19 December 2014

The Wheels of the Cyber Industry

10/9/2014

According to market research & analysis firm Frost & Sullivan, the global cyber industry is expected to generate a financial turnover of about US$ 155 billion in the year 2020. A fascinating analysis of the connections between money, technology and transparency

Much has been said and written in the last year about the prosperity Israel has been enjoying as an outstanding supplier of cyber technologies. Chief executive officers of foreign technology giants, senior executives of the local industry, Members of Knesset, government ministers and even the Prime Minister and the President announced that the advancement of knowledge in the field of cyber is a national mission. We have witnessed a steadily growing number of new companies entering this field, as well as capital raising campaigns by existing cyber companies. But will this extensive supply meet with suitably extensive demand, or are the bleak prophecies regarding critical infrastructure systems vulnerable to attacks by hostile elements nothing more than a sophisticated marketing ploy by those technology suppliers? 

Well, at least according to a large-scope study conducted by the consultants and analysts of Frost & Sullivan regarding the cyber industry, it appears that the market – the end users and the governments – takes these risk scenarios very seriously and announces the implementation of preventive programs and future plans for handling the challenges and risks. 

According to Frost & Sullivan, the 2011 turnover of the cyber defense market was about US$ 50 billion; in 2013 it was about US$ 71 billion and until 2020 it is expected to grow at an average rate of 13.4% per year, reaching a turnover of about US$ 155 billion in that year. The USA and Europe were the most active players in this market in 2011 in terms of the scope of investments: US$ 25.1 billion and US$ 17 billion, respectively. 

In the coming years, the USA and Europe are expected to concentrate most of the investments in this field. In 2020, the scope of investment is expected to amount to about US$ 85 billion in the USA and to about US$ 35 billion in Europe. During the same period, Asia will awaken, too, and in 2020, as predicted by Frost & Sullivan, the total investments in the field of cyber in that region will amount to about US$ 22 billion. 

Espionage, Counterespionage & Public Transparency 

The organizations responsible for spending these massive amounts of money are diversified, so numerous companies, operating in various niches, can earn a living. In 2013, governments and government agencies were responsible for about 40% of the total expenditure in this market. Non-government industrial companies were responsible for about 35% of the total expenditure in this market, and the balance (25%) was attributed to expenditure by private consumers. 

Among the corporations that operate opposite governments: Lockheed-Martin, BAE, HP, Thales, Finmeccanica and Northrop Grumman. Companies that provide cyber defense to industrial corporations include IBM, HP, Juniper, Cisco, EMC, Motorola and Honeywell. As expected, the sector providing cyber defense to private consumers includes the highest number of technology suppliers, including Symantec, McAfee, Checkpoint, F5, Kaspersky Labs, BMC, Palo Alto and others. 

What was the trigger for the current cyber wave? Even the most basic computer users have been familiar with computer hacking since the early history of commercial Internet, sometime about 20 years ago. The trigger for it, quite naturally, were the technological developments, but a significant element that has led to the heightened awareness of the recent period has to do with government transparency. 

Espionage by one country against another country was something we only saw in the movies. In effect, espionage has been in existence, in various shapes and forms, since the dawn of nations, but in the last year the subject has become heard and spoken about by practically everyone, mainly pursuant to the series of revelations made by former CIA analyst Edward Snowden. Admittedly, such espionage activities as monitoring the various communications of national leaders does concern the ordinary citizen, but he is much more troubled by the danger of the efforts to collect information about himself and about the public organizations that serve him, for the purpose of inflicting damage that is not necessarily economic – such as the denial of service to government ministries and agencies and centers providing information to the public, in preparation for a physical attack. 

So, while in the past government espionage and counterespionage operations could be conducted away from the public eye, the fact that the public itself has been placed within the information collecting turmoil now calls for a higher degree of visibility of the government’s preventive operations. The practical implication is a more extensive exposure on the media of the cyber defense layouts, accompanied by statements regarding the reinforcement of those layouts. In order to implement those statements, investments are required, and consequently the suppliers of technologies and services in the cyber world are enjoying the recent prosperity in their business activities. 

Simplicity as a Double-Edged Sword 

In addition to the above, as technology and the ability to use it become more readily available, the ability to abuse technology in order to carry out criminal or at least bothersome activities also becomes more readily available. The transition from desktop to mobile computers and from laptop computers to tablet computers and smartphones, and the addition of various accessories that connect to the web in the “Internet of Things” world, have lowered the “entrance bar” for the battalions of cyber criminals, have extended the ranges of the threat with regard to the scope of instruments and infrastructure systems that may be damaged, and have even made the task of locating and neutralizing the cyber criminals more complex to execute. 

Today, numerous horror scenarios focus on damage to infrastructure systems that are critical to the state, such as energy, water, transportation, health and so forth. The more the organizations that operate in these fields acquire technologies that enable remote operation and/or interfacing with other elements, the more entrance points they provide that may be exploited by hostile elements. 

Mobile device control interfaces, like the adoption of the concept of smartphone applications, have become simpler to use for “ordinary” users. The era of smart mobile devices has made the dissemination of software products and services (through formal and informal application stores) significantly easier as well as making life easier for the users by offering a friendly user interface, simplified identification procedures using social media accounts, and full availability through mobile devices. These simplicity and convenience contribute to the worsening of the cyber threat owing to two aspects: firstly, the “creation” of cyber nuisances is easier than ever before, and ready-to-operate code lines are packaged in an inviting interface and offered to all comers – to anyone interested in directing his digital rage toward specific countries or organizations. Additionally, many innocent users become a tool in cyber attacks by downloading applications under various pretexts (normally from sources other than official application stores), unaware that the game they had downloaded (which is mostly an imitation of an existing game) contains code lines that will convert their mobile device into a generator of Denial-of-Service (DOS) attacks on some future crucial day. 

As this threat has been widely known for a number of years now, it seems that today, these DOS attacks are used as a diversion while the cyber criminals are actually busy elsewhere, staging more “silent” hacking attempts against some other target.  

Yaki Baranes is a growth strategy consultant with Frost & Sullivan and heads the defense industry activity at the firm’s Israeli branch

No comments: