While the growth of the OT security market in India might mean more moolahs for the vendors, it also emphasizes the vulnerabilities of critical public infrastructure. Rajneesh De of APAC News Network explores …
In recent years the OT landscape has witnessed a tremendous transformation with the convergence of IT and OT systems opening up new avenues for efficiency and innovation. However this convergence has also led to unprecedented cybersecurity challenges as OT environments become increasingly interconnected and exposed to cyber threats.
Historically, isolated from the conventional IT networks, OT networks are now vulnerable to various cyber threats including malware, ransomware, phishing attacks and targeted cyber-physical assaults. This esacalating threat landscape targeting the OT systems and critical infrastructure are today driving the OT security market.
Tracking the Numbers & the Industry
The Indian OT security market is currently pegged at Rs 9,462 crore in 2024 and is expected to touch Rs 14,258 crore by 2029 at a CAGR of 7.11%. Contrast this with the global numbers and it’s evident that India still lags behind. The OT security market worldover is expected to grow from $17.9 billion in 2024 to $38.2 billion by 2028 at a CAGR of 16.3% over this time period.
No wonder that almost all the cybersecurity vendors are today keen on the OT security front. The ecosystem would include the likes of Fortinet, Sophos, Palo Alto, Cisco, Juniper, Forcepoint (next-gen firewall systems), Kaspersky, McAfee, Trend Micro (antimalware), Qualys, ServiceNow (asset management), Splunk, Hadoop (network traffic analyzer)Securonix, LogRhythm (SIEM) among others.
This is one challenge though that needs closer co-operation from both industry players as well as enterprises operating their production environments. Especially those enterprises involved in critical power infrastructure like power utilities & dscoms, oil utilities, railways amongst others are particularly vulnerable and facing the OT heat.
As per a state of OT security report in India conducted by Palo Alto Networks, the situation is quite alarming in India. In fact, the growth of the OT security solution market only reconfirms the growing OT vulnerabilities of Indian enterprises. India faced four cyber attacks daily last year, challenging industrial invulnerability due to air-gapped systems and legacy technologies, with 75% enterprises reporting attacks and 63% experiencing them weekly.
No wonder cyber attacks in India caused significant disruptions, with 24.4% halting operations due to intrusions. Despite concerns, only 27% enterprises prioritize OT cybersecurity, while 75% expect regulatory pressures to rise. Nevertheless, adoption of AI in OT security remains low, with only 31% enterprises formulating strategies despite 72% of them recognizing AI-enabled attacks as critical. A future AI-enabled SOC is crucial for 63% of enterprises.
Vulnerabilities of Enterprises in Critical Public Infrastructure
The OT and IT teams of Indian enterprises face collaboration challenges, with 28% of them experiencing friction, hindering unified cybersecurity efforts despite the need for coordinated response s to threats.
“While it is commendable to witness industrial operators prioritizing cybersecurity, relying on fragmented approaches won’t suffice. Shockingly, 75% of attacks in India stem from vulnerabilities within their internal IT systems. Without bridging the gap between IT and OT, even the most robust cybersecurity strategies and investments will fall short,” warns Anil Valluri, MD & VP, Palo Alto Networks India.
OT security involves network segmentation, access control, intrusion detection, and incident response planning. While earlier the focus was more on the IT systems, recently OT security has assumed critical proportions with industrial control systems getting connected to the Internet and other networks.
“This has increased the risk of cyber-attacks that could potentially disrupt critical infrastructure and cause widespread damage. This has led to a growing focus on improving OT security,” believes Manish Grover, Executive Director (Strategic IS & IS), Indian Oil Corporation.
With most enterprises now adopting cloud-based solutions, they are often collecting and analyzing security data from several OT & IT systems. Cloud-based SIEM solutions help enterprises respond to security incidents more quickly and effectively. These multiple benefits offered by cloud-based OT security solutions are boosting their demand in the Indian market.
