As the cyber threat for industrial operators continues to grow due to geopolitical tensions and improved technologies/tactics that malicious actors can leverage, the role of industrial cybersecurity solutions becomes more pronounced. Investing in leading cybersecurity technologies like Next-Generation Firewalls (NGFWs) and Artificial Intelligence (AI)/Machine Learning (ML) anomaly detection tools helps keep Operational Technology (OT)/Industrial Control System (ICS) environments safe and ensures that operations are not hindered.
Registered users can unlock up to five pieces of premium content each month.
Industrial Cybersecurity Investment Trends
The current state of industrial OT security is alarming. Cyberattacks on Critical Infrastructure (CI) have been on the rise, with recent attacks on Iran’s gasoline stations, on Clorox’s manufacturing operations, on a water system in Texas, and on the Colonial Pipeline in the United States highlighting serious vulnerabilities in industrial operations. Moreover, recent geopolitical tensions raise the threat level from state-sponsored breaches of industrial operations. To keep their networks safe, industrial companies are increasingly investing in Operational Technology (OT) and Internet of Things (IoT) security solutions.
ABI Research forecasts the industrial sector will spend US$3.5 billion annually on OT/IoT security by 2027. Companies in the electrical power, transportation, water treatment, and oil & gas markets are expected to be the biggest spenders on industrial cybersecurity throughout the forecast period.
European companies spend the most on industrial cybersecurity technologies, followed by North America and Asia-Pacific (US$5.5 billion in 2027). Recent conflicts in the Middle East could catalyze greater cybersecurity investment in 2024/2025, with past attacks on water treatment facilities in Israel and on transportation/heavy industries in Iran being top-of-mind. While Latin America lags behind, there is potential for more substantial security spending if crippling attacks on industrial firms in the region occur and induce widespread fear.
“Anything that is connected to the Internet provides an opportunity for hacking and this includes the Industrial Control System (ICS) environment, devices, and data transfers. Growing connectivity means a growing attack vector and the exponential growth of entry points for malicious actors.” – Michael Amiri, Senior Analyst at ABI Research
Growing Security Threats and Attack Prevention Challenges
Digitization and increased connectivity present numerous opportunities for industrial firms, such as real-time data analytics, improved efficiency, remote monitoring, and optimized maintenance/supply chains. However, the connected devices and systems involved in these applications represent new potential network entry points for malicious actors.
Contending with these cybersecurity challenges becomes even more difficult when you consider the complexity of modern industrial networks. An industrial company could have thousands of connected devices to account for, including some that are not even known to the operator. Moreover, legacy industrial systems lack robust security technologies, making the risk of a cyberattack even more likely for those who fail to upgrade the network or segment it.
For these reasons, industrials should look to leading security solutions that can reduce alert fatigue, segment portions of the network, automate anomaly detection, and build a Zero Trust environment.
Reducing Alert Fatigue
Being bombarded with too many security alerts—many of them being irrelevant—hinders a cybersecurity team’s efficiency. Alert fatigue means industrial companies waste time dealing with network security risks that were never really a threat in the first place. To reduce alert fatigue, cybersecurity vendors offer solutions that prioritize high-risk incidents, leverage ML and behavioral analysis, and automate threat responses.
Honeywell’s Forge Cybersecurity+ and Claroty’s xDome are notable examples of solutions that reduce alert frequency. The former enables industrial operators to monitor the threat landscape based on organizational preferences or industry standards. The latter categorizes security threats based on their severity level and also allows users to choose the type of alerts that matter most.
Segmenting the Industrial Network
Segmentation technologies, notably firewalls, are essential to protect an ICS/OT environment. The industrial network entails large swaths of data flowing between various systems and users, representing a risk of malware and other harmful threats entering the network. Firewalls monitor network traffic and can block certain types of content, applications, and users.
