OPSWAT sponsored the
SANS 2023 ICS/OT Cybersecurity
Survey, which unveils a distinct reality:
despite notable improvements in defense strategies, including increased ICS
cybersecurity awareness and enhanced incident response plans, survey
respondents collectively consider current cybersecurity threats to ICS as
severe/critical (25%) and high (44%). As a result, the top three items of
utmost importance for ICS security programs in 2023 have been identified as
network visibility, risk assessments, and transient device threat detection.
ICS/OT environments are becoming
increasingly interconnected and complex, offering efficiency and innovation.
However, this also exposes organizations to heightened vulnerabilities from
relentless cyber threats. Dean Parsons, a SANS Certified Instructor,
practitioner, and ICS/OT cybersecurity assessment expert, emphasizes,
"This year's survey reveals several notable changes compared to previous
years. We see significant efforts in crucial areas and, regrettably, a lack of
commitment in some equally important, evolving domains. However, there is a
silver lining in the form of increased investments in asset inventorying,
network-specific ICS/OT visibility and detection systems, and the development,
training, and retention of staff with the required specific ICS security
skillsets."
Compromised IT Leads to
Comprised OT
Respondents are predominantly
concerned with and have experienced ICS incidents involving malware threats or
attackers breaching the IT business network. These breaches often enable access
and pivoting into the ICS/OT environment. Compromises in IT systems leading to
threats entering OT/ICS networks ranked highest, followed by compromises of
engineering workstations and external remote services.
To address these threats
effectively, understanding the specific vectors within the top threat vector is
essential. Questions arise about why IT compromises lead to ICS breaches, the
enabling factors behind such breach points, methods used to compromise engineering
stations, and the ownership of these critical processes. Luckily, penetration
testing is occurring at multiple levels, with a focus on Levels 3, DMZ, and
Level 2, indicating proactive measures to assess and enhance ICS security.
IT and OT Collaboration and
Training
The report highlights a
significant trend towards IT/OT staff convergence, with 38% of all respondents
now responsible for both ICS and IT security, indicating increased
responsibilities in 2023 compared to the 20% reported in 2022.
Incident Response
Cybersecurity solution providers
are frequently consulted (43%) when signs of infection or infiltration emerge,
emphasizing the need for specialized expertise in incident response.
Additionally, a quarter of respondents were uncertain about having an exercised
and documented plan for operating ICS engineering systems in reduced capacity,
and only 56% currently possess a dedicated ICS/OT Incident Response Plan.
"Building resilient critical
infrastructure requires a proactive approach to cybersecurity as noted with the
SANS' report findings," said Yiyi Miao, OPSWAT's Chief Product Officer. "At
OPSWAT, we're committed to empowering organizations to safeguard their vital
systems through effective industry-leading solutions."
Download the SANS ICS/OT Cybersecurity Survey: 2023's Challenges
and Tomorrow's Defenses.