Industrial cyber security: An idea whose time has come?

IHS believes there will be a shakeout in the market for industrial cyber security. Although the market will attract some new entrants, this will be largely offset by companies choosing to exit the business and by acquisition-driven consolidation.

10/01/2014


The world market for industrial cybersecurity by product category. Courtesy: IHS Inc.The market for industrial cyber security products remains extremely immature, with currently more than160 vendors offering a wide variety of hardware, software and services. In contrast to other parts industrial automation markets, no one vendor dominates; and those with the highest market share typically specialize in a particular region, industry sector or technology. IHS believes there will be a shakeout — although the market will attract some new entrants, this will be largely offset by companies choosing to exit the business and by acquisition-driven consolidation.

Control systems already in use will sustain the market for "on-top" industrial cyber security hardware, software and services (control system upgrades are expensive and must be kept in place for many years to show a return on the investment); many of these systems are inherently insecure. A quiet revolution is already occurring in an industry more used to incremental improvement. Vendors of control systems have united around IEC 62443 (the international version of ISA-99) which, when finalized, will describe how to secure control system assets throughout the lifecycle of those assets (including development). Whereas security was an afterthought in earlier generations of control systems, asset owners have pushed suppliers to restructure products to include security features to provide some inherent levels of protection. Only parts of the IEC 62443 standard have so far been released; but once the standard and certification services are available, all tier 1 vendors are expected soon to offer an IEC 62443 product.

It is likely that these products will have different levels of capability. IEC 62443 has seven major criteria for building secure components/systems. For these criteria, the IEC 62443 standard borrows some of the language of the safety world - the security levels "SL" are analogous to safety-integrated-levels, with levels ranging from 1 to 4 (SL 1 being least secure, SL 4 being most secure) although the final security level depends on how the asset owner implements the component or system.

Overall, IHS projects a good but not spectacular growth rate for industrial cyber security hardware, software and service revenues, with an annual average growth rate of 12% from 2013 to 2019. The market will be sustained by the high number of legacy assets which require securing. Over a much longer 10-15 year time frame, the demand for on-top cyber security hardware, software, and services is likely to decrease, as fewer compensating controls will be required to secure control systems that are secure by design.

The largest "known unknown" remains legislation. IHS believes that legislation affecting the process and discrete industries is unlikely; as one of the lessons of NERC-CIP (industrial cyber security legislation affecting the power industry in North America) is clearly that it is possible to spend a lot of money without necessarily improving security. That said, all bets are off should a major incident occur; some government will be compelled to "do something." The effect of investment on profit is also a concern: the oil industry (both upstream and downstream) is one of major spenders on industrial cyber security products, as the high price of oil can support investment. However, the water industry, despite its importance to society, is not a major spender on these products, as it comprises smaller companies with prices often set by regulators.

- Edited by CFE Media, Control Engineering, Plant Engineering.



Vytautas , Quebec, Lithuania, 10/02/14 03:23 AM:

Very good article. Good point about legislation. Somehow the recommendations and standards need to be more "mandatory". The good ideas and practices need to be implemented even in spite of the dificulties iin paying for them.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me