世界のOTサイバーセキュリティ産業の分析 (2022年)

IT/OTサイバーセキュリティは、プロセス制御に使用される運用技術（OT）の保護を意味します。低価格モデルではレベル0～3の産業オペレーションの保護に関係しますが、実際には主にプロセス制御レベル、ローカル制御室、DMZに関係します。

OTサイバーセキュリティの分野はいま、大きな変革期を迎えています。オペレーター各社は、業務運営の接続性と自動化の進展、および従来は隔絶されていたシステムをインターネットに公開する関連リスクに対応して、セキュリティ運用を変革しています。この結果、資産所有者はサイバーセキュリティ支出のうちOTの保護への割合を増やしており、2019年には産業用サイバーセキュリティ支出全体の17%だったのが、2027年には22%に増加する見通しです。

当レポートでは、世界のOTサイバーセキュリティ産業について分析し、業界の基本構造や昨今の主な動向、主な市場促進・抑制要因、市場規模 (支出額) の動向見通し、地域別・業種別の詳細動向、業界全体のエコシステム、といった情報を取りまとめてお届けいたします。

目次

コンテンツ

プロジェクトの定義

市場の概要

業界分析

技術のライフサイクル

• OTネットワーク保護
• ネットワーキング
• ゼロトラスト
• リスク・脆弱性の管理
• 脅威の検出
• 高度な脅威からの保護
• SOC（SIEM・SOAR）
• リモートアクセス管理
• 脅威インテリジェンス
• マネージドセキュリティサービス
• 専門セキュリティサービス

市場支出

• OTおよびIT/OT支出の製品
• OTおよびIT/OT支出の管理セキュリティサービス
• OTおよびIT/OT支出のセキュリティサービス
• IT/OT支出：製品種類別

地域分析

• アフリカの市場規模と予測
• アジア太平洋市場の規模と予測
• 中央アジアの市場規模と予測
• 欧州の市場規模と予測
• ラテンアメリカの市場規模と予測
• 中東の市場規模と予測
• 北米の市場規模と予測

業種別の市場分析

• 食品・飲料の市場規模と予測
• 自動車の市場規模と予測
• 医薬品の市場規模と予測
• ディスクリート製造の市場規模と予測
• 鉄道の市場規模と予測
• 海運・ロジスティクスの市場規模と予測
• エネルギーの市場規模と予測
• 上下水道の市場規模と予測
• 石油・ガスの市場規模と予測
• 化学・石油化学・その他の市場規模と予測

エコシステム分析

IT/OTセキュリティプラットフォームのナビゲーター

• Cisco
• Fortinet
• Belden (including Tripwire)
• Dragos
• Forescout
• OPSWAT
• SCADAFence
• Tenable
• Check Point Software
• Claroty
• Kaspersky
• Nozomi Networks
• Palo Alto Networks
• Radiflow
• Trend Micro
• Verve Industrial Protection

専門/マネージド・セキュリティサービスのナビゲーター

• Accenture
• Deloitte
• EY
• Honeywell
• IBM
• PwC
• Rockwell Automation
• Siemens Digital Industries
• Thales
• BT
• Fujitsu
• Telekom Security
• ATOS
• CapGemini
• Orange Cyberdefense
• Jacobs
• KPMG

代替シナリオ

付録

Report Summary:

IT/OT cybersecurity is the protection of Operational Technology (OT) used for process control. In the Purdue Model this relates to the protection of industrial operations at Levels 0-3, but in practice relates primarily to the process control level, the local control room and DMZ.

Cybersecurity investment tracks with industrial transformation

The sector is going through a period of significant change. Industrial Operators are transforming security operations in response to the increasing connectivity and automation of industrial operations, and the associated risk of exposing previously air-gapped systems to the internet. This has resulted in asset owners allocating a higher percentage of cybersecurity expenditure on the protection of OT, growing from 17% of total industrial cybersecurity expenditure in 2019, to 22% by 2027.

Investment drivers include the increasing digitalisation of operations, the current threat landscape, and changing regulatory conditions.

