ICS Cybersecurity Report: Control Systems Remain Highly Targeted by Threat Actors as Organizations Forced … – CPO Magazine




The 2022 SANS OT/ICS Cybersecurity Report finds that hackers are continuing to show a very strong interest in industrial control systems, but that organizations tend to be much more prepared after the high-profile incidents of 2021. This is still not a universal trend, however, as 35% are still not able to tell if they have been compromised and 17% still aren’t monitoring OT system security.
The survey is conducted by cybersecurity leader Nozomi Networks and the SANS Institute, a leading research and training body. It incorporates the input of over 330 managers, analysts and security architects with roles in ICS cybersecurity representing firms from around the world.
2021 was a major wake-up call for ICS cybersecurity as criminal ransomware groups crossed the line into attacking critical infrastructure systems and attempting to do physical real-world damage, most famously with the highly disruptive attacks on Colonial Pipeline and meat packing giant JBS.
The 2022 ICS Cybersecurity Report definitely sees the industry responding to these incidents, showing better preparedness and more willingness to budget for ICS cybersecurity overall. However, there are still a substantial amount of organizations that are vulnerable and have big challenges ahead of them in getting up to parity with the threat landscape.
The majority of organizations do now recognize ICS threats as being very serious; 22% ranked them as “critical” and 41% ranked them as “high” priority, representing a slow but steady increase over the past several years. The survey also indicates an increasing awareness that the worlds of standard IT security and ICS cybersecurity are significantly different and require different skill sets, as 80% of the security professionals said that they now have a role that emphasizes ICS (up from 50% in the previous year). Of the respondents that split their time between ICS and a business role, the majority also say that ICS now takes priority.
Respondents also weighed in on their biggest individual ICS cybersecurity challenges. Unsurprisingly, the integration of aging legacy systems with modern IT networks was the main concern. This has been a chronic issue, as industrial equipment is generally designed to last for decades and also did not start anticipating internet-based threats until fairly recently. But not far behind was concern about how modern IT systems also are still not designed to interface with industrial equipment and control systems. Other major concerns include a lack of IT staff that understands OT operational requirements, and insufficient labor to implement existing security plans.
On the business end, the top concern is ability to ensure reliability and availability of control systems. Other leading concerns are lowering risk while improving security, preventing damage to systems, preventing information leakage and meeting regulatory compliance requirements.
Budgets are also up, with only 7% reporting they do not have any kind of ICS cybersecurity budget (down from 21% the previous year) and organizations generally increasing their budgets in this area by hundreds of thousands of dollars.
For those that remain hesitant to spend in this area, Bud Broomhead (CEO at Viakoo) believes that cybersecurity insurance requirements will soon force their hand:  “The rise in ransomware and other attacks against OT infrastructure will directly lead to organizations needing more data and information on their OT systems to obtain cyber security insurance. Even with that cyber security insurance around OT and IOT environments will be significantly higher in cost because of these threats. Organizations need to start on their security journey especially with OT. That starts with having asset discovery followed by automated remediation methods.”
Some sectors appear to be under much greater risk of compromise than others, at least according to how respondents assess the likelihood of compromise in their field. The groups thought to be most at risk are business services, health care/public health, commercial facilities, financial services and critical manufacturing. The sectors that respondents felt were lowest-risk are among those that are heavily targeted, but also heavily secured: dams, nuclear plants, emergency services and chemical companies.
Certain components are also seen to be much higher-risk than others. Respondents anticipate that engineering elements, operator assets and server assets are much more likely to be compromised than anything else. These are also the components that respondents assessed as having the greatest negative impact if they were to be compromised.
Though awareness is generally up due to the rash of ransomware attacks on critical infrastructure, some organizations continue to lag on ICS cybersecurity. Overall, slightly under half of respondents are using active vulnerability scanning in this area, and 36.5% simply wait for vendors to notify them of an issue or send a patch. Only 34.5% say they are actively looking for vulnerability notifications as they come available.
Andrew Barratt, Vice President at Coalfire, expands on the importance of active monitoring in this area: “Attacking OT environments is often talked about as a simple endeavour due to a lack of updates, legacy infrastructure in their environment and often spaghetti bowl network architecture – the value of monitoring cannot be understated from a defense perspective … Commercial actors are typically looking for the fastest pay out, so they become visible quickly usually because they’re trying to monetise their illicit access. The converse is often true for nation-states. They’re more interested in becoming a long term persistent presence as this buys them influence and awareness. If you can’t go around sending naval fleets to the nearby international waters of your international adversaries you can try to break into their critical infrastructure to threaten equally painful consequences.”
However, Jason Hicks (Field CISO and Executive Advisor at Coalfire), notes that passive monitoring is likely still the norm simply due to the age and inherent limitations of the equipment that is in use: “Things like software updates typically come into those environments via thumb drives. Also, many of the devices are running specialized operating systems, that don’t tolerate being scanned for vulnerabilities, and don’t support running your typical endpoint protection suite. Imagine if your vuln scan shutdown power to a substation for example. Due to all these factors it’s not common for the operators to have the kind of security focused visibility tools we are used to having on corporate networks. The industry has long relied on the disconnected nature of OT networks to provide security, so investments in monitoring would have been directed to uptime vs collecting security telemetry. If you wanted to close the monitoring gap you are typically left with passive solutions that are designed for OT environments.”
“Traditionally you had to procure and manage an entirely separate LAN & WAN for your OT systems, due to financial pressures certain firms are trying to find ways to leverage their primary infrastructure to reduce cost. These newer trends are likely the source of the OT breaches noted in the survey, as in the past you would have needed physical access to the OT network to compromise it. I would expect to see more investment in securing OT environments in the near term,” noted Hicks.
 
About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

News, insights and resources for data protection, privacy and cyber security professionals.
About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page