全球OT網絡安全行業分析（2022）

Global OT Cyber Security Industry Analysis 2022

出版日期: 2022年05月01日 | 出版商:

Westlands Advisory Ltd | 英文 140 Pages | 商品交期: 最快1-2個工作天內

價格

簡介目錄

IT/OT 網絡安全是指保護用於過程控制的操作技術 (OT)。低價模式關注的是0-3級工業操作的保護，但在實踐中主要與過程控制級、本地控制室和DMZ有關。

OT 網絡安全領域正在發生重大變革。運營商正在轉變其安全運營，以應對運營連接性和自動化方面的進步，以及將以前孤立的系統暴露於互聯網的相關風險。因此，資產所有者正在增加其在 OT 保護方面的網絡安全支出份額，從 2019 年佔工業網絡安全總支出的 17% 上升到 2027 年的 22%。這是一個前景。

本報告分析了全球OT網絡安全行業，分析了行業基本結構、近期主要趨勢、主要市場推動/制約因素、市場規模（支出）趨勢展望，以及按地區/行業。我們將帶來結合其他詳細趨勢和整個行業的生態系統等信息。

食品飲料市場規模及預測
汽車市場規模和預測
醫藥市場規模及預測
離散製造市場規模和預測
鐵路市場規模及預測
航運/物流市場規模及預測
能源市場規模和預測
水和污水市場規模及預測
油氣市場規模及預測
化工/石化/其他市場規模及預測

生態系統分析

IT/OT 安全平台導航器

Cisco
Fortinet
Belden (including Tripwire)
Dragos
Forescout
OPSWAT
SCADAFence
Tenable
Check Point Software
Claroty
Kaspersky
Nozomi Networks
Palo Alto Networks
Radiflow
Trend Micro
Verve Industrial Protection

專業/託管安全服務導航器

Accenture
Deloitte
EY
Honeywell
IBM
PwC
Rockwell Automation
Siemens Digital Industries
Thales
BT
Fujitsu
Telekom Security
ATOS
CapGemini
Orange Cyberdefense
Jacobs
KPMG

替代方案

附錄

簡介目錄

Report Summary:

IT/OT cybersecurity is the protection of Operational Technology (OT) used for process control. In the Purdue Model this relates to the protection of industrial operations at Levels 0-3, but in practice relates primarily to the process control level, the local control room and DMZ.

Cybersecurity investment tracks with industrial transformation

The sector is going through a period of significant change. Industrial Operators are transforming security operations in response to the increasing connectivity and automation of industrial operations, and the associated risk of exposing previously air-gapped systems to the internet. This has resulted in asset owners allocating a higher percentage of cybersecurity expenditure on the protection of OT, growing from 17% of total industrial cybersecurity expenditure in 2019, to 22% by 2027.

Investment drivers include the increasing digitalisation of operations, the current threat landscape, and changing regulatory conditions.

Digital Transformation is a strong driver of cybersecurity investment. High technology industries, including semiconductor manufacturing and some automotive operations, are characterised by high levels of automation and advanced cybersecurity programs. Other industries are modernising, and as the adoption of digital twins, edge computing and AR/VR becomes more widespread, cybersecurity investment will increase. 5G and the Industrial Internet of Things (IIoT) will have a significant impact on industrial operations by the end of the decade, greatly increasing connectivity and the interdependencies between industries and supply chains.

Threat & Vulnerabilities. There is a significant amount of intelligence that points to a high and persistent threat to critical infrastructure and global manufacturing operations. Researchers identified new threat groups in 2021 whilst asset owners' perception of the threat increased as ransomware attacks escalated. The number of known vulnerabilities has also grown significantly in recent years with more than twice as many published in 2021 than 2020. Increasing knowledge of the threat, and a better understanding of the risk, has resulted in greater investment in cybersecurity. Nevertheless, many security programs are still at the early stages of implementation and as threats evolve, asset owners will need to adapt.

Recent Security Incidents have raised awareness amongst executives of the consequences of an attack on operations and business performance. Colonial Pipeline (Oil & Gas) and JBS (Food & Beverage) resulted in financial loss, operational disruption including to both supply chains and customers, and reputational damage. Headline hitting security incidents often lead to peers reviewing their own risk strategy, leading to investment in cybersecurity programs. A reduction in security incidents is not expected in the near term and the resulting headlines will encourage executives to continue to modernise.

