As it was mentioned during the first post, the industry is moving towards a new paradigm where connectivity is the key. Some have decided to call it “Industry 4.0”, as a way of illustrating that it is a new industrial revolution; a digital one. This term is the label under many different initiatives have emerged to ensure that the different companies and organizations adopt these new technologies knowing their advantages and risks.
First of all, while I am going to present some data to set up the global context. While I am going to focus this post on the European market, the truth is that its significance has decreased due to the economic expansion of the Asia-Pacific countries and, more recently, Africa and the Near East. Market and Markets report projects a Compound Annual Growth Rate of 6.5% from 2018 to 2023, while Allied Market Research predicts a CAGR of 5.3% from 2018 to 2025. Those numbers would mean dozens of billions of USD added to the global economy during the following decade. The reason behind the growth is the increased demand by emerging nations and the quake caused by the technologies mentioned previously, as they allow and require new deployments and security measures.
A big player on this scenario is the People’s Republic of China, the most populated state and “the Factory of the World”. The forecast for this country is from 2015 to 2021, according to Mordor Intelligence, the CAGR si estimated to be of 9.35%, almost doubling the growth Europe. Another Asian country, India, is expected to have a CAGR of 8.71% (report of Goldstein Research) for the period between 2017 and 2025. Those two emerging powers are the main reason behind Asia-Pacific being the fastest growing market for these products.
Middle East and Africa are expected to reach 17.13 billion USD for 2020, resulting on a 4.17% CAGR. However, the growing rates are uneven, with emerging economies like South Africa or the UAE sharing group with some of the poorest countries of the world. There is little information available for this group and Latin America, being the only precise statistic that their organizations are more susceptible to suffering cyber-attacks. This is a serious issue in the Middle East, where the attacks are considered “very likely” for 63% of the organizations while the global mean is at 32%. I would say that the cause is the Iran-Saudi Arabia Cold War, having those states and their allies more or less openly boycotting each other’s industrial fabric. The most clear exaples are the recent drone bombing at Aramco and the U.S. punishing cyber strike in response.
North America, Western Europe and Japan are the most mature markets and, in consequence, the most relevant companies can be found there. E.g.: Schneider Electric and Siemens from Europe; Emerson Electric and General Electric from the US, and Yokogawa Electric and OMRON from Japan. As an example, the Digital Factory Division of Siemens, in charge of the Industrial Control Systems, has been growing for the last years, achieving a revenue of 2,5 billions worldwide in 2018.
The main challenge for these countries is not the deployment of the devices, but making them secure. On the past years, European companies have lost billions of euros due to cyber-attacks. A survery of 2016 for German industry reported that those attacks costed 13 billions of euros yearly to the German companies, with the most affected sector being the manufacturer suffering 5.4 billions of those losses.
I found several statements and documents pointing out that the European Union is trying to improve the security of its member states by creating reports analyzing the context and providing recommendations and frameworks freely available on the internet. The European Union Agency for Cybersecurity has a category at their web-page listing all their papers. Regarding the subject I am covering, the most interesting document is the one discussing the maturity of ICS: “Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors”. The paper identifies 4 labels to cover the “Maturity Profile” of the Member States, interestingly, not based on the technological stage but on the legislation and the adopted strategies to improve security. Even if the general overview is positive, further reforms are needed in order to improve the prevention of incidents and the awareness of both, governments and companies by creating new European directives and economic incentives for organizations.
A clear (and graphical) example of the relevancy these systems have on the economical context is that the CNPIC (Centro Nacional de Protección de Infraestructuras y Ciberseguridad) has set the level of risk at 4, meaning we are at a “high risk”. Cyber-attacks to Spanish companies and individual have raised 600% in the last 4 years. Therefore, earlier this year, the National Council of Cybersecurity published a guide so companies have a framework to report and manage breaches on their security to minimize the impact and agilize the response.
Concluding the work, I would like to recall a core idea of the first post: ICS have changed and evolve towards a connected approach. Heuristics and frameworks that solved problems during the 20th century must be discarded. Emerging countries are developing their industries under the opportunities and uncertainties these technologies provide, while the economic powers are trying to shield themselves from saboteurs, hackers or cyber-militaries. Those risks, from the human mistake to the most expensive ransomware are going to be discussed in the third post.
 «Industrial Control Systems (ICS) Security Market by Solution (Firewall, Antimalware/Antivirus, IAM, Encryption, Whitelisting, Security Configuration Management, DDoS, and IDS/IPS), Service, Security Type, Vertical, and Region – Global Forecast to 2023», Markets and Markets, accessed 11 November 2019, https://www.marketsandmarkets.com/Market-Reports/industrial-control-systems-security-ics-market-1273.html.
