Strategy Shift: Security by Design

Tuesday, September 22, 2015 @ 02:09 PM gHale

Back in the day, traditional manufacturing systems did not go through a rigorous security design process, but the proliferation of networks and devices, disparate communication channels, and the use of off-the-shelf software brought security front and center.

Safety and security concerns associated with the high levels of connectivity and integration are surfacing as the concept of the Internet of Things (IoT) takes shape in the industrial networks and manufacturing plant floors.

DDoS Attacks: Small, but Repeated
DDoS Attack as a Diversion
Mobile Malware Growing on Windows devices
Report: Cyber Attacks On U.S. ‘Advanced, Persistent’

Whether it is an inside attack or one from the outside, the frequency of sophisticated and targeted advanced persistent threats has given further weight to the safety argument in the process and discrete industries.

That all adds up to the global cyber security market for control systems growing at a rate between 20 to 25 percent every year till 2021, according to a report from Frost & Sullivan, “The Safety-Security Argument: Expanding Needs in a Connected Enterprise.”

North America and Europe will remain at the forefront of creating awareness and initiating technology advancements that address attacks from advanced persistent threats.

“Enterprises currently employ a broad, layered approach toward protecting cyber assets while industry organizations work on establishing suitable standards,” said Frost & Sullivan Industrial Automation and Process Control Senior Research Analyst Sonia Francisco. “Partnerships among government, industry and research institutes will be vital in forming robust, industry-based standards that will speed up the development of comprehensive security management solutions.”

As the IoT concept transforms plant architecture, defense-by-default security strategies will give way to defense-by-design solutions. In-built security solutions that can sense, adapt, modify and respond to threats based on various ecosystem parameters will gain traction.

Creating industry- and application-specific solutions will also be crucial as information technology (IT) solutions continue to stream into the operational technology (OT) space, according to the report. Solution providers in the IT and the OT ecosystems must join hands to deploy end-to-end cyber security solutions for industrial systems.

“Such extensive integration will require a new age workforce with both IT and OT expertise,” Francisco said. “Cyber security service providers can provide training and change management solutions that will bridge the knowledge gap.”

As a majority of industries upgrade to smart systems and processes, industrial cyber security will soon make the inevitable shift from a reactive operating model to a proactive design philosophy, the report said.