Regulation is strengthening internationally, nationally and in vertical markets. The EU NIS2 Directive expands the coverage of the existing regulation and aims to increase regulatory powers to drive compliance. There is also a trend towards the tightening of National Laws, for example the German IT Security Act 2.0, mandating the use of technologies and services to protect national infrastructure and other critical industries. Finally, vertical market specific regulations and standards will influence cybersecurity programs. For example, UNECE WP.29 forms part of a process to improve automotive resilience which requires each OEM to implement a Cybersecurity Management System to be operational by mid-2022. This will be rolled out to Tier 1,2 and 3 vendors who will need to show compliance at later dates. The result of UNECE WP.29 will be an end-to-end approach to security, ensuring that risk is understood, controls are implemented, and threats actively monitored across the automotive supply chain. Westlands Advisory expects greater use of threat detection, improved implementation of OT best practices and a greater focus on Software Bill of Materials (SBOM).

Security destination might be known but getting there is not easy

Despite growing investment, cybersecurity maturity is still low when measured against the most often implemented standards.

The NIST Cyber Security Framework (CSF) is the most widely quoted standard followed by IEC 62443 and CIS Controls. NIST CSF maps key security requirements to five functions; Identify, Protect, Detect, Respond, Recover. This requires asset operators to move from an over-reliance on protective technologies to adopting a cybersecurity strategy based on operational resilience. This in effect requires organisations to identity and manage assets, segment networks, and to be able to detect and respond to threats quickly to minimise the impact of a cybersecurity incident.

However, it is not always possible for risk leaders to secure the funding. Boards still view cybersecurity as a cost rather than an enabler of change and therefore many security programs will evolve over several budget cycles. Westlands Advisory interviews with operators and service providers discovered that many asset owners are managing a variety of firewall brands, using different policies and configurations, and that the immediate priority is to establish common policies and network segmentation. Whilst the early adopters have implemented asset management and threat detection processes, most asset owners are somewhere between the start of their security program and midway through updating and implementing basic security controls to achieve a strong and consistent baseline across their infrastructure.

Organisational structures and priorities in large, diversified operations also act as a barrier. The OT engineer's priority of safety, reliability and availability of operational systems does not always align well with cybersecurity policies and processes, requiring common Governance, Risk and Compliance policy across the business. In large, complex organisations, alignment takes time.

An era of investment, technology innovation and partnerships

Although investment and implementation challenges can be significant barriers to change, the IT/OT cybersecurity industry is currently going through a period of heightened private investment, innovation and ecosystem development. Notable themes include;

An increase in the number of vendors providing IT/OT Security Platforms with an expanding range of technology use-cases and integrations.

Managed Service provider investment in OT Security Operations Centres to compliment IT SOC/NOCs, delivering OT network visibility, monitoring and threat detection with incident response support.

The development of OT Security Innovation Centres by service providers, with digital twins and simulations to test new products, systems and services.

High investment in Risk Management and Scoring, providing end-users with the tools to quantify and prioritise operational risk.

Increasing levels of Security Automation and Orchestration related to compliance, zero trust, Software Bill of Materials (SBOM) and security operations.

The future direction is clear but the path uncertain

Investment in cybersecurity will increase across the NIST CSF's Identify, Protect, Detect, Respond & Recover categories. Westlands Advisory expects that by 2027 the majority of industrial operators will have moved from a protective only security posture to proactively identifying security threats. There will be greater integration between IT security operations and OT, with specialist teams working collaboratively across either the on-prem or remotely managed Security Operations Centre. There will also be a step change in supply chain resilience, with more mature security approaches to third party access of machines. All of this is known.

What we don't yet know is how the course might change over the next 5 years due to either known or unknown events. COVID-19 highlighted that a single event can have a significant impact on global systems, resulting in changes to cybersecurity policy, strategy and investment. COVID-19 accelerated the remote access trend, bringing forward expenditure on zero trust technologies that resulted in a range of new products. In the next 5 years it remains uncertain how other events may impact OT cybersecurity investment. Some of these include;