cyber security in critical national infrastructure

Cyber Security in Critical National Infrastructure

Top 10 Cyber Trends Affecting the CNI Sector

Anthony Leather, Senior Consultant

Aerospace, Defense and Security

20 August 2014

© 2014 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.

2

Today’s Presenter

Anthony leads the security team in the Aerospace, Defence and Security practice at Frost and Sullivan. He has provided consulting support, thought leadership and strategic direction to a range of global security and defence companies. His core focus has been on safe cities and critical infrastructure protection markets including evolving threats and new technologies.

In his spare time Anthony enjoys travelling the world and following global sporting events.

Anthony Leather, Senior Consultant

Frost & Sullivan

Follow me on: (Connect with social media)

https://www.linkedin.com/pub/anthony-leather/28/a36/ba4

3

Key Talking Points

Threat Growth Regulation

CollaborationBarriersCompetitive environment

Future Trends

Cyber will be the number one threat of the next 20 years. Governments and industry

must engage with the cyber threat in a more strategic and meaningful way.

Source: Frost & Sullivan

4

1 Threat Evolution

• Cyber Crime Costs the global economy $445 Billion Every Year• 93% of emails sent to BP are SPAM or malicious• 1.2 billion user names and passwords stolen by suspected Russian hackers

IMP

AC

T

Time

APT’s

Targeted Attacks

Dynamic Trojans

Stealth Bots

2000 2005 2010 2015

Worms /

Viruses

Worms / Worms /

Viruses /

Spyware/

APT

• Financial• Information Theft

THE

UNKNOWN• Financial• Information Theft• Business Disruption• Reputation


5

2 Accelerated Adoption of Cyber Solutions

• Europe and North America to drive growth through large government programs and growing private sector investment

• Middle East and Latin America to provide further opportunities

Value

Market Growth

Low

Low High

LATAM

Europe

High Attractiveness

LowAttractiveness

MediumAttractivenessHigh

APAC

NorthAmerica

MEA

RegionRevenues2012-2020

CAGR

North America

$ 506.00B 17.4%

APAC $ 159.00B 8.0%

Europe $ 243.00B 9.9%

MEA $ 40.00B 10.7%

Latin America

$ 51.00B 16.7%


6

3 Regulation: Laissez faire to Global Standards?

• Technology evolving too quickly for legislation• Unregulated to clearer national frameworks – US, UK and France lead the way• Global customs?

• Lack of Transparency• Disagreement • Event driven• Developed vs. Emerging Countries

Could Cyber be the next major international charter?• Customary International Law –

Global Norms

Segment Level Country Level Global Level


7

4 Collaboration: A Borderless Problem

• Threats are viral in nature• Ongoing collaboration at the political and government levels between states is critical• Collaboration will build from the bottom up

Industry opportunity to supply solutions across the value chainIndustry opportunity to supply solutions across the value chain

SITE LEVEL: Opportunities at

a site level, working with

operators and multiple

vendors to secure network

and facilities, including

industry CERTs

SITE LEVEL: Opportunities at

a site level, working with

operators and multiple

vendors to secure network

and facilities, including

industry CERTs

COUNTRY LEVEL:

Influencing at a country

level – CERT’s,

partnerships, policy,

government programs.

COUNTRY LEVEL:

Influencing at a country

level – CERT’s,

partnerships, policy,

government programs.

GLOBAL ENGAGEMENT:

government levels –

industry’s role to advise /

build global partnerships

and presence in regions.

GLOBAL ENGAGEMENT:

government levels –

industry’s role to advise /

build global partnerships

and presence in regions.


8

5 IT Empowerment at Board Level

• Greater board awareness• CISO recruitment drive – to be made at board level• Strong messages – Calls for 7/10 target board to be removed

Target Share Price January 2014 – June 2014

Ebay Share Price January 2014 – June 2014

• Business over Technical dialogue –speaking the boardroom language.

IMPACTRiskCost

Threat

• Financial implications still the driving force in the boardroom

• Education and understanding still required for many executives.