Jaydeep Singh, GM—India, Kaspersky gives one such industry example of the Kaspersky Industrial Cyber Security (KICS) platform that helps both IT and OT infrastructure to adopt a mature cybersecurity infrastructure. “KICS platform helps to pre-empt the threats and vulnerabilities, enforce policies and controls that neutralise threats, respond quickly to threat incidents and manage complex IT infrastructure from security standpoint,” he remarks.
Some of the key digital capabilities that can be leveraged for OT security include cybersecurity analytics, IIoT and secure communication protocols. Sunil Sharma, VP-Sales, Sophos India & SAARC feels that digital capabilities can enable the development of advanced analytics tools that identify and analyze potential cyber threats in OT systems. These tools can use ML algorithms to detect anomalous behavior and identify potential security breaches in advance.
The number of industrial devices connected beyond their network boundaries is rapidly increasing, and CISOs now face skyrocketing risks across their OT environments. To solve this challenge, enterprises need an integrated security approach designed specifically for industrial solutions that enables policy enforcement across the entire attack surface, consolidates point products, and reduces operational overhead. “We understand that OT differs significantly from traditional IT systems, and that is why our OT Security Platform was purpose-built to provide integrated protection and risk management specific to industrial environments,” asserts Vivek Srivastava, Country Manager—India & SAARC, Fortinet.
End user adoption is a critical factor in the success of any OT security solution. The OT security solution needs to be as user-friendly as possible. One must provide clear and concise instructions, intuitive interfaces, and training materials to help end users understand how to use the solution. The enterprises must educate end users on the risks associated with cyber-attacks on OT systems to help protect the organization to increase the adoption of OT security solutions. “Vulnerability discovery and its subsequent patching where OEM support is essential is the next challenge,” adds Alok Shankar Pandey, AGM (IT) & CISO, Dedicated Freight Corridor Corporation of India Ltd (DFCCIL).
Pandey cites the example of Railways in the OT security domain. He believes that OT of the Railways is probably one of the most Complex ecosystems. It comprises of purpose built networks for SCADA, Signaling and Telecom using proprietary protocols of multiple different OEMs in each field. “While interoperability of these elements remains the primary operational challenge, the security related challenges start at the most elementary level,” adds Pandey.
Other than railways, power discoms are another key public infrastructure facing OT security challenges. OT systems adopted in power distribution utilities include Smart Metering / Advanced Metering Infrastructure, SCADA (Supervisory Control & Data Acquisition System), OMS (Outage Management System), DMS (Distribution Management System), ADMS (Advanced Distribution Management System), Network Analysis System, Auto Demand Response (ADR) System and Work Force Management System.
“There are some practical challenges in OT side of Discoms utilities,” opines Laxmikant Singh Rathore, Director (Cybersecurity), Central Electricity Authority.
These include proprietary technologies & interoperability challenges, technology integration legacy systems upgradation and maintenance, capacity building & change management, lack of standardization, handling large volume of data and implementation of asset analytics among others.
Looking into the Future
“We are looking to help our existing large customers upgrade their IT & OT security systems with focussed security solutions. Help them take a cyber immune strategy rather than just preventive measures against cyber threats,” informs Singh.
“As Indian enterprises confront the looming challenges of cloud transitions, AI threats, and team frictions, a unified approach is our strongest shield. By consolidating efforts and embracing Zero Trust principles, we not only fortify our defenses but also pave the path for a resilient digital future, where collaboration conquers complexity,” Valluri gives the clarion call.
“Increased focus on digital solutions provides a large opportunity for the Indian distribution sector to adopt various OT security technologies, systems, and applications to approach current business problems including their financial and operational effectiveness,” asserts Rathore.
“To solve this OT challenge, organizations need an integrated security approach designed specifically for industrial solutions that enables policy enforcement across the entire attack surface, consolidates point products, and reduces operational overhead,” concludes Srivastava.
Rajneesh De, APAC News Network
Discussion about this post