Integrating Security, Compliance, Change
Industrial Defender, a global leader in security and compliance management for automation systems, in conjunction with Pike Research, a leading clean-technology market research and consulting firm, recently announced the publication of a new research report on the automation systems market.
Entitled Convergence in Automation Systems Protection, the report was authored by Pike Research senior analyst Bob Lockhart, and was sponsored by Industrial Defender. It examines the changing dynamics in the automation systems market, including technology, regulatory and business trends. The report also shows how these market developments are driving demand among critical infrastructure operators for new integrated approaches to monitoring, managing and protecting their automation systems.
One key factor cited in the report is growing control system complexity. Since most automation environments were developed over decades without a master plan, they now contain heterogeneous systems that are difficult to manage. Another factor is resource constraints; with today’s business conditions, operators are being asked to do more with less. A third major market driver is the exponential growth of intelligent devices deployed in automation environments. These networked and IP-enabled devices are creating management requirements with which operators have limited experience.
The report discusses how these and other trends are motivating operators of automation environments, such as industrial control systems (ICS), to seek new, more efficient ways to monitor, manage and protect their critical systems. It underscores the fact that, with all the changes occurring in their environments, operators need technology and tools that enable them to achieve a more integrated and intelligent approach to security, compliance and change management.
“In researching this report, we saw two main themes clearly emerging in the market,” said Lockhart. “First is a growing recognition among ICS professionals of overlaps in the processes, data and technology required to monitor, manage and secure today’s automation environment. The second theme is that significant workload and expense reductions can be achieved by taking an integrated approach to these presently separate functions and processes.
“ICS managers can benefit from unified solutions that process this cross-functional complexity within the systems themselves, insulating users from the inherent complexity.”
“Just as we’ve seen in many other markets, there’s an evolution occurring in automation systems,” said Brian Ahern, president and CEO of Industrial Defender. “The first generation brought us point products that offered in-depth capabilities for solving problems in a single functional area.
“Now customers want smarter solutions that can straddle several key areas, and leverage data and intelligence across those areas in a unified view. In our view, it’s a natural progression toward more efficient change management. Companies that embrace it will gain real competitive advantages.”
Additional key findings in the report include the following:
- Cyber security. New technologies are providing operators with real-time visibility into their industrial control systems, and more proactive ways to maintain and optimize those systems. But these advances come with operating systems, applications and hardware that have vulnerabilities that did not exist in earlier systems. As a result, automation systems now need the same levels of management and security that have been seen in enterprise networks for the past two decades.
- Governance and regulatory compliance. Many companies now must document their compliance with regulatory requirements, such as the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) standards. Additionally, companies have their own internal compliance and performance requirements that must be adhered to. To efficiently meet external and internal requirements, while minimizing administrative burdens, compliance systems must become more automated.
- Control system operations. Control networks are typically large and complex, as are the technologies used to automate them. Growing numbers of point solutions in these environments make them more complex. To increase efficiency, operators need to integrate their disparate systems. But these integration projects are often costly and time consuming. They also require the attention of key staff people who could otherwise be focused on other initiatives more strategic to the organization.
Solution: Integrate Three Key Functions
As companies pursue service and performance improvements, such as gaining greater visibility into control networks to prevent outages, they find commonalities across security, compliance and change management functions. Many of these overlapping tasks and data requirements can be reduced to a single set of actions that need to be done only once.
To gain this efficiency, operations can deploy solutions that tightly integrate security, compliance and change management functions on a single platform.