that stem from the integration of these disciplines
Exhibit 3 illustrates the key trends driving IT/OT convergence. As a result, the need to connect ICS systems to the Internet has become critical. Some of the drivers of Internet connectivity in ICS systems are indicated in the exhibit below. Some substantial benefits of IT/OT convergence include significant reduction in costs, considerable reduction in risk, visibly enhanced performance, and notable flexibility gains for companies.
Exhibit 3: ICS Security Market: Key Trends Driving IT/OT Convergence, Global, 2016
Trends Driving Uptake of Internet Connectivity in ICS
The convergence of IT with OT has triggered significant changes in workflow processes, remote monitoring approaches, asset management philosophies, and day-to-day production operations.
- Reduced Costs: One of the most significant and widely appreciated benefits of Internet connectivity in an ICS environment is its ability to reduce costs. Internet connectivity reduces the requirement for multiple on-site personnel to monitor the condition of the various machinery.
- Safety Initiatives: ICS environments (plants, mines, and oil and gas exploration sites) tend to be hazardous; from a safety standpoint, Internet connectivity aids in implementing safety initiatives for emergency situations.
- Data Management: Industrial control systems generate massive amounts of data. The data generated is useful for SCADA control infrastructure, high-level ERP, and business networks. Previously, this data was manually reported back to the business networks due to the lack of automation and Internet connectivity. However, with the onset of Internet connectivity, data is transmitted back seamlessly and accurately in real time.
- Condition-monitoring: Internet connectivity enables site operators and engineers to monitor and inspect processes and industrial systems using their mobile devices, which run industrial applications on the go. These mobile devices run industrial applications which require Internet connectivity to access data from the processes and systems.
Digital Technologies—A Boon or a Bane?
Global businesses have embraced digital technologies at a high rate. For example, Australia, Germany, and the United States rank in the top three countries at a global level for cloud adoption. This finding is validated by survey reports, which highlight that business executives had rated adoption of cloud services/IT consolidation as their top priority for 2016.
Furthermore, to support the growing incidence of remote working and the ubiquity of mobile devices from across the globe, over 70% of organisations in most developed nations are starting to embrace a mobility strategy. The investments in these technologies indicate that modern businesses are focusing on improving productivity, agility, and enhancing internal process efficiency, which were rated as the top business drivers for IT in 2016.
The Industrial Internet of Things (IIoT) is driving various industries to integrate sensors and devices into their operations and connect them to the Internet to drive productivity and agility and improve internal process efficiency. In most developed nations, energy and mining alongside the power and utilities sector are the leading adopters of IIoT. Exhibit 4 indicates that sectors such as hospitality, retail, and financial services are relying on IIoT to deliver better customer experience.
Exhibit 4 – ICS Security Market: Top IoT Adopters by Industry, Penetration Rate (%), Global, 2016
Although cloud and mobility enable employees to remotely access business networks, the use of cloud and mobility is also a key concern for organisations. As the devices that access the corporate network fall outside organisations‘ radar, organisations are unable to effectively defend against threats. As a result, the possibility of unintentional data loss due to decreased levels of protection increases.
Exhibit 5: ICS Security Market –– Top Challenges For Different Technologies, Global, 2016
Exhibit 5 illustrates the Frost & Sullivan security analysis, which has indicated that for various technologies such as cloud, enterprise mobility, and BYOD, security concerns top the list, as indicated in the charts above.
Predictably, increasing use of these technologies in an ICS environment significantly increases the risk of a security breach.
Exhibit 6: Business Case for Cybersecurity in the Industrial Sector:
Exhibit 6 indicates that the rising adoption of wireless and cloud-based operating models by several industries is making the need for a hybrid security operational model that is inclusive of multi-layered defence systems an absolute necessity. As industries such as oil and gas, and chemicals and power, brace for business process re-engineering and re-draw reference architectures, the need for a single-platform-based integrated change control and configuration management solution emerges.
A bulk of investments in new-generation plants has been towards wind- and solar-powered plants thus, indicating the shift in technology mix, which is driven by technological change and government policies. The demand for electricity has stayed flat in some cases or declined for six consecutive years, which is resulting in reduced network investments being made to augment capacity.
On the other hand, replacement expenditure of ageing assets has increased. For example, the reduced demand for electricity since 2008 has led to coal- and gas-powered plants being permanently or temporarily removed from the market.
Exhibit 7 indicates energy by production type.
Control and monitoring solutions are critical to wind and solar power plants. The utilities sector will witness an increased investment in industrial control systems and automation solutions in this sector. On the distribution side, developed nations’ distribution companies are making significant investments towards automating the substations. Furthermore, residential energy storage will enable two-way communication between household batteries and the utilities company.
Oil and Gas Sector:
Various types of cyber risks in O&G includes scenarios where hackers can fake data about pressure, temperature and other measurements and oil quantity, which can significantly impact decision-making. OT is used to control and monitor physical processes in the oil and gas industry. It is also used to acquire data from processes (valve positions, temperatures, pressures, tank levels, human operators) and control hydraulic, electric, mechanical, or pneumatic actuators. As a result of the IT/OT convergence, cyber-attacks in the oil and gas sector have increased significantly in the last 12–24 months.
Cybercrimes cost energy and utilities companies on average of $13.2 million each year for lost business and damaged equipment––higher than in any other industry.
ICS systems are extensively used to automate processes at mine sites and mineral processing facilities. Due to the lucrative nature of the business, in recent years, the mining industry has been a target of corporate espionage, extortion, and information stealing.
Computer networks and the industrial control systems that raise dam gates, operate pumps, disinfect drinking water, and guide an assortment of other critical functions are vulnerable to cyber-attacks. This sector of critical infrastructure helps ensure the integrity of services such as healthcare and transportation; provide the source of fire protection; support the energy, transportation, and agriculture sectors; and is responsible for public health protection.
The consequences of a breach can be severe, such as chemical/biological contamination of raw/drinking water supply, inability to treat/convey drinking water, chemical/ biological contamination of the environment, and damage to equipment/infrastructure.
- Threat awareness is high. However, industry adoption is restrained by cost of implementation and clear ROI benefits.
- Service companies could play the role of collecting data and managing process security, essentially filling in the shoes of a CIO and a COO.
- Modernization/retrofit opportunities drive strategic partnerships between automation solution providers and EPC firms.
- Convergence of information and security drives the need for Main Automation Electrical and Information Contractor (MAEIC) in key end-user industries.
- End-users prefer to have the ability to choose from an a-la-carte package of elements for cybersecurity implementation, which refers to the need for main cyber-security contractor model.
About Frost & Sullivan
Frost & Sullivan’s expert analysts, research experts, and consultants continually evaluate and monitor the oil and gas (O&G) market to develop timely and strategic market intelligence reports which includes growth drivers and restraints, market sizing, market shares, growth rates, competitive analysis, benchmarking, as well as regulatory and technology issues. Through our Oil and Gas Growth Partnership Services program, clients receive a continuous flow of actionable market, technical, and econometric intelligence, and effective strategies for growth. Our global team of market analysts, consultants, and industry experts continuously monitors the market and provides local expertise along with a global perspective.
F&S has experience in the following areas:
- F&S covers the entire value chain of O&G industry
- Value proposition for the industry
- Coverage of O&G services industry
Frost & Sullivan leverages almost 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 31 offices on six continents.