Cyber Security The Road Ahead

Shaping the Paradigm of the Next-generation Enterprise Next-

Karthik Sundaram, Senior Research Analyst Industrial Automation & Process Control- Europe 16-05-2012

2012 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.

Todays Presenter
Functional Expertise
Strategic Market Research expertise in the domain of Industrial Automation and Process Control. Technical expertise in the field of Industrial Automation & Process Control. Particular expertise in: Engineering, Design and Commissioning and of Safety Systems (Invensys Triconex)

Place photo here Shadow Background for effect

Industry Expertise
More than a year of intensive research expertise in the markets of distributed control systems (DCS), programmable logic controllers(PLC), human machine interface (HMI), supervisory control and data acquisition (SCADA) and product lifecycle management (PLM).

What I bring to the Team

Intensive experience and domain expertise in the Automation Industry Exposure to major Industry standards and architecture Global experience with leading corporates in Singapore & Qatar

Karthik Sundaram
Senior Research Analyst Frost & Sullivan Europe Chennai, India

Career Highlights
Extensive expertise in safety systems for Oil & Gas and Refinery projects. Worked in major projects for Invensys, India with global clients in the field of Engineering, EPC and Process Industries. This includes Qatar Gas Fluor, USA CTJV, Qatar Emerson Process Management, Singapore Tecnicas Reunidas, Spain

Education
Bachelor of Engineering from Anna University, Chennai, India.

Contents
Threats to Cyber Security An Overview

Cyber Attacks A Historical Perspective

The Stuxnet and its Legacy

Cyber Threats- A Cause Analysis

Discerning Challenges in the Industrial World

Visualising the Factory of Future

Cyber Security in Future of Factories Key Takeaway for IA Vendors

Threats to Cyber Security An Overview

Defining Cyber Attacks Cyber Attacks are strategic crimes aimed at disrupting industrial activity for benefits spread across monetary, competitive and political factors. Primary Motive of Cyber Attacks: Hijacking industrial Automation and Control System (ACS) for economic and political gains. Emergence of Cyber Threats
The world of industrial automation has grown significantly over the past two decades. The advent of advanced automation and control system products such as DCS, PLC, SCADA and HMI with high-end network capabilities have enabled end-users reduce downtime and improve productivity, considerably. However, industries with elaborate and sophisticated network layers do not possess a robust security framework that can deal with possible intrusions and ensure process safety and integrity. The alarming growth of cyber threats can be attributed to two key factorsusage of legacy systems and end-user reluctance in acknowledging the need for greater security investments. An Industrial Automation Vendor

Nature of Cyber Attacks

Political

Cyber Attacks
Competitive Monetary

Source: Frost & Sullivan Analysis.

Cyber Attacks A Historical Perspective

The number of cyber attacks on industries and commercial IT networks has seen a marked increase in terms of both frequency and intensity over the last five years.
December 2010, Iran

November 2011, Iran

Duqu Attacks in Iranian Nuclear Facility Nuclear

January 2008, Poland

Stuxnet Attack in Iranian Plant

Public Tram System Hacked Remotely

January 2003, The United States

Cyber Attack on Davis-Besse Power Station of First Energy

March 2000, Australia

In April 2009, the Wall Street Journal reported the perpetration of cyber attacks on electrical grids in the United States. The Stuxnet attack in Iran was pivotal in capturing the attention of industries towards cyber security.
Source: Frost & Sullivan Analysis.

Maroochy Shire Sewage Spill in Australia

The Stuxnet and its Legacy

The Stuxnet Story: Series of Key Events

The Stuxnet story is still subject to popular debate but its impact on industrial cyber security is unmatched in history. In future, industrial history is likely to be divided into the pre-Stuxnet and post-Stuxnet eras.

Off-springs of Stuxnet
Night Dragon extracting information from energy companies, compromising intellectual property Duqu, Nitro Malwares that specialise in Industrial Espionage

Source: The Economist & Frost & Sullivan Analysis.

Cyber Threats- A Cause Analysis

Rise of Cyber Threats Mapping the Causes End-user Awareness
End-user ignorance about risk of cyber threats Lack of measurable ROI from cyber investments

Primary Causes
IT know-how in industries Collaborative Trends
Collaborative trends between inter-enterprise disciplines increases vulnerability Network loopholes in legacy system architecture improves chances of cyber attacks Lack of strategic IT know-how of operating personnel Knowledge gap in Industrial IT attributed to rise in cyber attacks

There is too much segregation between IA networks and IT networks from a supervision point of view and therefore IA is vulnerable to Cyber Attacks.

