Networked technologies touch every corner of the globe and every facet of human life. They have driven innovation, nurtured freedoms, and spurred economic prosperity. Even so, the very technologies that enable these benefits offer new opportunities for malicious and unwanted cyber activities. Cyber-attacks are continuously growing in size and breadth, targeting organizations of all sizes across sectors, and telecom sector is no exception. According to PwC’s Global State of Information Security, 2016, IT security incidents in the telecoms sector increased 45% in 2015 compared to the year before.
The rising danger posed by cyberattacks on critical national infrastructure was evident again in May 2021, when a small group of hackers launched a ransomware attack on Colonial Pipeline, the United States’ largest pipeline network for delivery of refined petroleum products. Colonial shut down its main lines for five days, disrupting nearly half the fuel supply for the eastern part of the country. Worried drivers drained supplies in gas stations in the Southeast, airlines rerouted flights to airports with available fuel, traders were rocked by unexpected price volatility, and logistics companies scrambled to locate new sources of fuels. The implications are huge, A small group of hackers may have temporarily, and inadvertently, cut off energy flows to an important economic center, triggering real-world impact.
Earlier Cyberattacks on Critical infrastructure were thought to be carried by State agencies such as the Stuxnet attack on Iran’s nuclear facility. The targeted assets usually relied on analog operational technology and were relatively isolated from the internet. Gaining and maintaining access to such assets requires specialized tools, similar operational technology, reconnaissance capabilities, and even physical access to the site itself. Specialists assumed that only states possessed the diverse skills and resources required to develop such threats.
In recent years, however, business demands for remote visibility into industrial operations led to the convergence of IT and OT systems. The digital transformations that enabled sought-after business advantages, including remote access and predictive maintenance, created new vulnerabilities to cyberattacks. Now, less sophisticated attackers could prey on infrastructure assets.
Critical infrastructure protection market
Critical infrastructure protection (CIP) refers to a security solution used for safeguarding systems, assets and networks from potential threats. It consists of various solutions, such as firewalls, identity and access management, risk and compliance management, antiviruses, intrusion detection systems and encryption systems. These systems protect information related to power grids, railways, nuclear plants and hydro plants from cyberattacks that can threaten public safety, attack national security or cause environmental disasters. CIP solutions also use wireless technology, industrial control systems (ICS), operation technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems to expose additional security vulnerabilities.
The global critical infrastructure protection market size to projected to grow from USD 133.3 billion in 2021 to USD 157.1 billion by 2026, at a Compound Annual Growth Rate (CAGR) of 3.3% from 2021 to 2026. Increasing stringent government regulations to increase the adoption of CIP solutions, rising security breaches and attacks pose a threat to physical systems and growing need to secure OT networks to boost the growth of critical infrastructure protection market across the globe during the forecast period. Moreover, enhancing next-generation technologies and availability of wireless broadband in rural areas would provide lucrative opportunities for Critical infrastructure protection market vendors.
The increasing instances of security breaches and cyber-attacks that pose a threat to infrastructural development across the globe are among the key factors driving the growth of the market. Terrorism and natural disasters remain the biggest challenges for CIP. For example, in September 2019, Saudi Arabia suffered the deadliest attack on its oil facilities named Saudi Aramco. A small army of drones attacked two major oil plants in Abqaiq and Khura, destroying nearly 50% of the country’s global supply of crude oil.
The rising concerns for the security and safety of government information and the increasing trend of Bring-Your-Own-Devices (BYOD) across industries have enhanced the requirement for CIP systems. The rapidly expanding internet and interconnected network architecture have influenced federal and security organizations to safeguard cyberspace and minimize threat vulnerabilities. Additionally, various technological advancements, such as the advent of the Internet of Things (IoT), big data, cloud computing and artificial intelligence (AI) solutions, are acting as other growth-inducing factors. They offer scalable and cost-effective data security solutions, owing to which CIP solutions are widely being deployed. Other factors, including improvements in the information technology (IT) infrastructure, along with the increasing adoption of risk management services, are projected to drive the market further.
Disruptions in the electricity system, manufacturing, information technology, and transportation have a significant influence on a
country’s economic stability, national security, safety, and health. The requirement to protect a region’s key infrastructures, such as food and agriculture or transportation, is referred to as critical infrastructure protection (CIP). Every government in every country is responsible for safeguarding critical infrastructure against natural disasters, terrorist attacks, and, increasingly, cyber threats.
