Image for post
Image for post
Source

Advances in the market

Historically, Information Technology (IT), which is the application of computers to process and data, hasn’t overlapped with OT and has been managed separately as siloes. However, the disconnect between these technologies has generated unreliable outputs. OT and IT has increasingly converged in the last few years to enhance performance, reduce costs and enable automation across a wide range of fields. With this, many organizations have achieved more efficient monitoring of critical processes and improved ability to leverage sensor-enabled data through the Industrial Internet of Things (IIoT).

So what’s the problem?

The need for OT enterprise security and ICS systems is of utmost importance, as it protects the safety of operations for a wide range of fields, from transportation infrastructure to industrials and utilities. Since OT is deployed within critical infrastructure that deliver a wide range of services that people use on a day-to-day basis, compromising these systems puts the lives of countless people in danger.

Threat actors in cyber warfare, industrial espionage and terrorism are becoming more sophisticated with their attacks, hence are more likely to succeed at organizations without appropriate security defenses. In recent years, another source of cybersecurity risk has been associated to the added exposure of infrastructure to business partners, hence granting privileged access to appropriate parties is crucial for security purposes and data protection.

Has anything bad happened?

Image for post
Image for post
Source

Furthermore, CyberX reported that ICS continue to have outdated systems with old cybersecurity protection in place. 57% of them have weak anti-virus protection and 69% of ICS has security gaps. Additionally, 20% of vulnerable ICS devices have vulnerabilities considered to be “critical” (Kaspersky Labs). Attacks here can cause major damage — an example is the 2015 Ukraine Power Grid hack, where the blackout affected 200,000+ people.

What have regulators done so far?

Compliance has become an increasing concern for organizations looking to better manage their OT systems. Several regulations that are making the most impact include EU’s GDPR. International Society Standards (ISA) and the Federal information security management act (FISMA). Some important standards to know are:

  • The 62443 series of standards for securing industrial systems. These provide guidance and requirements for all participants and stakeholders in the life cycle of industrial automation and controls systems (IACS), including component and system suppliers, system integrators, asset owners and service providers. This life cycle begins with the development of single components, such as an embedded controller, or a group of components working together as a system or subsystem.
  • The new NERC CIP 013–1 standard by the North American Electric Reliability Corporation (NERC), which requires utilities to perform firmware vulnerability analysis to improve supply chain security with deep visibility and transparency into the authenticity and integrity of the software running on the grid. Mandatory elements of the plan focus on software integrity and authenticity, vendor remote access to BES cyber systems, information system planning and procurement, and vendor risk management and procurement controls. NERC is authorized to penalize Utilities up to $1 million per day per outstanding violation.

What are the solutions offered by startups?

  • Identify, Detect & Protect: solutions that provide security posture assessment, asset management, continuous vulnerability monitoring, threat detection, network segmentation and secure remote access
  • Respond & Recover: solutions that provide incidence-response, breach mitigation and recovery planning post-incident
  • Services: software and service solutions to help secure industrial assets against cybersecurity attacks as well as to respond to threats
Image for post
Image for post

There are different ways to ensure ICS systems are up to date and to protect OT from known and unknown vulnerabilities. Some approaches include preventing phishing attacks, protecting remote access connections, segmenting OT networks and keeping ICS devices safe. Overall, it is necessary to strengthen security strategy using a hybrid approach of both traditional cybersecurity solutions plus specialized OT security solutions.

Ending Thoughts

  • Continuous visibility and management of all assets, threats and vulnerabilities
  • Shared responsibility of the end-to-end cybersecurity of the organization
  • Global governance of all cybersecurity guidelines, policies, procedures and technologies used

The ICS and OT Cybersecurity market will increasingly catch more momentum as organizations are more aware of improving their cyber posture and regulators are growing more strict. This is due to the fact that disruptions in critical infrastructures can severely impact the stability, safety and security of whole nations. Several governments have established federal laws and policies (such as NERC, EPCIP, DIACAP) to develop new cybersecurity standards and are also incentivizing organizations with new insurance grants and tax incentives.

Incumbents in the space have also made developments in recent years. For instance, Cisco has a new comprehensive security architecture for Industrial IoT, including the Cisco Cyber Vision and Cisco Edge Intelligence offerings for advanced real-time threat detection and data governance. There’s also been some important acquisitions:

Image for post
Image for post

In the upcoming years, I foresee more consolidation in the space as incumbent cybersecurity vendors will look to acquire OT cybersecurity capabilities to bring IT vulnerability management and industrial cybersecurity together. At the same time, these giants will be looking to expand their customer footprint around digital transformation while helping other organizations understand and reduce cyber risks across the entire modern attack surface (both IT and OT infrastructure).

Moving forward, I believe every ICS deployment should include cybersecurity component to protect against security attacks. Protecting critical infrastructure starts with asset visibility — operators want complete visibility of assets connected to their networks and want to be alerted on anomalous traffic. Since this is becoming an increasingly competitive market, successful startups will be those that are able to clearly articulate their value proposition in relation to the corporate business objectives of their target customers.

In the last part of this four-article series, I’ll be covering the supply chain security startup landscape for IoT devices.

Disclaimer: This blog represents solely my own opinions, not my employer’s.

Investor at UL Ventures. LatinX. Salsa Dancer. VC Trends. A personal blog for the curious mind.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store