A Leading IT Vendor

Source: Frost & Sullivan Analysis.

Discerning Challenges in the Industrial World

Cyber Threats Impede Enterprise Integration
Integration of multiple enterprise disciplines will increase organizational productivity and enhance efficiency But greater integration increases probability for cyber attacks

Impact on Internet Protocol Devices

Risk of Cyber Security to impact growth and adoption of IP-based field devices by the end-user community Increased threat on account of IP standards high prevalence in the higher layers of enterprise architecture

Influence on Wireless Technology

Questions on safety and integrity of wireless technology will be exacerbated by concerns of cyber security Cyber security will be a decisive factor in growth of wireless technology in future enterprises

Challenge for IA Vendors

Entry of commercial IT vendors through the channel of cyber security will influence market dynamics of Industrial Automation (IA) Greater competition for IA vendors anticipated in the coming years

The biggest benefactor from cyber threats are commercial IT vendors and niche security solution providers , who are expected to have a greater role in the future of factories and industries.
Source: Frost & Sullivan Analysis.
8

Visualizing the Factory of Future

Vision for the Future of Factories: Mapping Technology Drivers and Demand Drivers
Sustainability Smart Clouds
Effective Data Storage & Information Mgmt. Resource & Environment

Growth in Developing Economies

Power, Infrastructure etc.

Wireless Intelligence
WLAN, Wifi, Wireless HART

Factory of the Future

Mass Customisation
Flexible Manufacturing

Robotics
New human-robot interactive cooperation

Enterprise Integration
Integrating Enterprise with shop-floor

Cyber Security Securing plant floor from cyber attacks

Technology drivers

Demand drivers

Cyber Security will be the sine qua non of the next-generation enterprise
M3C6-17

Source: Frost & Sullivan Analysis.

9

Cyber Security in Factory of Future

The Paradigm of Cyber Security in the Next-Generation Enterprise
Flexible management policy towards Cyber Security as an exclusive strategic discipline for regulatory compliance Management Policy Developing an exclusive Industrial workforce that caters to industrial network security in future factories Exclusive Industrial Cyber Workforce Defense in Depth Strategy The Adoption of the ISA-99 Industrial Automation & Control Systems Security (IACS) approach Demilitarized Zones (DMZs) Cellular Design

Industrial Cyber Security

Pro-active Threat Assessment

Multi-level Network Protection

Continuous risk assessment of cyber threats with third party organizations for regular updates

The post-Stuxnet era will see the dawn of greater industrial cyber regulations and standards.

Source: Frost & Sullivan Analysis.

10

Key Takeaway for IA Vendors

The current ACS product portfolio needs to be re-designed to meet the needs of the next-generation enterprise.

The on-set of regulations and security standards is likely to improve end-user investments in implementing robust security mechanisms

Emphasis on cyber security will provide new avenues for commercial IT vendors to improve their market presence in the industrial landscape.

A new league of partnerships between IA vendors and commercial IT vendors will become the order of the day in future factories.

Source: Frost & Sullivan Analysis.

11

Next Steps

Develop Your Visionary and Innovative Skills Growth Partnership Service

Share your growth thought leadership and ideas or join our GIL Global Community

Join our GIL Community Newsletter Keep abreast of innovative growth opportunities

12

Your Feedback is Important to Us

What would you like to see from Frost & Sullivan? Growth Forecasts? Competitive Structure? Emerging Trends? Strategic Recommendations? Other? Please inform us by Rating this presentation.
13

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/FrostandSullivan

http://www.linkedin.com/companies/4506

http://www.slideshare.net/FrostandSullivan

http://twitter.com/frost_sullivan

14

For Additional Information

Anna Zanchi Marketing & Communications Executive, Industrial Automation & Process Control Europe +39.02.4651 4819 anna.zanchi@frost.com

Karthik Sundaram Senior Research Analyst, Industrial Automation & Process Control Europe +91 44 6681 4179 karthiks@frost.com

Sivakumar Narayanswamy Program Manager, Industrial Automation & Process Control Europe +91 44 6681 4186 sivakumarn@frost.com

Muthukumar Viswanathan Practice Director, Industrial Automation & Process Control Europe +44 20 7915 7804 muthukumar@frost.com

15