 «Industrial Controls Market by Control System (Distributed Control System (DCS), Supervisory Control and Data Acquisition System (SCADA), Manufacturing Execution System (MES), and Others), Component (Modular Terminal Blocks, Relays & Optocouplers, Surge Protectors, Marking Systems, Printing, Ferulles Cable Lugs, Handtools, Testers, Enclosure Products, PCB Connectors & Terminals, Heavy Duty Connectors, Analog Signal Conditioner, Electronics Housing, Power Supplies, Industrial Ethernet, and Remote IO ), and End User (Automotive, Utility, Electronics & Semiconductors, Mining, and Others): Global Opportunity Analysis and Industry Forecast, 2018 – 2025», Allied Market Research, accessed 11 November 2019, https://www.alliedmarketresearch.com/industrial-control-robotics-market.
 «China Factory Automation and Industrial Controls Market – By Products (Field Devices, Industrial Control Systems, Manufacturing Execution Systems, Enterprise Resource Planning, Product Lifecycle Management ), Industry, Trends, Forecast – (2017 – 2022)», Mordor Intelligence, accessed 11 November 2019, https://www.mordorintelligence.com/industry-reports/china-factory-automation-and-industrial-controls-market-industry.
 «India Industrial Control System Market: Size, Share, Key Players, Trends, Demand Analysis, Opportunity Assessment, Potential, Growth Drivers, Forecast 2017-2025», Goldstein Research, accessed 11 November 2019, https://www.goldsteinresearch.com/report/india-industrial-control-systems-market.
 «Middle East and Africa Factory Automation and Industrial Controls Market – By Products (Field Devices, Industrial Control Systems, Manufacturing Execution Systems,Enterprise Resource Planning, Product Lifecycle Management ), Industry, Geography, Tr», Mordor Intelligence, accessed 11 November 2019, https://www.mordorintelligence.com/industry-reports/middle-east-and-africa-factory-automation-and-industrial-controls-market.
 Al Jazeera, «Houthi drone attacks on 2 Saudi Aramco oil facilities spark fires», Al Jazeera, 14 September 2019, accessed 11 November 2019, https://www.aljazeera.com/news/2019/09/drones-hit-saudi-aramco-facilities-fires-190914051900472.html.
 Idrees Ali and Phil Stewart, «Exclusive: U.S. carried out secret cyber strike on Iran in wake of Saudi oil attack: officials», Reuters, 16 October 2019, accessed 11 November 2019, https://www.reuters.com/article/us-usa-iran-military-cyber-exclusive/exclusive-u-s-carried-out-secret-cyber-strike-on-iran-in-wake-of-saudi-oil-attack-officials-say-idUSKBN1WV0EK.
 «SCADA Market by Component (Programmable Logic Controller, Remote Terminal Unit, Human-Machine Interface, Communication Systems), SCADA Architecture (Hardware, Software, Services), SCADA Industry, and Geography – Global Forecast to 2024», Markets and Markets, accessed 11 Novembre 2019, https://www.marketsandmarkets.com/Market-Reports/scada-market-19487518.html?gclid=EAIaIQobChMI6cTc_bDg5QIVkEDTCh3YcgcZEAAYASAAEgJisvD_BwE.
 Siemens AG, «Siemens Annual Report 2018», https://assets.new.siemens.com/siemens/assets/public.1552038192.4bfbab10-00d6-4a22-aad2-b50f3f232bfb.siemens-annual-report-2018.pdf.
 Anja Schmoll-Trautmann, «Cyber-Angriffe verursachen in Deutschland jährlich 13 Milliarden Euro Schaden», Silicon, 25 May 2016, accessed 11 November 2019, https://www.silicon.de/41626997/cyber-angriffe-verursachen-in-deutschland-jaehrlich-13-milliarden-euro-schaden.
 Rossella Mattioli and Konstantinos Moulinos, Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors, PDF edition https://www.enisa.europa.eu/publications/maturity-levels
 «CNPIC – Inicio», CNPIC website, accessed 11 November 2019,
 EFE – Cáceres, «Ciberataques han aumentado un 600% en España en cuatro años, según el CNPIC», El Diario, 5 June 2019, accessed 11 November 2019, https://www.eldiario.es/tecnologia/Ciberataques-aumentado-Espana-anos-CNPIC_0_906759916.html
 Guía nacional de notificaciones y gestión de ciberincidentes, (Consejo nacional de ciberseguridad, 2019), accessed 11 November 2019, http://www.interior.gob.es/documents/10180/9771228/Guía+Nacional+de+Notificación+y+Gestión+de+Ciberincidentes.pdf