The new online conference circuit has been in full swing over the last few months and it has been encouraging to see how event firms have innovated to deliver high quality content online whilst keeping the audience engaged. Cyber Senate’s 7th ICS conference delivered on all levels, including deep insights from top industry executives and lots of interactivity. Below are a few of the highlights from the show and other informal briefings WA attended throughout October and November.
Cyber Security industry results have held strong in the face of the current COVID-19 driven recession, with leading vendors maintaining strong double-digit growth due to the increased demand for secure remote working and the acceleration of cloud initiatives. Speaking to several CISO’s responsible for national infrastructure it is clear that some organisations have brought forward technology plans by 2-3 years to deal with the challenge of keeping operations running safely with only a skeleton onsite staff. Whilst not all CISO’s have increased spending, Westlands Advisory’s analysis of security vendor performance in the first half of 2020 highlights the continued growth of cyber investment.
Safe and secure implementation of IIoT continues to attract significant discussion as CISO’s wrestle with how to deliver on asset optimisation without increasing risk. The stepping-stone to IIoT for a number of businesses has been the growth of remote asset monitoring which is the one-way transfer of ICS data to a remote monitoring centre. The rate at which IIoT will develop is to some extent industry dependent, with those industries that are heavily regulated, safety orientated, and mandated to keep data locally, most likely to be the last to transition all industrial operations to the cloud.
Managed Security Services across critical national infrastructure continues to evolve as customer risk and attitudes to using third party service providers changes. Whilst there is no doubt that the use of MSSP’s has grown, there are also counter trends resulting in CISO’s bringing some services back in house to retain greater control of the security operation. One leading energy utility highlighted an ongoing initiative to build their own cloud security platform so that they are free to integrate best-in-breed technologies, rather than being reliant on a vendor providing multiple tools. This runs counter to popular opinion that customers want a one stop solution for all of their security needs. Whilst this is certainly true for SME’s, it is not the case for large, complex organisations.
Security by Design was a welcome discussion topic throughout our discussions. Whilst DevSecOps is well developed in large enterprises, it has not matured as quickly in utilities and across operators of essential services. This appears to be changing and there were several encouraging presentations that highlighted the impact that a slick DevSecOps operation can have on the security of new technology initiatives.
The Cyber Senate is running a further set of virtual, and hopefully physical events, in early 2021. Visit https://www.cybersenate.com/ for further information. If you’d like to discuss any of the above trends in more detail contact WA directly.