Government across regions also provides incentives to corporations, such as cybersecurity insurance, subsidies, and tax breaks, to encourage them to engage in critical infrastructure protection. As a result, some governments are implementing regulatory compliances to protect data from cyberattacks, increasing the adoption of CIP solutions. However, a lack of technically competent labor and knowledge of industrial control systems is a major impediment to the expansion of the critical infrastructure protection industry.
Several governments have enacted federal laws and regulations to develop cybersecurity requirements for critical infrastructure protection. President Donald Trump directed the Cyber Security and Infrastructure Security Agency (CISA) to discover weaknesses in the country’s critical infrastructure on November 16, 2018.
The Australian Critical Infrastructure Act 2018 maintains a register of critical infrastructure assets to manage risks associated with Australia’s critical infrastructure in collaboration with the government, regulators, and critical infrastructure operators. Governments around the world have established regulations and associations, such as the US DHS, the Department of Defence Information Assurance Certification and Accreditation Process (DIACAP), the North American Electric Reliability Council (NERC), the European Programme for Critical Infrastructure Protection (EPCIP), and the European Commission’s Critical Infrastructure Warning Information Network (CIWIN).
The CISA recently launched 55 important functions to control physical damages, disrupted operations, and intellectual property violations. To build secure infrastructure systems, the Department of Homeland Security (DHS) has collaborated with business sector partners.
The effectiveness of critical infrastructure security projects is dependent on the formation of strong and meaningful collaborations between governments and private parties. The US government also maintains tight ties with private sector corporations, as private enterprises own and run 85 percent of essential infrastructure.
Public Safety Canada, a cybersecurity group, has worked with key stakeholders to improve the security and resilience of important assets such as food supply, energy and utilities, public safety systems, and information and communications technology (ICT). The solutions utilised to manage and implement these projects are equally critical to success. Public Safety Canada’s National Strategy and Action Plan to maintain and enforce reliability requirements and national security across the country’s critical infrastructure. These organisations contribute to the increased security and resilience of physical and cyber infrastructure.
It is also crucial to understand the hazards that could jeopardise the integrity of critical infrastructure systems. When we think of system or network security, we usually always think of hacker or terrorist threats, but there are other threats to consider, such as equipment failure, human error, and natural causes. It is not an easy undertaking to safeguard the country’s most vital services. It necessitates ongoing collaboration and cooperation among relevant agencies and departments, as well as the constant implementation of enhanced CIP technology and processes. As essential industrial systems evolve and become increasingly networked, it is encouraging to know that you have a quick, adaptable, and reliable solution available to combat the new threats to your systems and maintain the integrity of your critical operations.
From energy corporations to transportation firms, it is vital that security in all critical infrastructure sectors is of the highest calibre and that catastrophe preparedness, response, and recovery are top objectives. Industrial Control Systems (ICS), Operation Technology (OT), and SCADA Systems are examples of vital infrastructure components that require security considerations. The world is evolving, and digital and physical systems are becoming more integrated. Systems that used to manage critical infrastructure activities on their own are now connecting to the internet and sharing sensitive data. This new world structure introduces new security issues.
The Global Critical Infrastructure Protection Market is segmented based Component, Solution, Vertical, and Region.
The market is divided into two components: Security Technologies and Services. The operational technology (OT) security section is predicted to maintain its market dominance during the forecast period, with a revenue share. The increased adoption of cybersecurity solutions in SCADA systems, industrial control systems, and other operational technology systems can be attributed to the segment’s rise.
Critical infrastructure protection Market, By Solution
• Physical Safety and Security
o Physical Identity and Access Control Systems
o Perimeter Intrusion Detection Systems
o Video Surveillance Systems
o Screening and Scanning
o Network Access Controls and Firewalls
o Physical safety and security will have the largest market size by solution over the forecast period, Threat Intelligence
o Other Cybersecurity Solutions
Physical safety and security will have the largest market size by solution over the forecast period. Physical safety and security is the protection of physical assets, such as hardware, programs, premises, and personal data, from physical threats. Ignoring these threats can lead to serious damages or losses to owners and users. Any critical infrastructure requires multiple physical barriers to ensure physical protection.
Ignoring these hazards might result in significant damage or loss to owners and users. To ensure physical protection, every important infrastructure necessitates the use of several physical barriers. Therefore, enterprises need to think beyond traditional perimeter security, clearly define security perimeters, and protect secured areas with entry controls to ensure authorized personnel entry.
