Every country, organization and individual is exposed to a number of vulnerabilities and threats. Infrastructure that is critical is associated with electricity, oil and gas, telecommunication, water supply generation, transmission and distribution, agriculture, food production and distribution, financial services and security services. The list encompasses almost every element that is vital to the functioning of an economy or business. Critical Infrastructure, for the same reason is considered to be the backbone of any country. Neglecting them may cause economic breakdown or devastation as most of these assets are interdependent and interlinked.
The recent occurrences of events world over such as the hack into Sony Pictures Entertainment, which led to the release of confidential data including personal information about employees and financial data about the company has brought out attention on the lack of a Security Protocol. Other incidents of attacks such as Operation Orchard in Israel, Threat Duqu, Operation Shady Rat, Threat of Stuxnet (a computer worm designed to attack Programmable Logic Controllers PLC) and Operation Buckshot Yankee have drawn the world’s attention to the vulnerability of critical infrastructure.
Countries and Organizations are adopting software and solutions to counter these attacks. More recently, a provider of cyber risk services, Deloitte, and an energy provider, Exelon, announced a collaborative project to protect the Bulk Electric System, with the implementation of the North American Reliability Corporation (NERC) CIP Version 5. The leadership and the industry expertise of Deloitte and Exelon are expected to improve cyber security standards, quality, reliability and safety of the electric system. Past experience indicates that both the regulatory requirement and the risk environment help create a robust risk program. There is also need for governments, organizations and executives to collaborate in innovation, expansion and compliance-related activities. It is essential for utilities to follow compliance laws on security controls.
Infrastructure looks to Government
In the United States, the Clinton administration first identified the need to pay attention to the technology, with the Obama administration going a step further in developing a Framework for improving the safety of infrastructure. Another interesting aspect is the freedom of any country to improve and frame the critical infrastructure laws and policies without any international norms to follow.
Many European countries, such as UK and Germany have passed new IT laws that will affect more than 2500 utilities service providers in the domain of Telecom, IT, BFSI, water, health etc. These laws have forced businesses to implement some security standards since they have been given a two-year deadline to adopt these measures.
Similarly in Australia, the government has identified the Telecommunication network as a crucial infrastructure that is greatly affecting the country’s economic prosperity. The country is paying attention in maintaining the security of these communication equipment and carriers as vulnerabilities to these networks can allow unauthorized access into the networks.
All the following factors are driving the Critical Infrastructure Market at a CAGR of 8.50%. The market, evaluated at $80.50 Billion in 2014 is estimated to cross $131.33 Billion in 2020. The current market scenario indicates the need for more Public-Private partnerships and the better preparedness in countering physical damages in times of an attack. Though there is unanimity in opinion that security threats are on the rise, the organizations maintain high confidence in existing securities. Additionally, user error is still considered the biggest cause of security lapse.
The market, experiencing the highest traction in the Asia-Pacific region with a growth rate of 9.02%, can be subdivided on the basis of the different solutions offered by the market as Risk Management Services, Designing, Integration and Consulting, Managed Services and Maintenance and Support. Risk Management Services has a market size of $ 41.75 Billion, followed by the Designing, Integration and Consultation occupying 35% of the total market share.
The technology is being applied in three broad verticals, namely, Energy and Power, Transportation System and Sensitive Infrastructure and Enterprises. Though the Energy and Power sector occupies the highest market share, it has also been identified as the sector requiring highest cultural change. This is because the Energy companies which initially fell into the category of engineering industry, today has largely amalgamated into the IT industry. The reliance of IT on energy has increased with time, and vice-versa.
Different countries have different perspectives of the impact of an attack. North Americans advocate that there is higher likelihood for a loss of human lives during such events than the Europeans do. Countries worldwide have also identified different types of threats. Each threat demands a separate approach of redressal since each threat requires different planning, preparation and mitigation processes.
A fast changing disaster and risk landscape combined with the increasing vulnerability of threat has made the security of Control Systems and the Data Acquisition technology a key issue.