Full Report
The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations.
Analysis Summary
# Industry News: Kaspersky Launches ICS CERT to Institutionalize Industrial Cyber Intelligence
## Summary
Kaspersky Lab has officially launched its Industrial Control Systems Cyber Emergency Response Team (ICS CERT), initiating a series of recurring research publications dedicated to the industrial threat landscape. This move marks Kaspersky's strategic transition from a generalist AV vendor to a specialized provider of Operational Technology (OT) security intelligence.
## Key Details
- **Date:** March 28, 2017 (Initial Report Release)
- **Companies Involved:** Kaspersky Lab
- **Category:** Business Expansion / Market Intelligence Launch
## The Story
Recognizing the growing gap between Information Technology (IT) and Operational Technology (OT) security, Kaspersky Lab has established its own ICS CERT. This entity is designed to function as a collaborative hub for industrial enterprises, automation system vendors, and regulatory bodies.
The launch is centered around the release of their comprehensive 2016 H2 Threat Landscape report. By institutionalizing this research, Kaspersky is moving beyond ad-hoc malware analysis toward structured, longitudinal monitoring of threats targeting Supervisory Control and Data Acquisition (SCADA) systems and industrial automation components globally.
## Business Impact
### For the Companies Involved
- **Brand Elevation:** Kaspersky aligns itself with elite global entities (like SANS or government-run CERTs), enhancing its reputation as a sophisticated enterprise partner rather than just a consumer software vendor.
- **Data Acquisition:** Establishing a CERT allows for better telemetry and information sharing from industrial sectors that are traditionally opaque.
### For Competitors
- **Heightened Competition:** Traditional IT security firms (McAfee, Symantec) and pure-play OT security firms (Nozomi, Claroty) now face a more formidable competitor with deep research pockets.
- **Standardization Pressures:** Competitors will be pressured to provide similar levels of transparency and recurring reporting to retain customer trust.
### For Customers
- **Improved Threat Intelligence:** Industrial operators gain access to specialized data regarding vulnerabilities specific to PLCs, RTUs, and industrial protocols.
- **Risk Mitigation:** Customers of Kaspersky's industrial suite receive faster, more targeted updates based on CERT findings.
### For the Market
- **Market Formalization:** The entry of a major cybersecurity player into the formal "Industrial CERT" space signals the maturation of the ICS security market.
- **Shift to Intelligence-Led Security:** The market is moving away from purely reactive protection toward proactive, intelligence-driven defense strategies for critical infrastructure.
## Technical Implications
Kaspersky’s research highlights a shift in the nature of industrial threats. The report details the prevalence of "multi-purpose" malware entering industrial networks via business applications, as well as the rising risks of Internet-facing SCADA components. The technical focus is on the "air-gap" myth, proving that most industrial infections occur via traditional vectors like web browsing and removable media, rather than targeted "Stuxnet-style" attacks.
## Strategic Analysis
- **Market Positioning:** Kaspersky is positioning itself as the bridge between the factory floor and the C-suite, providing the data necessary for enterprise risk management.
- **Competitive Advantage:** Their global footprint (millions of sensors) provides a scale of telemetry that niche industrial security startups cannot match.
- **Challenges:** Geopolitical tensions and trust issues regarding Russian-headquartered firms in Western critical infrastructure remain a significant headwind for market penetration in certain regions.
## Industry Reactions
- **Analyst Opinions:** Analysts view this as a necessary move for Kaspersky to remain relevant as the "Internet of Things" (IoT) and "Industry 4.0" initiatives merge digital and physical assets.
- **Market Response:** Generally positive, as the industry lacks sufficient consolidated data on OT-specific cyber-attacks compared to IT-centric data.
## Future Outlook
- **Predictive Intelligence:** Expect future reports to utilize machine learning to predict industrial attack trends before they hit critical infrastructure.
- **Product Integration:** We anticipate Kaspersky will integrate these CERT findings directly into a broader "Industrial Cybersecurity" platform, combining endpoint protection, network monitoring, and threat intelligence feeds.
## For Security Professionals
Practitioners in the energy, manufacturing, and utility sectors should use these reports to benchmark their own internal telemetry. The findings emphasize that the greatest threat to ICS environments often comes from common IT malware that disrupts "non-critical" systems, which in turn causes operational downtime. Professionals should focus on securing the IT/OT boundary and strictly controlling removable media.