A notable trend is that Next-Generation Firewalls (NGFWs) are far more comprehensive than previous industrial firewalls, accounting for a greater number of variables beyond basic Internet Protocol (IP) address, destination IP address, and port numbers. Successful NGFW solutions integrate both Stateful Packet Inspection (SPI) and Deep Packet Inspection (DPI) technologies. SPI can continue serving legacy devices, while DPI offers industrial granular control over network traffic. Finally, it’s also important for industrial firewalls to be designed for harsh environments (e.g., extreme heat or cold).
Besides firewalls, industrials can also segment their network with diodes and one-way gateways. For example, Owl Cyber Defense offers diodes that block data from transmitting from high-security environments to lower-security environments. Similarly, Waterfall Security’s unidirectional gateway prevents data from flowing into the ICS. Therefore, the gateway thwarts any potential cyberattacks festering in one area entering the most critical area.
AI/ML Integration Expedites Breach Response Time
Artificial Intelligence (AI) and Machine Learning (ML) tools should very much be in the industrial cybersecurity conversation. AI/ML algorithms have been shown to be superior to traditional, rule-based approaches for detecting network anomalies. The automated response capabilities of AI/ML also must be part of the conversation, as these tools can start responding to a breach immediately after it’s identified; early breach response is critical to minimizing the impact.
AI/ML algorithms can also distinguish between normal/abnormal patterns and detect vulnerabilities by continuously scanning the ICS/industrial network environment. Lastly, AI/ML enhances access management by authenticating a user’s behavioral patterns, access methods, geographical data, and other interactions before granting the user access to the network.
Zero Trust Is the Way Forward
A Zero Trust approach, widely championed by industrial and cybersecurity vendors, is a fundamental cybersecurity principle emphasizing continuous verification over trust. This model requires deploying various technologies to limit access to specific roles or tasks, which is essential for minimizing sophisticated breaches against the ICS.
However, emerging threats like quantum computing could potentially undermine Zero Trust strategies. Therefore, industrial cybersecurity vendors must demonstrate resilience against such emerging threats.
Key Companies Providing Industrial Cybersecurity Solutions
Below is a list of several cybersecurity vendors offering forward-looking solutions to safeguard industrial networks.
- Claroty: Claroty’s xDome is a SaaS-powered industrial cybersecurity platform that secures OT assets by categorizing threats based on severity and allowing users to define specific OT activity alerts, reducing alert fatigue. This ensures users are only notified when necessary.
- Dragos: Dragos emphasizes comprehensive ICS visibility as crucial for mitigating threats in increasingly complex industrial environments. It collects and analyzes breach data, maintains profiles of threat actors and their tactics, and compiles lists of threat groups based on targeted industries and geographic locations. For example, Dragos has detailed profiles on groups like CHERNOVITE, known for the ICS-tailored malware Pipedream, which identifies new devices, brute forces passwords, and crashes target devices.
- Honeywell: Honeywell's Forge Cybersecurity+ is an IoT cybersecurity product that continuously monitors threats based on organizational preferences or industry standards like IEC 62443 and NIST. It features an adaptive granular baselining algorithm to minimize unnecessary alerts.
- Otorio: OTORIO’s OT Security Risk Management Platform minimizes noise by correlating data from multiple sources and only bringing relevant alerts to the user's attention, ensuring potentially indicative alerts aren't missed due to excessive noise.
- Palo Alto Networks: The California-based cybersecurity vendor employs ML and AI to analyze network traffic in real-time, minimizing Zero-Day exploit risks. The company’s DPI and protocol-agnostic application visibility offer detailed network insights. Furthermore, Palo Alto Networks' Cloud Security Posture Management (CSPM) safeguards cloud settings, provides unified cloud visibility, and tracks assets. Finally, their firewalls enhance security by monitoring all network activity and access attempts.
- Rockwell Automation, Inc.: Rockwell Automation, a leading industrial OEM, offers cybersecurity solutions and has partnered with Dragos to enhance its offerings. By integrating Dragos' scalable platform, Rockwell's AssetCentre now provides improved data management, centralized inventory, and robust backup and recovery capabilities for industrial networks.
Learn More
Gain a better understanding of the prevailing industrial cybersecurity technologies and key vendors by downloading ABI Research’s Security Technologies for Industrial Connectivity report.
Industrial Control System Security
