ABI Research: Industrial Environments Are 10–15 Years Behind in Cybersecurity Despite Regulatory Push for Secure Hardware
Deployment of Secure ICS Within OT Environments Remains Limited
Integrating security into industrial control systems (ICS) is a crucial next step in creating next-generation industrial environments that are cyber resilient. However, the pace of adoption in terms of embedded security is painfully slow, according to global technology intelligence firm ABI Research. Despite growing regulatory pressure and an ever-expanding threat landscape targeting industrial networks, the deployment of secure ICS within OT environments remains limited.
“Unfortunately, industrial environments are 10–15 years behind IT in terms of cybersecurity maturity. Embedding secure hardware is last on the long list of priorities for industrial organisations. Deploying secure ICS is a lengthy and costly process, making network-level solutions a more practical short-term approach. They don’t require immediate hardware changes and can allow industrial organisations to hit their current compliance requirements,” says Michela Menting, Senior Research Director at ABI Research.
However, with increasing regulation and standards in industrial security pushing for trusted hardware and software components in ICS through secure-by-design application, software bill of materials requirements and supply chain accountability are set to drive the embedded security market in the longer term.
Primarily, movement towards integrated security will be defined by the long lifespan of ICS. As legacy equipment is replaced, newer devices with better capabilities to support digital security functionalities will be in demand. These will be served by the secure microcontroller market, with functionalities such as hardware roots of trust, secure boot, trusted execution environments, secure communication, and others.
ABI Research Identifies Industrial ICS ‘Heavyweights’
Industrial ICS heavyweights like Siemens, Bachmann and HMS already offer a range of security functionalities at the hardware level, from implementing secure-by-design methodologies to securing the software layers of their hardware assets. Others like industrial software tooling provider Veridify Security are already focused on developing post-quantum protocol support, while innovative startups such as RDDL (integrating blockchain technology into physical assets like microgrids) have partnered with secure element provider Tropic Square to embed trust into the hardware.
These are a few of the forward-looking, security-focused vendors looking to address the slowly unfurling demand for integrated security in industrial environments. Embedding trust in ICS and connectivity will create more secure OT environments and provide a more solid foundation for zero-trust architectures.
These findings are from ABI Research’s Industrial Control Systems: Integrating Embedded Secure Hardware report. This report is part of the company’s Trusted Devices Solutions research service, which includes research, data, and ABI Insights.
