Virtualization Technology News and Information
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
OPSWAT sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategies, including increased ICS cybersecurity awareness and enhanced incident response plans, survey respondents collectively consider current cybersecurity threats to ICS as severe/critical (25%) and high (44%). As a result, the top three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

ICS/OT environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats. Dean Parsons, a SANS Certified Instructor, practitioner, and ICS/OT cybersecurity assessment expert, emphasizes, "This year's survey reveals several notable changes compared to previous years. We see significant efforts in crucial areas and, regrettably, a lack of commitment in some equally important, evolving domains. However, there is a silver lining in the form of increased investments in asset inventorying, network-specific ICS/OT visibility and detection systems, and the development, training, and retention of staff with the required specific ICS security skillsets."

Compromised IT Leads to Comprised OT

Respondents are predominantly concerned with and have experienced ICS incidents involving malware threats or attackers breaching the IT business network. These breaches often enable access and pivoting into the ICS/OT environment. Compromises in IT systems leading to threats entering OT/ICS networks ranked highest, followed by compromises of engineering workstations and external remote services.

To address these threats effectively, understanding the specific vectors within the top threat vector is essential. Questions arise about why IT compromises lead to ICS breaches, the enabling factors behind such breach points, methods used to compromise engineering stations, and the ownership of these critical processes. Luckily, penetration testing is occurring at multiple levels, with a focus on Levels 3, DMZ, and Level 2, indicating proactive measures to assess and enhance ICS security.

IT and OT Collaboration and Training

The report highlights a significant trend towards IT/OT staff convergence, with 38% of all respondents now responsible for both ICS and IT security, indicating increased responsibilities in 2023 compared to the 20% reported in 2022.

Incident Response 

Cybersecurity solution providers are frequently consulted (43%) when signs of infection or infiltration emerge, emphasizing the need for specialized expertise in incident response. Additionally, a quarter of respondents were uncertain about having an exercised and documented plan for operating ICS engineering systems in reduced capacity, and only 56% currently possess a dedicated ICS/OT Incident Response Plan.

"Building resilient critical infrastructure requires a proactive approach to cybersecurity as noted with the SANS' report findings," said Yiyi Miao, OPSWAT's Chief Product Officer. "At OPSWAT, we're committed to empowering organizations to safeguard their vital systems through effective industry-leading solutions."

Download the SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses. 

Published Friday, September 22, 2023 9:39 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2023>