Report: SANS 2023 ICS/OT Cybersecurity Survey Highlights Concerns in Critical Infrastructure Protection
The State of ICS Cybersecurity
A recent survey conducted by cybersecurity solutions provider OPSWAT and sponsored by SANS Institute reveals the ongoing challenges faced by organizations in securing their industrial control systems (ICS) and operational technology (OT) infrastructure. Despite improvements in defense strategies and increased cybersecurity awareness, survey respondents still perceive current cybersecurity threats to ICS as severe/critical (25%) or high (44%). The survey also identified the top three priorities for ICS security programs in 2023 as network visibility, risk assessments, and transient device threat detection.
Ongoing Vulnerabilities and Threats
The ICS/OT environments have become increasingly interconnected and complex, offering efficiency and innovation to organizations. However, this also exposes them to heightened vulnerabilities from relentless cyber threats. The survey findings show that respondents are predominantly concerned with and have experienced incidents involving malware threats or attackers breaching their IT business networks, which often leads to compromised OT/ICS networks. Compromises in IT systems leading to threats entering OT/ICS networks ranked highest, followed by compromises of engineering workstations and external remote services.
Understanding the Threat Vectors
Addressing these threats effectively requires a deeper understanding of the specific vectors within the top threat vector. Questions arise about why IT compromises lead to ICS breaches, the enabling factors behind such breach points, methods used to compromise engineering stations, and ownership of these critical processes. The survey suggests that organizations are actively conducting penetration testing, especially at Levels 3 (DMZ) and 2, indicating proactive measures to assess and enhance ICS security.
Convergence of IT and OT
The report also highlights a significant trend towards convergence between IT and OT staff, with 38% of respondents now responsible for both ICS and IT security, compared to 20% in the previous year. This indicates that IT staff members are taking on increased responsibilities for securing OT infrastructure. The collaboration and training of IT and OT professionals are crucial for building robust security measures in critical infrastructure.
Importance of Incident Response and Specialized Expertise
Incident response is a critical aspect of ICS/OT cybersecurity. The survey reveals that organizations frequently seek the expertise of cybersecurity solution providers (43%) when signs of infection or infiltration emerge. It emphasizes the need for specialized knowledge and skills in incident response to effectively mitigate risks and respond to cybersecurity incidents. Additionally, the survey highlights the importance of having a documented plan for operating ICS engineering systems in reduced capacity, as a quarter of respondents were uncertain about having such a plan. Only 56% of organizations currently possess a dedicated ICS/OT Incident Response Plan.
Editorial: Strengthening Critical Infrastructure Cybersecurity
The results of the SANS 2023 ICS/OT Cybersecurity Survey underscore the persistent challenges faced by organizations in protecting their critical infrastructure from cyber threats. While improvements in defense strategies and increased cybersecurity awareness are positive developments, they alone are not sufficient to address the evolving threat landscape.
The convergence of IT and OT highlights the need for collaboration and training between professionals responsible for both domains. It is crucial to foster a holistic understanding of the interconnectedness between IT and OT systems and equip staff with the necessary skills to secure critical infrastructure effectively.
Furthermore, incident response capabilities and specialized expertise play a vital role in mitigating risks and responding to cybersecurity incidents swiftly and effectively. Organizations should prioritize the development of dedicated incident response plans for ICS/OT environments and collaborate with cybersecurity solution providers to leverage their expertise.
The survey findings also emphasize the importance of proactive measures such as penetration testing to identify vulnerabilities and enhance ICS security. Organizations must regularly assess their systems and deploy appropriate detection and prevention mechanisms to thwart attacks before they can compromise critical infrastructure.
Advice: Safeguarding Critical Infrastructure in a Connected World
1. Prioritize Network Visibility
Network visibility is essential for effectively protecting critical infrastructure. Organizations should invest in technologies that provide comprehensive visibility into their ICS/OT networks, enabling them to monitor and detect anomalies or potential threats. This visibility serves as the foundation for building a robust cybersecurity framework.
2. Conduct Risk Assessments
Regular risk assessments are vital to identify vulnerabilities, prioritize mitigation efforts, and allocate resources effectively. Organizations should conduct thorough assessments of their ICS/OT environments, considering potential threats and their potential impacts. By understanding their risk landscape, they can implement targeted security measures and allocate appropriate resources.
3. Implement Transient Device Threat Detection
Given the increasing interconnectedness of ICS/OT environments and the potential for threats to enter through compromised IT systems, organizations must deploy transient device threat detection mechanisms. These technologies can identify and mitigate threats that try to infiltrate the OT infrastructure through transient or temporary connections.
4. Foster Collaboration Between IT and OT Staff
The convergence of IT and OT requires collaboration and knowledge sharing between these two domains. Organizations must encourage collaboration and provide training opportunities for IT and OT professionals to enhance their understanding of each other’s responsibilities and the unique security challenges associated with critical infrastructure.
5. Develop Robust Incident Response Plans
Creating dedicated incident response plans specific to ICS/OT environments is crucial. Organizations should document and exercise these plans regularly to ensure readiness in the event of a cybersecurity incident. Partnering with cybersecurity solution providers who specialize in incident response can provide invaluable expertise and support during critical moments.
6. Regularly Conduct Penetration Testing
Penetration testing is an essential proactive measure to identify vulnerabilities and enhance ICS security. Regularly conducting penetration tests, especially at critical levels such as DMZ and Level 2, enables organizations to identify potential weaknesses and implement necessary security enhancements before cyber attackers can exploit them.
Conclusion
The SANS 2023 ICS/OT Cybersecurity Survey highlights both the progress made and the challenges that remain in securing critical infrastructure. Organizations must continue to invest in comprehensive cybersecurity solutions, strengthen collaboration between IT and OT teams, and prioritize incident response preparedness. By taking proactive measures and implementing robust security practices, organizations can safeguard their critical infrastructure and protect against relentless cyber threats.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- MGM Bounces Back: Restoring Casino Operations After Cyberattack
- MGM Bounces Back from Cyberattack: Restores Casino Operations in Record Time
- The Future of Cybersecurity: Unveiling Cloud Era Defense-In-Depth Techniques
- Exploring the Future of Cloud Security: Mastering Defense-In-Depth and Data Protection
- Maximizing the Power: Unleashing the Full Potential of Threat Intelligence Resources
- Getting Ahead of the Game: Maximizing the Potential of Threat Intelligence Resources
- Bolstering Cyber Defense: Protecting Critical Infrastructure from Growing Threats
- Unlocking the Power of Security Awareness: Cultivating a Strong Security Culture
- Rise of Chinese-Speaking Cybercriminals: Inside the Large-Scale iMessage Smishing Campaign in the U.S.
- Cypago Raises $13M: Revolutionizing GRC Processes with its Cyber GRC Automation Platform
- Cybercriminals Unleash BBTok Banking Trojan to Infiltrate and Seize User Funds
- Uncovering the Unknown: A New Initiative to Monitor Undermonitored Regions
- The Future of Cybersecurity: Navigating Defense-in-Depth and Data Security in the Cloud Age
- Improving Cybersecurity: Navigating the Cloud Era with Defense-In-Depth Measures
