cyber security in critical national infrastructure
TRANSCRIPT
Cyber Security in Critical National Infrastructure
Top 10 Cyber Trends Affecting the CNI Sector
Anthony Leather, Senior Consultant
Aerospace, Defense and Security
20 August 2014
© 2014 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.
2
Today’s Presenter
Anthony leads the security team in the Aerospace, Defence and Security practice at Frost and Sullivan. He has provided consulting support, thought leadership and strategic direction to a range of global security and defence companies. His core focus has been on safe cities and critical infrastructure protection markets including evolving threats and new technologies.
In his spare time Anthony enjoys travelling the world and following global sporting events.
Anthony Leather, Senior Consultant
Frost & Sullivan
Follow me on: (Connect with social media)
https://www.linkedin.com/pub/anthony-leather/28/a36/ba4
3
Key Talking Points
Threat Growth Regulation
CollaborationBarriersCompetitive environment
Future Trends
Cyber will be the number one threat of the next 20 years. Governments and industry
must engage with the cyber threat in a more strategic and meaningful way.
Source: Frost & Sullivan
4
1 Threat Evolution
• Cyber Crime Costs the global economy $445 Billion Every Year• 93% of emails sent to BP are SPAM or malicious• 1.2 billion user names and passwords stolen by suspected Russian hackers
IMP
AC
T
Time
APT’s
Targeted Attacks
Dynamic Trojans
Stealth Bots
2000 2005 2010 2015
Worms /
Viruses
Worms / Worms /
Viruses /
Spyware/
APT
• Financial• Information Theft
THE
UNKNOWN• Financial• Information Theft• Business Disruption• Reputation
Source: Frost & Sullivan
5
2 Accelerated Adoption of Cyber Solutions
• Europe and North America to drive growth through large government programs and growing private sector investment
• Middle East and Latin America to provide further opportunities
Value
Market Growth
Low
Low High
LATAM
Europe
High Attractiveness
LowAttractiveness
MediumAttractivenessHigh
APAC
NorthAmerica
MEA
RegionRevenues2012-2020
CAGR
North America
$ 506.00B 17.4%
APAC $ 159.00B 8.0%
Europe $ 243.00B 9.9%
MEA $ 40.00B 10.7%
Latin America
$ 51.00B 16.7%
Source: Frost & Sullivan
6
3 Regulation: Laissez faire to Global Standards?
• Technology evolving too quickly for legislation• Unregulated to clearer national frameworks – US, UK and France lead the way• Global customs?
• Lack of Transparency• Disagreement • Event driven• Developed vs. Emerging Countries
Could Cyber be the next major international charter?• Customary International Law –
Global Norms
Segment Level Country Level Global Level
Source: Frost & Sullivan
7
4 Collaboration: A Borderless Problem
• Threats are viral in nature• Ongoing collaboration at the political and government levels between states is critical• Collaboration will build from the bottom up
Industry opportunity to supply solutions across the value chainIndustry opportunity to supply solutions across the value chain
SITE LEVEL: Opportunities at
a site level, working with
operators and multiple
vendors to secure network
and facilities, including
industry CERTs
SITE LEVEL: Opportunities at
a site level, working with
operators and multiple
vendors to secure network
and facilities, including
industry CERTs
COUNTRY LEVEL:
Influencing at a country
level – CERT’s,
partnerships, policy,
government programs.
COUNTRY LEVEL:
Influencing at a country
level – CERT’s,
partnerships, policy,
government programs.
GLOBAL ENGAGEMENT:
government levels –
industry’s role to advise /
build global partnerships
and presence in regions.
GLOBAL ENGAGEMENT:
government levels –
industry’s role to advise /
build global partnerships
and presence in regions.
Source: Frost & Sullivan
8
5 IT Empowerment at Board Level
• Greater board awareness• CISO recruitment drive – to be made at board level• Strong messages – Calls for 7/10 target board to be removed
Target Share Price January 2014 – June 2014
Ebay Share Price January 2014 – June 2014
• Business over Technical dialogue –speaking the boardroom language.
IMPACTRiskCost
Threat
• Financial implications still the driving force in the boardroom
• Education and understanding still required for many executives.
Source: Frost & Sullivan; Bloomberg
9
6 Protection: Technology vs. Insurance
• Growing industry partnerships with insurance providers• Fastest growing insurance service line: estimates of $1.3 billion in US and $100 million in
the EU last year• Policy difficulties and lack of insurance pay outs
1. Key companies include: AIG, Marsh, Allianz
2. False sense of security
3. Growth of market and risk will increase insurance premium
1. Greater protection from threats2. Insurance driving implementation of
technology solutions to comply with policy requirement
Source: Frost & Sullivan
10
7 Market Players: Strategic Shifts for Competitive Advantage
• Cyber security is the most active security segment for Mergers, Acquisitions and Partnerships
• Venture Capitalists investing in the market
Defense and Security Primes
Information Technology
EPC Contractors / Automation Vendors
Cyber Security
Specialists
Key Mergers and Acquisitions:
• Lockheed Martin / Industrial
Defender
• Fireeye acquires Mandiant
• Thales buying Alcatel Lucent
network security unit
• Schneider Electric and Thales
partnership
• General Electric acquires
Wurldtech
Global expansion:
• Focus on Israel
• MoU between CyberSecurity
Malaysia and CERT Australia
Global Expansion
Market Presence
Technology Capability
Strategy Change
Source: Frost & Sullivan
11
8 Follow the Financial Services
• Financial services has been quicker to adopt more advanced security solutions than other CNI sectors
• Greatest attacks still aimed at Oil & Gas / Energy and Utilities sectors
Government
Financial
Oil & Gas
Energy and Power
Mass Transport
Information loss, financial impact and regulatory compliance
Growing threats of business disruption, health and damage to critical infrastructure
Source: Frost & Sullivan
12
Components Equipment Site Operator Corporate
9 Security in the Supply Chain
• Weaknesses in the CNI supply chain allow threats and entry point access to CNI infrastructure
• Focus point for CNI stakeholders moving forward
Threats focussing on suppliers of component and equipment pose a range of challenges:
• Loss of corporate / sensitive information• Access performance /design data• Potential manipulation of equipment / controls
Grading the requirement on the quality must now include a cyber component
Where does the responsibility lie the manufacturer or the end user?
Source: Frost & Sullivan
13
Detection
Prevention
Protection
Pre-emption
Security Analytics
10 Network Awareness: What is on them, Where are the weaknesses?
• Cyber hygiene – constant, real time monitoring of data and networks for both external and internal threats is critical
Cyber / Physical Threat
Security of the Cloud
The Internet of Things
Consumerisation of IT
Source: Frost & Sullivan
14
Next Steps…. Cyber in the Supply Chain
United Kingdom United States India Middle East*
Frost & Sullivan intends to run an assessment of cyber security provision in the supply chain of critical national infrastructures:
Mass Transport, Banking & Finance, Oil & Gas, Energy & Power Plants and Water
*Middle East includes: Qatar, Kuwait, UAE, Saudi Arabia
Key objectives:
• Establish the current level of cyber security provision, needs and requirements across Critical National Infrastructure segments
• Map perceived threats
• Evaluate cyber security adoption in the supply chain and the future intent to invest
• Analyse Government policy, market drivers, barriers to entry, competitors and expenditure forecast by country
15
Next Steps
Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or
join our GIL Global Community
Join our GIL Community NewsletterKeep abreast of innovative growth opportunities
16
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by “Rating” this presentation.
What would you like to see from Frost & Sullivan?
17
https://twitter.com/FrostADS
Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter (ADS)
http://www.facebook.com/FrostandSullivan
https://www.linkedin.com/groups/Frost-Sullivans-Aerospace-Defence-Security-4185579?trk=my_groups-b-grp-v
http://www.slideshare.net/FrostandSullivan/tag/aerospace
18
For Additional Information
Edyta Grabowska
Corporate Communications
Aerospace, Defence & Security
(+48) 22 48 16 203
Anthony Leather
Senior Consultant
Aerospace, Defence & Security
(+44) 207 3438334
Steven Webb
Vice President
Aerospace, Defence & Security
(+44) 207 9157842
Andrew Thorndyke
Sales Manager
Aerospace, Defence & Security
(+44) 1865 398645