statement
This article is a study note compiled by studying the report of the github5.com website . I hope that more people will benefit from sharing it. If there is any infringement, please contact us in time
Industrial Internet Security Industry Situation
Industrial Internet Security Industry Structure
Safety product system with high, medium and low capabilities
With the wide application of new technologies such as big data and artificial intelligence, the emergence of innovative concepts and new products such as active defense, threat intelligence, situational awareness, and security visualization have promoted the transformation of the traditional information security industry. In the field of industrial Internet information security, traditional security defense products have gradually become weak and unable to effectively deal with increasingly serious security threats. Building an industrial Internet information security product system with clear layers, clear positioning, and integrated linkage will become an important part of the future development of the industry. trend.
According to the functional level and the flow direction of data and threat intelligence, a "trinity" security protection system with low-level, medium-level, and high-level capabilities should be established. Specifically, the product structure of the industrial Internet information security market can be divided into three layers from low to high: protection monitoring layer, security operation layer, and situational awareness layer. These three-tier products implement different security functions, and the three-tier products carry out the flow of data, instructions, and threat intelligence to achieve the overall protection effect of synergy and linkage. Among them, data flows from low to high, and threat intelligence is empowered from high to low. The product structure of the industrial Internet information security market is shown in the figure below.
Protection monitoring layer products
Protection and monitoring layer products are at the lowest layer of the product system function hierarchy, mainly including industrial security gateways (industrial control firewalls), industrial security audits, industrial host protection software, industrial security gatekeepers, industrial security inspection and evaluation tools, industrial vulnerability scanning, and industrial wireless intrusion Defense, industrial cloud security protection and other products. This type of product collects data and handles it when a threat is discovered or received an order from an upper-layer security operation product, and has a simple analysis function.
Security operation layer products
The security operation layer products are in the middle layer of the product system functional hierarchy, and are mainly deployed within industrial enterprises, and play a core role within the enterprise as a threat awareness, centralized management and control, and emergency response platform for industrial information security. Such products mainly include industrial security monitoring systems, industrial security monitoring and control platforms, and other products. The core technologies are threat intelligence utilization, security visualization, and big data processing technologies.
Security Situation Awareness Layer Products
The security situational awareness layer product is at the highest level of the product system functional level, and its core capabilities are intelligence collection, threat reporting database, and advanced data analysis. Such products include industrial Internet security monitoring service platform, threat intelligence library, etc., which are mainly deployed in government departments or headquarters of large enterprise groups, and are responsible for situational awareness and security supervision of major industrial enterprises within jurisdictions and jurisdictions.
Gartner's analysis on the OT market
The Industrial Internet includes industrial control systems, industrial networks, and commercial network infrastructure such as big data storage and analysis, cloud computing, business systems, and customer networks. The industrial Internet security market discussed in this section places more emphasis on asset-centric operational technology (Operational Technology, OT) security.
In the "OT Security Market Guide" released by Gartner in July 2018, it clarified the definition of operational technology (OT) security, pointing out that OT security refers to the protection of personnel involved in monitoring and (or) controlling physical equipment, processes and events , assets and information practices and technologies.
What is different from the past is that in this market guide, Gartner has expanded the scope of OT security to include OT security services. At the same time, Gartner believes that the operational systems that the industrial Internet security market focuses on include: data acquisition and monitoring system (SCADA), process control network (PCN), discrete control system (DCS), manufacturing execution system (MES), telematics, Robotics, facility management/building automation systems (BAS).
Traditional IT system network security is ranked in order of importance: confidentiality, integrity, and availability. OT security is ranked in order of importance: availability, integrity, confidentiality. The different order of importance of information security goals has resulted in great differences between OT and IT systems in the entire security lifecycle process of risk assessment, security requirements, standard requirements, implementation plans, deployment implementation, and security operation and maintenance. Therefore, the network security technology of the traditional IT information system cannot be directly applied to the industrial control system. To solve the network security problem of the industrial control system, the characteristics of industrial application scenarios should be fully considered. Gartner emphasized that although IoT devices and software, such as sensors and mobile devices, are used in OT environments and are often referred to as the Industrial Internet of Things (IIOT), the OT security market is relatively mature. Industrial IoT is part of OT. Most of the solutions in the OT security market are concentrated in the image below.
Gartner summarizes the relationship between industrial security products/services and industrial control system security architecture based on the Purdue reference model for industrial control systems, deploys enterprise firewall devices at each layer of L1-L5, and fully grasps and visualizes the industrial control assets in each layer Analysis; anomaly detection between each layer of L1-L4, endpoint protection for L0-L4, consulting, integration and hosting services for the entire Purdue reference model.
At the same time, Gartner predicts market trends: by 2019, 65% of enterprise OT security will be in charge of the CIO (Chief Information Officer). By 2020, newly deployed IIOT (Industrial Internet of Things) or OT systems will support time-sensitive networks TSN; by 2020, 25% of digital twins will be provided as services; by 2020, 50% of OT service providers will form partnerships with IT providers.
Analysis of Network Security Investment of Industrial Enterprises
The joint laboratory conducts a questionnaire survey among industrial enterprise users nationwide. In order to understand the security needs of industrial enterprises more realistically, the questionnaires filled out by users of manufacturing, municipal/transportation, communication/network, petroleum and petrochemical/chemical, and energy and power are analyzed as valid data according to the unit attributes of the participating industries.
Industrial Internet users attach importance to industrial Internet security
Through the statistics of the questionnaire survey, it is found that in 2018, the users of the industrial Internet industry attach great importance to security, and 76.1% of industrial users attach great importance to the construction of industrial Internet security. According to the statistical results in Kaspersky's "2018 Industrial Network Security Status" , 77% of respondents believe that network security is a top priority. Industrial enterprises at home and abroad have paid great attention to the construction and deployment of industrial Internet security.
According to the analysis of the degree of emphasis on industrial Internet security in different industries, the statistical results show that the municipal/transportation industry and manufacturing industry pay relatively low attention to industrial Internet security , and the municipal/transportation industry pays the least attention.
Analysis of annual capital investment of industrial Internet users in industrial Internet network security
In the next two years, 49.1% of the surveyed industrial enterprises will increase their investment in safety, and 22.8% of the enterprises will slightly increase their investment. Overall, there is a good trend in the investment of industrial Internet companies in security, which fully demonstrates that industrial Internet users are paying more and more attention to industrial Internet security.
The surveyed industrial Internet companies plan to invest less than 100,000 yuan or between 100,000 and 1 million yuan in industrial Internet network security, accounting for 28.1% of the total. More than 1/2 of the surveyed companies' investment in security is concentrated within this range . It can be seen that there is still a lot of room for improvement in the industrial Internet security market.
It is worth noting that large-scale manufacturing companies and communications/networks have invested heavily in security, and 17.5% of the surveyed companies have invested more than 10 million in annual security, showing a leapfrog advanced investment. Some companies have already attached great importance to industrial Internet security. Construction began to lay out one after another.
According to the statistical analysis of the industrial Internet security construction cost in the industrial Internet investment, 43.9% of the respondents believe that it should account for 5%-10% of the industrial Internet investment, and three-quarters of the enterprises with an investment share of less than 10% above. It can be seen that the overall proportion of investment in industrial Internet security construction is still relatively low . Although industrial enterprises have relatively increased their emphasis on industrial Internet security, the overall capital investment is still insufficient.
The main factors hindering the investment and construction of industrial Internet security
In order to have a more comprehensive understanding of the influencing factors of insufficient overall capital investment, we first analyze the reasons that hinder the investment and construction of the Industrial Internet. After statistical analysis, it is found that the lack of talents is the primary factor affecting the construction of the industrial Internet . It is worth noting that information security and insufficient funds occupy the same proportion. It can be seen that information security has an increasing impact on the investment and construction of the Industrial Internet.
According to the analysis of the influencing factors of industrial Internet security investment and construction, it is found that "invisibility of benefits" is still the most important factor hindering security investment and construction . The biggest difficulty in industrial Internet security construction is that no safety accidents have been caused. It is difficult for corporate executives to understand the benefits that security construction can bring to enterprises in a short period of time. Industrial Internet security construction is not understood by industrial companies.
Whether it is industrial Internet construction or industrial Internet security construction, the lack of talents is an important factor hindering development. The global cybersecurity talent gap in North America, Latin America, Asia Pacific, and Europe, the Middle East, and Africa has widened to nearly 3 million , according to the 2018 Cybersecurity Workforce Study by the International Nonprofit Membership Society (ISC)2 . According to the "2018 Network Security Talent Research Report" jointly released by 360 Internet Security Center and Zhaopin Recruitment, in the first half of 2018, the network security talent demand scale index increased by 44.9% compared with the first half of 2017, and compared with the second half of 2017. Compared with the previous month, it increased by 9.4%. It can be seen that the strong demand for network security talents will continue for a long time.
The State of Industrial Internet Security Teams
Whether to set up a full-time industrial network security department or personnel reflects the level of industrial enterprise's own network security construction to a certain extent. Statistical analysis of whether industrial enterprises have set up full-time industrial network security departments and personnel found that 69.1% of industrial enterprises have dedicated personnel/departments responsible for security , and 12.9% of enterprises are planning. It can be seen that most enterprises have set up or are preparing to set up security departments or personnel.
In addition to industrial cybersecurity teams, IT departments are the most involved in building industrial cybersecurity at 37% . The participation of the chairman or senior management is relatively low, accounting for only 10%. According to the IT/OT integrated security strategy framework released by Gartner, from the upper level to the lower level, there are senior or management personnel involved in the enterprise. The importance that senior leaders attach to industrial Internet security can promote the implementation and development of industrial security to a certain extent.
Market Demand Analysis of Industrial Enterprise Network Security
Demand for Industrial Internet Security Products
The demand for protection products is high, and the attention to network security is high. Industrial firewall, industrial host protection, and industrial security centralized management and control platform accounted for 50.2%, accounting for half of the proportion of industrial security products. The industrial security centralized management and control platform mainly manages and controls protection products, which are classified as protection. It can be seen from the statistical results that the demand for protection products is generally high, and industrial firewalls account for 23.3%, which is the highest proportion in the industrial security product system. It can be seen that the primary focus of industrial enterprises is on the construction of industrial enterprises' network security.
The second is the protection of industrial hosts. There are many old operating systems of industrial hosts. Industrial hosts will run for many years after they are put into operation. The hardware resources are limited. At the same time, there are old operating systems, and it is often difficult to install IT security protection software such as antivirus. Therefore, the industrial host is basically in a streaking state without any security protection software, and there are many loopholes in the long running time, so the security protection of the industrial host is also imperative.
The proportion of non-protective products is quite similar, showing a trend of diversification. Industrial network traffic analysis equipment accounted for 10.9%, industrial security services accounted for 11.4%, industrial leak scanning equipment accounted for 10.4%, industrial security inspection and evaluation tools accounted for 9.8%, and industrial leak digging equipment accounted for 5.7%. Relatively speaking, the proportion of each product is equal, showing a trend of diversification. The development of safety detection, safety evaluation, safety service, and safety research products is balanced, and the industrial safety product and service system is becoming more and more perfect.
Industrial Internet Security Service Requirements
According to the survey and analysis of interviewees on industrial Internet security services, 82% of the interviewed companies consider adopting "industrial Internet security hosting services", and only 18% of enterprises do not consider it. Among them, remote security operation and maintenance services accounted for the highest proportion, reaching 24%, and on-site services were relatively small, accounting for 15%. Relatively speaking, the cost of remote security operation and maintenance services is relatively low, and the cost of on-site services is relatively high. As the cost of each service increases, the proportion of industrial Internet security services chosen by enterprises is relatively small. No matter what kind of security service they choose, more than four-fifths of enterprises are willing to deploy industrial Internet security services , and the overall situation of the security service market is relatively optimistic.
According to the analysis of the procurement costs acceptable to industrial Internet security services, the proportion of enterprises with less than 200,000 yuan reached 39%. The proportion of procurement costs also reflects to a certain extent the reasons why enterprises choose relatively low-cost security service models .
Industrial Internet Security Emergency Response Requirements
For emergency response solutions to security issues, more than half of the surveyed companies are willing to choose a security vendor with strong comprehensive capabilities and a large scale to solve security issues, and 25.2% of companies are willing to choose multiple security product suppliers to avoid supplier lock-in. Only 6.5% of enterprises are willing to try the technological innovation of start-up companies.
Summarize
For more content, click to visit the report on the github5.com website for further study
contact us
T-CCTA 30509—2022 Cotton viscose fiber acrylic blended natural color yarn.pdf