Full Report
2017 was one of the most eventful years in terms of information security incidents affecting industrial systems, and it changed the way industrial companies think about protecting key operational technology systems.
Analysis Summary
# Industry News: 2017 Pivot Point: The Evolution of Industrial & IoT Security Horizons
## Summary
The year 2017 marked a paradigm shift in Industrial Control Systems (ICS) security, transitioning from theoretical risks to tangible global disruptions. This retrospective and forecast highlight how high-profile incidents like WannaCry and NotPetya forced industrial enterprises to move beyond air-gap myths and prioritize the convergence of IT and Operational Technology (OT) security.
## Key Details
- **Date:** November 30, 2017
- **Companies Involved:** Kaspersky ICS CERT (Primary Analyst), Industrial Enterprises globally.
- **Category:** Market Analysis and Security Predictions.
## The Story
The narrative of industrial security changed fundamentally in 2017. Previously, industrial companies treated cybersecurity as a secondary concern, relying on the physical isolation of systems (air-gapping). However, the massive scale of ransomware outbreaks and targeted attacks on critical infrastructure proved that industrial networks are no longer isolated. The "Story" of 2018 is defined by the tailwinds of these events, resulting in a forecasted surge in demand for specialized OT security services, the rise of IoT-specific malware, and a shift in how C-level executives view industrial risk—no longer as an IT problem, but as a core business continuity risk.
## Business Impact
### For the Companies Involved
- **Kaspersky and OT Vendors:** Increased demand for specialized ICS-CERT services, threat intelligence, and auditing. Firms are repositioning from "software sellers" to "strategic risk partners."
### For Competitors
- **Traditional IT Security Firms:** They face a "knowledge gap" barrier. Competitors must either acquire OT-specific talent or risk losing market share to specialized industrial security players who understand PLC and SCADA protocols.
### For Customers
- **Industrial Enterprises:** CAPEX/OPEX shifts. Money is being diverted from traditional maintenance to cybersecurity upgrades. Customers are demanding that OEMs (Original Equipment Manufacturers) build security into industrial hardware from the factory floor.
### For the Market
- **Market Resilience:** The market is maturing from reactive "cleanup" to proactive "governance." There is a significant uptick in the cyber insurance market for industrial risks.
## Technical Implications
The primary technical shift is the **dissolution of the air-gap**. As IIoT (Industrial Internet of Things) devices proliferate, the attack surface expands exponentially. Technical focus is shifting toward "passive monitoring" (to avoid disrupting sensitive industrial processes) and the hardening of industrial protocols that were originally designed without security authentication.
## Strategic Analysis
- **Market Positioning:** Companies that can bridge the gap between "Hardened OT" and "Agile IT" will lead the market.
- **Competitive Advantage:** Early adopters who integrate security into their digital transformation (Industry 4.0) initiatives will avoid the costly retrofitting that laggards will face.
- **Challenges:** A severe shortage of "bilingual" experts who understand both cybersecurity and industrial engineering.
## Industry Reactions
- **Analyst Opinions:** Analysts agree that 2017 was the "death of the air-gap myth."
- **Market Response:** Regulatory bodies (like those overseeing NERC CIP or NIS Directive) are tightening requirements, forcing compliance-driven spending in sectors previously left to their own devices.
## Future Outlook
- **Predictions:** Expect a rise in "Ransomware-as-a-Service" targeting industrial uptime rather than just data. IoT botnets will likely be used for large-scale economic sabotage rather than just DDoS attacks.
- **What to Watch For:** The emergence of state-sponsored "stealth" persistence in power grids and water systems that may lay dormant for years.
## For Security Professionals
Practitioners must move away from "blocking" mentalities and toward "visibility and resilience." Understanding the physical impact of a cyber incident (e.g., pressure changes, temperature fluctuations) is now as important as understanding packet captures. Professionals should seek certifications that bridge the IT/OT divide, such as GICSP.