• Digital Transformation is a strong driver of cybersecurity investment. High technology industries, including semiconductor manufacturing and some automotive operations, are characterised by high levels of automation and advanced cybersecurity programs. Other industries are modernising, and as the adoption of digital twins, edge computing and AR/VR becomes more widespread, cybersecurity investment will increase. 5G and the Industrial Internet of Things (IIoT) will have a significant impact on industrial operations by the end of the decade, greatly increasing connectivity and the interdependencies between industries and supply chains.

• Threat & Vulnerabilities. There is a significant amount of intelligence that points to a high and persistent threat to critical infrastructure and global manufacturing operations. Researchers identified new threat groups in 2021 whilst asset owners' perception of the threat increased as ransomware attacks escalated. The number of known vulnerabilities has also grown significantly in recent years with more than twice as many published in 2021 than 2020. Increasing knowledge of the threat, and a better understanding of the risk, has resulted in greater investment in cybersecurity. Nevertheless, many security programs are still at the early stages of implementation and as threats evolve, asset owners will need to adapt.

• Recent Security Incidents have raised awareness amongst executives of the consequences of an attack on operations and business performance. Colonial Pipeline (Oil & Gas) and JBS (Food & Beverage) resulted in financial loss, operational disruption including to both supply chains and customers, and reputational damage. Headline hitting security incidents often lead to peers reviewing their own risk strategy, leading to investment in cybersecurity programs. A reduction in security incidents is not expected in the near term and the resulting headlines will encourage executives to continue to modernise.

• Regulation is strengthening internationally, nationally and in vertical markets. The EU NIS2 Directive expands the coverage of the existing regulation and aims to increase regulatory powers to drive compliance. There is also a trend towards the tightening of National Laws, for example the German IT Security Act 2.0, mandating the use of technologies and services to protect national infrastructure and other critical industries. Finally, vertical market specific regulations and standards will influence cybersecurity programs. For example, UNECE WP.29 forms part of a process to improve automotive resilience which requires each OEM to implement a Cybersecurity Management System to be operational by mid-2022. This will be rolled out to Tier 1,2 and 3 vendors who will need to show compliance at later dates. The result of UNECE WP.29 will be an end-to-end approach to security, ensuring that risk is understood, controls are implemented, and threats actively monitored across the automotive supply chain. Westlands Advisory expects greater use of threat detection, improved implementation of OT best practices and a greater focus on Software Bill of Materials (SBOM).

Security destination might be known but getting there is not easy

Despite growing investment, cybersecurity maturity is still low when measured against the most often implemented standards.

The NIST Cyber Security Framework (CSF) is the most widely quoted standard followed by IEC 62443 and CIS Controls. NIST CSF maps key security requirements to five functions; Identify, Protect, Detect, Respond, Recover. This requires asset operators to move from an over-reliance on protective technologies to adopting a cybersecurity strategy based on operational resilience. This in effect requires organisations to identity and manage assets, segment networks, and to be able to detect and respond to threats quickly to minimise the impact of a cybersecurity incident.

However, it is not always possible for risk leaders to secure the funding. Boards still view cybersecurity as a cost rather than an enabler of change and therefore many security programs will evolve over several budget cycles. Westlands Advisory interviews with operators and service providers discovered that many asset owners are managing a variety of firewall brands, using different policies and configurations, and that the immediate priority is to establish common policies and network segmentation. Whilst the early adopters have implemented asset management and threat detection processes, most asset owners are somewhere between the start of their security program and midway through updating and implementing basic security controls to achieve a strong and consistent baseline across their infrastructure.

Organisational structures and priorities in large, diversified operations also act as a barrier. The OT engineer's priority of safety, reliability and availability of operational systems does not always align well with cybersecurity policies and processes, requiring common Governance, Risk and Compliance policy across the business. In large, complex organisations, alignment takes time.

An era of investment, technology innovation and partnerships

Although investment and implementation challenges can be significant barriers to change, the IT/OT cybersecurity industry is currently going through a period of heightened private investment, innovation and ecosystem development. Notable themes include;

• An increase in the number of vendors providing IT/OT Security Platforms with an expanding range of technology use-cases and integrations.

