SANS Industrial Control Systems Security Blog

4 Takeaways from the F&S CNI Cyber Security Report

The Frost & Sullivan research report on the global critical national infrastructure (CNI) cyber security market, coming out on the eve of the SANS European ICS Security Summit, highlights a number of key trends in this increasingly important field:

Technology adoption by CNI for increasing efficiencies is causing a multiplication of "cyber touch points" which require security measures.

This is the core of technological developments termed variously as IT-OT Convergence, Industry 4.0, and IIoT, among others. The networking of control systems and integration of data gathering and analysis systems into previously isolated automation and production environments has been and will continue to expand attack surfaces ("cyber touch points") at exponential rates. For all of the positive outcomes ("increased efficiencies") being achieved, security practitioners are finding it difficult to fulfill their protective mission as exposures increase ever faster than their resources, as evidenced by the growing rate and severity of security breaches in the enterprise.


Products/services which will be in demand include firewalls, IPS/IDS, web application filters, SSL inspection, malware sandboxing, and sensors to monitor technology malfunctions which can be induced by cyber threats.

On one hand, this list is somewhat self-evident, as all of these are tools required to fulfill network security functions. On the other, it's potentially confusing in the choices of products/services highlighted. Few infrastructure entities will maintain internal resources dedicated to malware sandboxing, for example, with highly-skilled and -experienced providers of this specialized service so plentiful. Sensors monitoring for technology malfunctions are just the opposite; these are expected, even required, across the CNI spectrum.


Collaboration and joint development by cyber security firms and industrial control system (ICS) firms are bridging the IT-OT disconnect.

To the degree of accuracy in this statement, we should take heart at this news. As stated above, the race between defenders and attackers of CNI has seen the white hats losing ground for a long time, and the rate of technological change guarantees this cannot be reversed by additional resource allocation alone. Without developing new tools and techniques, there aren't enough security practitioners available to overcome the problem of expanding attack surfaces.


Enactment of legislation and standards specific to CNI will be a main driver of cyber security spending, especially in developed countries in North America and Europe.

There are no surprises in this finding, however much we might wish for it to be incorrect. For numerous reasons we could prefer positive action to be motivated by public interest, civic duty (we are talking about national critical infrastructure) or organizational self-preservation, but economics and corporate dynamics tend to externalize responsibility for these costs. This would be less negative if the speed of technological change remained slow and steady enough for authoring bodies to review, draw on expert guidance, and develop and adapt legislation/standards apace, but this is not the case. For all their needed role in pushing the ball forward, regulatory expertise and output are widely recognized as behind the game of driving practices sufficient to really secure the enterprise. The inescapable truth that they do provide a baseline must be taken as our motivator to support advancements in relevant legislation and standards bodies while simultaneously pursuing the growth of other cyber security drivers.