The second quarter, 2013 ICS-Cert Monitor Report from the U.S. Dept. of Homeland Security reports on Brute Force Attacks on Internet-Facing Control Systems. The report notes a highly significant increase in the number of these attacks. “In fiscal year 2012, ICS-CERT responded to 198 cyber incidents across all critical infrastructure sectors. Of these, 41% were in the energy sector compared to all other sectors.” But “[I]n the first half of fiscal year 2013, (October 1, 2012–May 2013), ICS-CERT has responded to over 200 incidents across all critical
infrastructure sectors. The highest percentage of incidents reported to ICS-CERT occurred in the energy sector at 53%.” (all quotes are excerpted from the second quarter 2013 ICS-Cert Monitor Report published by the U.S. Dept. of Homeland Security. A link to this report has been provided above).
Early stage ISVs with off-the-shelf solutions for control systems data security should be looking at a highly motivated market for the remainder of 2013, 2014, and even 2015. The solutions market participants need must safeguard Ethernet networks and applications written for web browsers.
Early stage systems integrators will not likely share the benefit from this market trend. A combination of a requirement for firms with high level security clearances, and the traditional purchase behavior of businesses in this market (they tend to all use the same systems integration resources), will put a damper on the potential return for systems integrators.
We think there is also an opportunity in this market trend for computer hardware vendors. A lot of control systems operators will be looking for hardened terminals–thin clients without local hard drives or ports for peripherals.
The increase in the number of attacks on networked data communication systems was likely matched, or exceeded by the number of control systems operators implementing Software as a Service (SaaS) cloud offers. In our opinion we think this market is experiencing double digit growth, year over year. Cost savings simply trump security concerns for heavily regulated energy providers, exploration companies, and other public utilities.
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved