ICS security vendors roll out products to protect APAC infrastructure

By Digital News Asia May 30, 2017

So far, industrial system integrators have not shown keenness to secure OT systems
System integrators, managed security services need to address IT and OT security requirements

ICS security vendors roll out products to protect APAC infrastructure

THE digital transformation sweeping across industries has significant implications for a range of allied markets, including industrial control systems (ICS) security.

The risk of increased attacks on ICS in a very complex Internet of Things (IoT) ecosystem has compelled owners of critical infrastructure to tighten the security for operational technology (OT).

ICS security vendors are aware that security spending is still skewed towards IT and sees the need to roll out more functional offerings to encourage spending on OT.

“The adoption of security is still a bolt-on concept for legacy industrial infrastructure, while new plants are being encouraged to adopt a ‘security-by-design’ approach,” said Frost & Sullivan Cyber Security Practice Industry principal Charles Lim.

“ICS security vendors are therefore making rapid strides in product development to roll out solutions that are less intrusive as well as easier to set up and operate, even by personnel with almost no ICS security experience. Some solutions also employ machine-learning algorithms to detect abnormal traffic behaviours in repeatable processes, such as those in manufacturing assembly lines."

Asia-Pacific Industrial Control Systems Security Market, Forecast to 2020, part of Frost & Sullivan’s Cyber Security Growth Partnership Subscription, finds that the US$380.4 million market is expected to reach US$1.627 billion by 2020, at an estimated compound annual growth rate of 47.2%.

The rising number of security breaches in Asia-Pacific, wherein hackers exploit IoT devices for distributed denial-of-service attacks, has placed the spotlight on smart meters.

Countries in the region are working on several Smart Nation initiatives, including the digitisation of analogue meters for electricity, water and piped gas.

ICS security vendors have the opportunity to work closely with smart meter manufacturers to embed security features such as protocol whitelisting.

So far, industrial system integrators have not shown keenness to secure OT systems, preferring instead to focus on the availability of OT network infrastructures.

Furthermore, the lack of mandatory risk assessments, regarding OT and unclear delineation of responsibilities between IT and OT stakeholders, holds the market back to a large extent.

“Acknowledging the need for a course correction, critical infrastructure authorities are demanding risk assessments for critical infrastructures to cover both the IT and OT areas of their business. Requests For Information (RFI) regarding security operation centres for energy plants also indicate that authorities are working towards adopting a holistic approach to cyber security,” noted Lim.

“It is expected that more government authorities will launch guidelines on ICS security and enforce them in critical infrastructure in Asia.”

Overall, system integrators and managed security services need to address both IT and OT security requirements with a complete offering in order to stay afloat.