Source: Frost & Sullivan; Bloomberg

9

6 Protection: Technology vs. Insurance

• Growing industry partnerships with insurance providers• Fastest growing insurance service line: estimates of $1.3 billion in US and $100 million in

the EU last year• Policy difficulties and lack of insurance pay outs

1. Key companies include: AIG, Marsh, Allianz

2. False sense of security

3. Growth of market and risk will increase insurance premium

1. Greater protection from threats2. Insurance driving implementation of

technology solutions to comply with policy requirement


10

7 Market Players: Strategic Shifts for Competitive Advantage

• Cyber security is the most active security segment for Mergers, Acquisitions and Partnerships

• Venture Capitalists investing in the market

Defense and Security Primes

Information Technology

EPC Contractors / Automation Vendors

Cyber Security

Specialists

Key Mergers and Acquisitions:

• Lockheed Martin / Industrial

Defender

• Fireeye acquires Mandiant

• Thales buying Alcatel Lucent

network security unit

• Schneider Electric and Thales

partnership

• General Electric acquires

Wurldtech

Global expansion:

• Focus on Israel

• MoU between CyberSecurity

Malaysia and CERT Australia

Global Expansion

Market Presence

Technology Capability

Strategy Change


11

8 Follow the Financial Services

• Financial services has been quicker to adopt more advanced security solutions than other CNI sectors

• Greatest attacks still aimed at Oil & Gas / Energy and Utilities sectors

Government

Financial

Oil & Gas

Energy and Power

Mass Transport

Information loss, financial impact and regulatory compliance

Growing threats of business disruption, health and damage to critical infrastructure


12

Components Equipment Site Operator Corporate

9 Security in the Supply Chain

• Weaknesses in the CNI supply chain allow threats and entry point access to CNI infrastructure

• Focus point for CNI stakeholders moving forward

Threats focussing on suppliers of component and equipment pose a range of challenges:

• Loss of corporate / sensitive information• Access performance /design data• Potential manipulation of equipment / controls

Grading the requirement on the quality must now include a cyber component

Where does the responsibility lie the manufacturer or the end user?


13

Detection

Prevention

Protection

Pre-emption

Security Analytics

10 Network Awareness: What is on them, Where are the weaknesses?

• Cyber hygiene – constant, real time monitoring of data and networks for both external and internal threats is critical

Cyber / Physical Threat

Security of the Cloud

The Internet of Things

Consumerisation of IT


14

Next Steps…. Cyber in the Supply Chain

United Kingdom United States India Middle East*

Frost & Sullivan intends to run an assessment of cyber security provision in the supply chain of critical national infrastructures:

Mass Transport, Banking & Finance, Oil & Gas, Energy & Power Plants and Water

*Middle East includes: Qatar, Kuwait, UAE, Saudi Arabia

Key objectives:

• Establish the current level of cyber security provision, needs and requirements across Critical National Infrastructure segments

• Map perceived threats

• Evaluate cyber security adoption in the supply chain and the future intent to invest

• Analyse Government policy, market drivers, barriers to entry, competitors and expenditure forecast by country

15

Next Steps

Develop Your Visionary and Innovative SkillsGrowth Partnership Service Share your growth thought leadership and ideas or

join our GIL Global Community

Join our GIL Community NewsletterKeep abreast of innovative growth opportunities

16

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by “Rating” this presentation.

What would you like to see from Frost & Sullivan?

17

https://twitter.com/FrostADS

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter (ADS)

http://www.facebook.com/FrostandSullivan

https://www.linkedin.com/groups/Frost-Sullivans-Aerospace-Defence-Security-4185579?trk=my_groups-b-grp-v

http://www.slideshare.net/FrostandSullivan/tag/aerospace

18

For Additional Information

Edyta Grabowska

Corporate Communications

Aerospace, Defence & Security

(+48) 22 48 16 203

[email protected]

Anthony Leather

Senior Consultant


(+44) 207 3438334

[email protected]

Steven Webb

Vice President


(+44) 207 9157842

[email protected]

Andrew Thorndyke

Sales Manager


(+44) 1865 398645

[email protected]