Physical safety and security systems, perimeter intruder systems (RADARs and sensors), video surveillance systems, screening and scanning, and other systems are included in the physical safety and security section (facility management systems, emergency response, and disaster management) Secure and robust security systems such as high-quality video surveillance systems and perimeter security systems are integrated in premises to monitor ongoing activities in and around the premises. Crowds in public places and businesses can be monitored using video surveillance devices and video analytics software. Increased adoption of video surveillance enabled by face recognition technology has been noted in a variety of application domains, including border control, law enforcement, government, and public utilities.
With the inception of video analytics as well as technologies, such as thermal cameras and biometric authentication, video surveillance has improved drastically. Some systems now use micro waves and radio waves to create perimeters that can alert security teams about threats. Video surveillance devices supported by video analytics software help monitor crowds in public areas and enterprises.
Critical infrastructure protection Market, By Vertical
• Financial Institutions
• Commercial Sector
• Transport and Logistics
• Energy and Power
• Chemical and Manufacturing
• Other Verticals
In vertical, commercial sector to grow at the highest CAGR during the forecast period
The commercial sector includes sensitive areas, such as hospitals, stadiums, theatres, auditoriums, malls, offices, and holy places. Protecting these facilities becomes extremely important for countries’ security and economy. People are present in huge numbers in these places. Even with the deployment of CCTV cameras as well as checking passes of people entering premises is followed, it is still not sufficient to ensure proper security. A minor neglect can result in huge losses. For example, on 25th March 2020, Islamic jihadist suicide bombers and assailants armed with guns attacked Gurudwara Har Rai Sahib (Sikh shrine) in Kabul, Afghanistan, resulting in the death of 25 people and leaving many wounded. These challenging environments need to be secured by deploying the right technology and providing the best possible information to decision makers. These critical infrastructures typically cover large areas, and thus, the need to achieve full coverage and better operational efficiencies drives the growth of this vertical.
Critical Infrastructure Protection Market, By Geography
• North America
• Asia Pacific
• Rest of the World
North America to hold the largest market size during the forecast period
The North American region consists of developed countries that are technologically advanced with well-developed infrastructures. Being the strongest economies in North America, the US and Canada are the top contributing countries to the North American CIP market. North America is the most advanced and adaptable region in terms of the adoption of security infrastructure and technological development.
The North American region comprises the country-wise analysis of the US and Canada. Public-Private Partnerships (PPPs) and international collaborations have led to effective critical infrastructure security and resilience in the region. As per the Department of Homeland Security (DHS), 85% of the US’ critical infrastructures such as oil and gas, banking and finance, transportation, utilities, electric power grids, and defense are owned by the private sector and the rest is regulated by the public sector. The National Infrastructure Protection Plan (NIPP) enables state, regional, federal, local, and international governments to work within and with their private partners for a networked community to maintain effective risk management and security of the region’s critical infrastructure. For example, the energy and power grid sector in the region requires public, private, and regulatory co-operation among DHS, Department of Energy (DOE), and the Department of Defense (DOD) for protecting their Operational Technology (OT) systems from cyber threats. International co-operation among Public Safety (PS) Canada and the US DHS has facilitated real-time collaborations for critical infrastructure cybersecurity issues.
The North American Electric Reliability Council (NERC) and Canadian Electricity Association (CEA) seek to safeguard critical infrastructures from both physical and cyber threats. The NERC is a not-for-profit regulatory authority to protect the North American bulk electric power system. On 5th March 2019, North America experienced the first ever attack on the country’s power grid. The interrupted Distributed Denial of Service (DDoS) attack hampered the utility and reliability of grids. Therefore, it is necessary to regulate and monitor industrial infrastructures, and perform risk assessments for analyzing potential vulnerabilities in the critical infrastructure system.
Major vendors in the global Critical infrastructure protection market include BAE Systems (UK), Lockheed Martin (US), General Dynamics (US), Northrop Grumman (US), Honeywell (US), Airbus (France), Raytheon (US), Thales (France), Hexagon AB (Sweden), Johnson Controls (US), Huawei (China), Optasense (England), Teltronic (Spain), Motorola Solutions (US), Axis Communications (Sweden), Waterfall Security Solutions (Israel), Rolta (India), SCADAfence (Israel), Tyco International (Ireland), and 3xLogic (US), Sightlogic(US), Accritical Infrastructure Protectioniter Radar (US), etc.
References and Resources also include: