Cyber Security Cyber Security –– The Road AheadThe Road Ahead

Shaping the Paradigm of the NextShaping the Paradigm of the Next--generation Enterprisegeneration Enterprise

Karthik Sundaram, Senior Research Analyst

Industrial Automation & Process Control- Europe

16-05-201216-05-2012

© 2012 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of

Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.

Today’s Presenter

Place photo hereShadow Background

for effect

Functional Expertise

� Strategic Market Research expertise in the domain of Industrial Automation and Process Control.

� Technical expertise in the field of Industrial Automation & Process Control. Particular expertise in:

- Engineering, Design and Commissioning and of Safety Systems (Invensys Triconex)

Industry Expertise

� More than a year of intensive research expertise in the markets of distributed control systems (DCS), programmable logic controllers(PLC), human machine interface (HMI), supervisory control and data acquisition (SCADA) and product lifecycle management (PLM).

What I bring to the Team

� Intensive experience and domain expertise in the Automation Industry

� Exposure to major Industry standards and architecture

� Global experience with leading corporates in Singapore & Qatar

2

Karthik SundaramSenior Research Analyst

Frost & SullivanEuropeChennai, India

Career Highlights

� Extensive expertise in safety systems for Oil & Gas and Refinery projects.

� Worked in major projects for Invensys, India with global clients in the field of Engineering, EPC and Process Industries. This includes

- Qatar Gas

- Fluor, USA

- CTJV, Qatar

- Emerson Process Management, Singapore

- Tecnicas Reunidas, Spain

Education

� Bachelor of Engineering from Anna University, Chennai, India.

Contents

Threats to Cyber Security – An Overview

Cyber Threats- A Cause Analysis

The Stuxnet and its Legacy

Cyber Attacks – A Historical Perspective

3

Cyber Threats- A Cause Analysis

Visualising the Factory of Future

Discerning Challenges in the Industrial World

Cyber Security in Future of Factories

Key Takeaway for IA Vendors

Threats to Cyber Security – An Overview

Defining Cyber Attacks

Cyber

Attacks

Political

MonetaryCompetitive

Cyber Attacks are strategic crimes aimed at

disrupting industrial activity for benefits spread

across monetary, competitive and political factors.

Nature of Cyber Attacks

Primary Motive of Cyber Attacks:

Hijacking industrial Automation and Control

System (ACS) for economic and political gains.

4

Emergence of Cyber Threats

� The world of industrial automation has grown significantly

over the past two decades. The advent of advanced

automation and control system products such as DCS, PLC,

SCADA and HMI – with high-end network capabilities

– have enabled end-users reduce downtime and improve

productivity, considerably.

� However, industries with elaborate and sophisticated

network layers do not possess a robust security framework

that can deal with possible intrusions and ensure process

safety and integrity.

An Industrial

Automation

Vendor

“The alarming growth of cyber threats

can be attributed to two key factors-

usage of legacy systems and end-user

reluctance in acknowledging the need

for greater security investments.”

Source: Frost & Sullivan Analysis.

Cyber Attacks – A Historical Perspective

Stuxnet Attack in Iranian Nuclear

Plant

Duqu Attacks in Iranian Nuclear

Facility

January 2008, Poland

December 2010, Iran

November 2011, Iran

The number of cyber attacks on

industries and commercial IT

networks has seen a marked increase

in terms of both frequency and

intensity over the last five years.

5

Maroochy Shire Sewage Spill in

Australia

Cyber Attack on Davis-Besse Power

Station of First Energy

Public Tram System Hacked

Remotely

Plant

March 2000, Australia

January 2003, The United States

The Stuxnet attack in Iran was

pivotal in capturing the attention of

industries towards cyber security.

In April 2009, the Wall Street

Journal reported the perpetration

of cyber attacks on electrical grids

in the United States.

Source: Frost & Sullivan Analysis.

The Stuxnet story is still subject to

popular debate but its impact on

industrial cyber security is

unmatched in history. In future,

industrial history is likely to be

divided into the pre-Stuxnet and

post-Stuxnet eras.

The Stuxnet and its Legacy

The Stuxnet Story: Series of Key Events

6

Source: The Economist & Frost & Sullivan Analysis.

post-Stuxnet eras.

Off-springs of Stuxnet

�Night Dragon – extracting information from energy companies, compromising intellectual property

�Duqu, Nitro – Malwares that specialise in Industrial Espionage

Cyber Threats- A Cause Analysis

Rise of Cyber Threats – Mapping the Causes� End-user ignorance about risk of cyber

threats

� Lack of measurable ROI from cyber

investments

� Collaborative trends between inter-enterprise

disciplines increases vulnerability

Primary

Causes

End-user

Awareness

Collaborative

TrendsIT know-how

in industries

7

A Leading IT

Vendor

“There is too much segregation between

IA networks and IT networks from a

supervision point of view and therefore

IA is vulnerable to Cyber Attacks.”

Source: Frost & Sullivan Analysis.

� Lack of strategic IT know-how of operating

personnel

� Knowledge gap in Industrial IT attributed to

rise in cyber attacks

disciplines increases vulnerability

� Network loopholes in legacy system

architecture improves chances of cyber

attacks

Trendsin industries

Discerning Challenges in the Industrial World

Impact on Internet Protocol Devices

• Risk of Cyber Security to impact growth

and adoption of IP-based field devices by

the end-user community

• Increased threat on account of IP

standard’s high prevalence in the higher

layers of enterprise architecture

Challenge for IA Vendors

Cyber Threats Impede Enterprise

Integration

• Integration of multiple enterprise

disciplines will increase organizational

productivity and enhance efficiency

• But greater integration increases

probability for cyber attacks

Influence on Wireless Technology

8

The biggest benefactor from cyber threats are commercial IT vendors and niche security solution The biggest benefactor from cyber threats are commercial IT vendors and niche security solution

providers , who are expected to have a greater role in the future of factories and industries.

Challenge for IA Vendors

• Entry of commercial IT vendors through the

channel of cyber security will influence

market dynamics of Industrial Automation

(IA)

• Greater competition for IA vendors

anticipated in the coming years

Source: Frost & Sullivan Analysis.

Influence on Wireless Technology

• Questions on safety and integrity of

wireless technology will be exacerbated by

concerns of cyber security

• Cyber security will be a decisive factor in

growth of wireless technology in future

enterprises

Visualizing the Factory of Future

Vision for the Future of Factories: Mapping Technology Drivers and Demand Drivers

Factory

of the Future

Growth in Developing

EconomiesPower, Infrastructure etc.

Mass CustomisationFlexible Manufacturing

SustainabilityResource & Environment

Wireless IntelligenceWLAN, Wifi, Wireless HART

Smart CloudsEffective Data Storage

& Information Mgmt.

9M3C6-17

of the Future Flexible Manufacturing

Cyber Security

Securing plant floor

from cyber attacks

Technology drivers Demand drivers

WLAN, Wifi, Wireless HART

RoboticsNew human-robot interactive

cooperation Enterprise IntegrationIntegrating Enterprise with

shop-floor

Cyber Security will be the sine qua

non of the next-generation enterprise Source: Frost & Sullivan Analysis.

Cyber Security in Factory of Future

The Paradigm of Cyber Security in the Next-Generation Enterprise

Industrial

Management

Policy

Multi-level Exclusive

Developing an exclusive

Industrial workforce

The Adoption of the

ISA-99 Industrial

Defense in Depth

Strategy

Flexible management policy towards

Cyber Security as an exclusive strategic

discipline for regulatory compliance

10

Industrial

Cyber

Security

Multi-level

Network

Protection

Pro-active Threat

Assessment

Exclusive

Industrial Cyber

Workforce

Industrial workforce

that caters to industrial

network security in

future factories

ISA-99 Industrial

Automation & Control

Systems Security

(IACS) approach

Demilitarized

Zones (DMZs)

Cellular

Design

Continuous risk assessment of cyber

threats with third party organizations

for regular updates

The post-Stuxnet era will see the dawn of greater

industrial cyber regulations and standards.Source: Frost & Sullivan Analysis.

Key Takeaway for IA Vendors

The current ACS product portfolio needs to be re-designed

to meet the needs of the next-generation enterprise.

The on-set of regulations and security standards is likely to

improve end-user investments in implementing robust

security mechanisms

11

Emphasis on cyber security will provide new avenues for

commercial IT vendors to improve their market presence in

the industrial landscape.

A new league of partnerships between IA vendors and

commercial IT vendors will become the order of the day in

future factories.

Source: Frost & Sullivan Analysis.

Next Steps

Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or

join our GIL Global Community

12

Join our GIL Community NewsletterKeep abreast of innovative growth opportunities

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

What would you like to see from Frost & Sullivan?

13

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by “Rating” this presentation.

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/FrostandSullivan

http://www.linkedin.com/companies/4506

14

http://twitter.com/frost_sullivan

http://www.linkedin.com/companies/4506

http://www.slideshare.net/FrostandSullivan

For Additional Information

Karthik Sundaram

Senior Research Analyst,

Industrial Automation & Process Control -

Europe

+91 44 6681 4179

karthiks@frost.com

Anna Zanchi

Marketing & Communications Executive,

Industrial Automation & Process Control -

Europe

+39.02.4651 4819

anna.zanchi@frost.com

15

Muthukumar Viswanathan

Practice Director,

Industrial Automation & Process Control -

Europe

+44 20 7915 7804

muthukumar@frost.com

Sivakumar Narayanswamy

Program Manager,

Industrial Automation & Process Control -

Europe

+91 44 6681 4186

sivakumarn@frost.com