Research Finds Cyberattackers Actively Target Industrial Operations
A recent survey sponsored by ABS Group revealed that 45% of participants estimate the threats to their control systems are high and another 15% said they were severe or critical.
Risk-management company ABSG Consulting presented the results of a survey from SANS Institute that reveals cyberattackers have demonstrated a robust understanding of operational technology (OT) and industrial control system (ICS) engineering and have conducted attacks that gain access and negatively affect operations and human safety.
“This research concludes that industrial control systems can no longer be ignored,” said Ian Bramson, global head of industrial cybersecurity at ABS Group. “Organizations that take a copy-and-paste approach to applying IT security tools, processes and best practices into an OT/ICS environment can expect problematic consequences.”
The report “Threat-Informed Operational Technology Defense: Securing Data vs. Enabling Physics” was compiled by the SANS Institute, a cybersecurity research and education organization.
Key findings include the following:
Gaps in Perception Exist around ICS Risks at Different Levels Within Organizations—61% of survey participants indicated that a gap exists in the perception of cybersecurity risk to their ICS facilities between OT/ICS cybersecurity front-line teams and other parts of the organization. Of these, 35% indicated the gap is between senior management and the OT/ICS cybersecurity front-line teams.
Ransomware Is the Biggest Threat to OT—The industrial community is seeing ransomware with increasingly sophisticated variants that have the capability to cause more disruption to system assets and process flows. When asked about the threat categories of most concern, 50% of respondents placed ransomware at the top. Targeting ICS operations using ransomware is a goal of cyberattackers because targeting ICS operations can lead to higher and quicker payouts.
ICS Security Resources Are Challenged, Even More Than in IT—Security teams are commonly resource-challenged in IT, but even more so in ICS, where additional security and engineering knowledge is required to perform effective ICS active cyberdefense. 47% of ICS organization respondents said they do not have internal dedicated 24/7 ICS security response resources to manage OT/ICS incidents, while just a slightly lower percentage (46%) said they do, leaving 7% unsure of their current state.
The report concludes that OT/ICS security managers can improve their security program by allocating resources through new hires, changing internal roles to focus exclusively on ICS security, or outsourcing to managed security service providers.
ICS System and Network Visibility Warrants Improvement, and Investments Are Planned—65% of respondents indicated that their visibility is limited for control systems, while only 22% said they have the have visibility needed to defend against modern threats, and 7% said they have no visibility into their control systems.
Increased visibility into control system assets (52%) and implementing ICS-specific network security monitoring (NSM) for control systems (51%) ranked as the top two budgeted initiatives for organizations within the next 18 months.
“Critical infrastructure is targeted by cyber adversaries who have demonstrated their knowledge and desire to cause real-world consequences from cyberattacks,” said Dean Parsons, lead researcher and certified instructor at the SANS Institute. “ICS/OT facilities are advised to establish, maintain and mature an ICS Active Cyber Defense. Specifically, facilities must ensure ICS/OT defenders have knowledge of their control systems, the evolving threat landscape, and, with ICS network visibility, monitor for abnormal events in control system network traffic. Managers and leaders responsible for ICS/OT must understand, embrace the IT/OT differences, and support their ICS defense teams with security controls specific to control systems that priority safety.”