全球OT网络安全行业分析（2022）

IT/OT 网络安全是指保护用于过程控制的操作技术 (OT)。低价模式关注的是0-3级工业操作的保护，但在实践中主要与过程控制级、本地控制室和DMZ有关。

OT 网络安全领域正在发生重大变革。运营商正在转变其安全运营，以应对运营连接性和自动化方面的进步，以及将以前孤立的系统暴露于互联网的相关风险。因此，资产所有者正在增加其在 OT 保护方面的网络安全支出份额，从 2019 年占工业网络安全总支出的 17% 上升到 2027 年的 22%。这是一个前景。

本报告分析了全球OT网络安全行业，分析了行业基本结构、近期主要趋势、主要市场推动/制约因素、市场规模（支出）趋势展望，以及按地区/行业。我们将带来结合其他详细趋势和整个行业的生态系统等信息。

目录

内容

项目定义

市场概述

行业分析

技术生命週期

• OT网络保护
• 网络
• 零信任
• 风险/漏洞管理
• 威胁检测
• 防御高级威胁
• SOC (SIEM/SOAR)
• 远程访问管理
• 威胁情报
• 託管安全服务
• 专业的安全服务

市场支出

• OT和IT/OT消费产品
• OT 和 IT/OT 支出管理安全服务
• OT 和 IT/OT 支出的安全服务
• IT/OT 支出：按产品类型

区域分析

• 非洲市场规模和预测
• 亚太市场规模及预测
• 中亚市场规模和预测
• 欧洲市场规模和预测
• 拉丁美洲市场规模和预测
• 中东市场规模及预测
• 北美市场规模及预测

按行业划分的市场分析

• 食品饮料市场规模及预测
• 汽车市场规模和预测
• 医药市场规模及预测
• 离散製造市场规模和预测
• 铁路市场规模及预测
• 航运/物流市场规模及预测
• 能源市场规模和预测
• 水和污水市场规模及预测
• 油气市场规模及预测
• 化工/石化/其他市场规模及预测

生态系统分析

IT/OT 安全平台导航器

• Cisco
• Fortinet
• Belden (including Tripwire)
• Dragos
• Forescout
• OPSWAT
• SCADAFence
• Tenable
• Check Point Software
• Claroty
• Kaspersky
• Nozomi Networks
• Palo Alto Networks
• Radiflow
• Trend Micro
• Verve Industrial Protection

专业/託管安全服务导航器

• Accenture
• Deloitte
• EY
• Honeywell
• IBM
• PwC
• Rockwell Automation
• Siemens Digital Industries
• Thales
• BT
• Fujitsu
• Telekom Security
• ATOS
• CapGemini
• Orange Cyberdefense
• Jacobs
• KPMG

替代方案

附录

Report Summary:

IT/OT cybersecurity is the protection of Operational Technology (OT) used for process control. In the Purdue Model this relates to the protection of industrial operations at Levels 0-3, but in practice relates primarily to the process control level, the local control room and DMZ.

Cybersecurity investment tracks with industrial transformation

The sector is going through a period of significant change. Industrial Operators are transforming security operations in response to the increasing connectivity and automation of industrial operations, and the associated risk of exposing previously air-gapped systems to the internet. This has resulted in asset owners allocating a higher percentage of cybersecurity expenditure on the protection of OT, growing from 17% of total industrial cybersecurity expenditure in 2019, to 22% by 2027.

Investment drivers include the increasing digitalisation of operations, the current threat landscape, and changing regulatory conditions.

• Digital Transformation is a strong driver of cybersecurity investment. High technology industries, including semiconductor manufacturing and some automotive operations, are characterised by high levels of automation and advanced cybersecurity programs. Other industries are modernising, and as the adoption of digital twins, edge computing and AR/VR becomes more widespread, cybersecurity investment will increase. 5G and the Industrial Internet of Things (IIoT) will have a significant impact on industrial operations by the end of the decade, greatly increasing connectivity and the interdependencies between industries and supply chains.

• Threat & Vulnerabilities. There is a significant amount of intelligence that points to a high and persistent threat to critical infrastructure and global manufacturing operations. Researchers identified new threat groups in 2021 whilst asset owners' perception of the threat increased as ransomware attacks escalated. The number of known vulnerabilities has also grown significantly in recent years with more than twice as many published in 2021 than 2020. Increasing knowledge of the threat, and a better understanding of the risk, has resulted in greater investment in cybersecurity. Nevertheless, many security programs are still at the early stages of implementation and as threats evolve, asset owners will need to adapt.

• Recent Security Incidents have raised awareness amongst executives of the consequences of an attack on operations and business performance. Colonial Pipeline (Oil & Gas) and JBS (Food & Beverage) resulted in financial loss, operational disruption including to both supply chains and customers, and reputational damage. Headline hitting security incidents often lead to peers reviewing their own risk strategy, leading to investment in cybersecurity programs. A reduction in security incidents is not expected in the near term and the resulting headlines will encourage executives to continue to modernise.

• Regulation is strengthening internationally, nationally and in vertical markets. The EU NIS2 Directive expands the coverage of the existing regulation and aims to increase regulatory powers to drive compliance. There is also a trend towards the tightening of National Laws, for example the German IT Security Act 2.0, mandating the use of technologies and services to protect national infrastructure and other critical industries. Finally, vertical market specific regulations and standards will influence cybersecurity programs. For example, UNECE WP.29 forms part of a process to improve automotive resilience which requires each OEM to implement a Cybersecurity Management System to be operational by mid-2022. This will be rolled out to Tier 1,2 and 3 vendors who will need to show compliance at later dates. The result of UNECE WP.29 will be an end-to-end approach to security, ensuring that risk is understood, controls are implemented, and threats actively monitored across the automotive supply chain. Westlands Advisory expects greater use of threat detection, improved implementation of OT best practices and a greater focus on Software Bill of Materials (SBOM).

Security destination might be known but getting there is not easy

Despite growing investment, cybersecurity maturity is still low when measured against the most often implemented standards.

The NIST Cyber Security Framework (CSF) is the most widely quoted standard followed by IEC 62443 and CIS Controls. NIST CSF maps key security requirements to five functions; Identify, Protect, Detect, Respond, Recover. This requires asset operators to move from an over-reliance on protective technologies to adopting a cybersecurity strategy based on operational resilience. This in effect requires organisations to identity and manage assets, segment networks, and to be able to detect and respond to threats quickly to minimise the impact of a cybersecurity incident.

However, it is not always possible for risk leaders to secure the funding. Boards still view cybersecurity as a cost rather than an enabler of change and therefore many security programs will evolve over several budget cycles. Westlands Advisory interviews with operators and service providers discovered that many asset owners are managing a variety of firewall brands, using different policies and configurations, and that the immediate priority is to establish common policies and network segmentation. Whilst the early adopters have implemented asset management and threat detection processes, most asset owners are somewhere between the start of their security program and midway through updating and implementing basic security controls to achieve a strong and consistent baseline across their infrastructure.

Organisational structures and priorities in large, diversified operations also act as a barrier. The OT engineer's priority of safety, reliability and availability of operational systems does not always align well with cybersecurity policies and processes, requiring common Governance, Risk and Compliance policy across the business. In large, complex organisations, alignment takes time.

An era of investment, technology innovation and partnerships

Although investment and implementation challenges can be significant barriers to change, the IT/OT cybersecurity industry is currently going through a period of heightened private investment, innovation and ecosystem development. Notable themes include;

• An increase in the number of vendors providing IT/OT Security Platforms with an expanding range of technology use-cases and integrations.

• Managed Service provider investment in OT Security Operations Centres to compliment IT SOC/NOCs, delivering OT network visibility, monitoring and threat detection with incident response support.

• The development of OT Security Innovation Centres by service providers, with digital twins and simulations to test new products, systems and services.

• High investment in Risk Management and Scoring, providing end-users with the tools to quantify and prioritise operational risk.

• Increasing levels of Security Automation and Orchestration related to compliance, zero trust, Software Bill of Materials (SBOM) and security operations.

The future direction is clear but the path uncertain

Investment in cybersecurity will increase across the NIST CSF's Identify, Protect, Detect, Respond & Recover categories. Westlands Advisory expects that by 2027 the majority of industrial operators will have moved from a protective only security posture to proactively identifying security threats. There will be greater integration between IT security operations and OT, with specialist teams working collaboratively across either the on-prem or remotely managed Security Operations Centre. There will also be a step change in supply chain resilience, with more mature security approaches to third party access of machines. All of this is known.

What we don't yet know is how the course might change over the next 5 years due to either known or unknown events. COVID-19 highlighted that a single event can have a significant impact on global systems, resulting in changes to cybersecurity policy, strategy and investment. COVID-19 accelerated the remote access trend, bringing forward expenditure on zero trust technologies that resulted in a range of new products. In the next 5 years it remains uncertain how other events may impact OT cybersecurity investment. Some of these include;

• To what extent will current geopolitics increase the cyber threat and how will this change CISO's expenditure plans?

• Will trade patterns continue to shift leading to significant regional differences in cybersecurity ecosystems?

• How will changes to industrial insurance policy impact investment on cybersecurity programs?

• How will cybersecurity regulation evolve across countries and industries, and how strongly will it be enforced?

• What will be the future status of the sovereign cloud and implications for processing industrial data?

• How quickly will 5G impact manufacturing?

These are a few of the bigger picture questions to consider when evaluating the future of OT cybersecurity.

Table of Contents

Contents

Project Definitions

Market Summary

Industry Analysis

Technology Lifecycle

• OT Network Protection
• Networking
• Zero Trust
• Risk & Vulnerability Management
• Threat Detection
• Advanced Threat Protection
• SOC (SIEM & SOAR)
• Remote Access Management
• Threat Intelligence
• Managed Security Services
• Professional Security Services

Market Expenditure

• OT & IT/OT Expenditure Product
• OT & IT/OT Expenditure Managed Security Service
• OT & IT/OT Expenditure Security Services
• IT/OT Expenditure by Product Type

Regional Analysis

• Africa Market Size & Forecast
• Asia Pacific Market Size & Forecast
• Central Asia Market Size & Forecast
• Europe Market Size & Forecast
• Latin America Market Size & Forecast
• Middle East Market Size & Forecast
• North America Market Size & Forecast

Vertical Market Analysis

• Food & Beverage Market Size & Forecast
• Automotive Market Size & Forecast
• Pharmaceutical Market Size & Forecast
• Discrete Manufacturing Market Size & Forecast
• Rail Market Size & Forecast
• Maritime & Logistics Market Size & Forecast
• Energy Market Size & Forecast
• Water & Wastewater Market Size & Forecast
• Oil & Gas Market Size & Forecast
• Chemicals, Petrochemicals and Other Market Size & Forecast

Ecosystem Analysis

IT/OT Security Platform Navigator

• Cisco
• Fortinet
• Belden (including Tripwire)
• Dragos
• Forescout
• OPSWAT
• SCADAFence
• Tenable
• Check Point Software
• Claroty
• Kaspersky
• Nozomi Networks
• Palo Alto Networks
• Radiflow
• Trend Micro
• Verve Industrial Protection

Professional & Managed Security Services Navigator

• Accenture
• Deloitte
• EY
• Honeywell
• IBM
• PwC
• Rockwell Automation
• Siemens Digital Industries
• Thales
• BT
• Fujitsu
• Telekom Security
• ATOS
• CapGemini
• Orange Cyberdefense
• Jacobs
• KPMG

Alternative Scenarios

Appendix