• Managed Service provider investment in OT Security Operations Centres to compliment IT SOC/NOCs, delivering OT network visibility, monitoring and threat detection with incident response support.

• The development of OT Security Innovation Centres by service providers, with digital twins and simulations to test new products, systems and services.

• High investment in Risk Management and Scoring, providing end-users with the tools to quantify and prioritise operational risk.

• Increasing levels of Security Automation and Orchestration related to compliance, zero trust, Software Bill of Materials (SBOM) and security operations.

The future direction is clear but the path uncertain

Investment in cybersecurity will increase across the NIST CSF's Identify, Protect, Detect, Respond & Recover categories. Westlands Advisory expects that by 2027 the majority of industrial operators will have moved from a protective only security posture to proactively identifying security threats. There will be greater integration between IT security operations and OT, with specialist teams working collaboratively across either the on-prem or remotely managed Security Operations Centre. There will also be a step change in supply chain resilience, with more mature security approaches to third party access of machines. All of this is known.

What we don't yet know is how the course might change over the next 5 years due to either known or unknown events. COVID-19 highlighted that a single event can have a significant impact on global systems, resulting in changes to cybersecurity policy, strategy and investment. COVID-19 accelerated the remote access trend, bringing forward expenditure on zero trust technologies that resulted in a range of new products. In the next 5 years it remains uncertain how other events may impact OT cybersecurity investment. Some of these include;

• To what extent will current geopolitics increase the cyber threat and how will this change CISO's expenditure plans?

• Will trade patterns continue to shift leading to significant regional differences in cybersecurity ecosystems?

• How will changes to industrial insurance policy impact investment on cybersecurity programs?

• How will cybersecurity regulation evolve across countries and industries, and how strongly will it be enforced?

• What will be the future status of the sovereign cloud and implications for processing industrial data?

• How quickly will 5G impact manufacturing?

These are a few of the bigger picture questions to consider when evaluating the future of OT cybersecurity.

Table of Contents

Contents

Project Definitions

Market Summary

Industry Analysis

Technology Lifecycle

• OT Network Protection
• Networking
• Zero Trust
• Risk & Vulnerability Management
• Threat Detection
• Advanced Threat Protection
• SOC (SIEM & SOAR)
• Remote Access Management
• Threat Intelligence
• Managed Security Services
• Professional Security Services

Market Expenditure

• OT & IT/OT Expenditure Product
• OT & IT/OT Expenditure Managed Security Service
• OT & IT/OT Expenditure Security Services
• IT/OT Expenditure by Product Type

Regional Analysis

• Africa Market Size & Forecast
• Asia Pacific Market Size & Forecast
• Central Asia Market Size & Forecast
• Europe Market Size & Forecast
• Latin America Market Size & Forecast
• Middle East Market Size & Forecast
• North America Market Size & Forecast

Vertical Market Analysis

• Food & Beverage Market Size & Forecast
• Automotive Market Size & Forecast
• Pharmaceutical Market Size & Forecast
• Discrete Manufacturing Market Size & Forecast
• Rail Market Size & Forecast
• Maritime & Logistics Market Size & Forecast
• Energy Market Size & Forecast
• Water & Wastewater Market Size & Forecast
• Oil & Gas Market Size & Forecast
• Chemicals, Petrochemicals and Other Market Size & Forecast

Ecosystem Analysis

IT/OT Security Platform Navigator

• Cisco
• Fortinet
• Belden (including Tripwire)
• Dragos
• Forescout
• OPSWAT
• SCADAFence
• Tenable
• Check Point Software
• Claroty
• Kaspersky
• Nozomi Networks
• Palo Alto Networks
• Radiflow
• Trend Micro
• Verve Industrial Protection

Professional & Managed Security Services Navigator

• Accenture
• Deloitte
• EY
• Honeywell
• IBM
• PwC
• Rockwell Automation
• Siemens Digital Industries
• Thales
• BT
• Fujitsu
• Telekom Security
• ATOS
• CapGemini
• Orange Cyberdefense
• Jacobs
• KPMG

Alternative Scenarios

Appendix