There is a pressing need to improve operational technology (OT) security, with 93% of OT organisations having experienced an intrusion in the past year, and 78% of them experiencing more than three intrusions.
This is among the findings from Fortinet’s recent 2022 State of Operational Technology and Cybersecurity Report. Based on a detailed survey conducted in March 2022 of more than 500 global operational technology (OT) professionals, the report’s data highlights the current state of OT security and provides a roadmap to better secure OT organisations.
Air-gapped no more
Traditionally, security was not as critical a consideration when programmable logic controllers (PLCs) – the brains of any industrial control system (ICS) or OT network – were designed. PLCs never verified the authenticity of message senders, and controller communications had zero encryption capability.
Previously, there was no need for these security measures because an organisation’s OT network was always air-gapped from their IT network.
Now, however, the situation is quite different. OT and IT networks have converged, and industrial processes have been digitized.
The benefits from the integration of these two types of networks are great. They include enhancements in productivity, efficiency, responsiveness, and profitability.
Unfortunately, this new connectivity has also brought the negative unintended consequence of making OT networks vulnerable to cyberattacks. IT/OT interconnectedness has allowed threat actors to attack the cyber-physical systems of no-longer air-gapped OT environments, resulting in many serious incidents.
Report highlights
Key findings from the report include:
* Visibility down equals vulnerability up: The lack of centralized visibility of OT devices, applications, and users increases vulnerability. This lack of visibility contributes greatly to organisations’ OT security risks and having a weak security posture.
* Bottom-line issues: OT security intrusions significantly impact an organisation’s productivity and its bottom line. Due to intrusions, nearly 50% of organisations surveyed suffered an operational outage that affected their productivity with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance, and brand-value impacted because of intrusions.
* Responsibility problems: Ownership of OT security is inconsistent in the surveyed organisations. Only 15% of respondents say that their CISO is responsible for OT security at their organization. Fortinet believes having non-experts in charge of OT security is asking for trouble.
* Complexity challenges: OT security is gradually improving, but security gaps still exist in many organisations. The report found that a vast majority of organisations use between two and eight different security vendors for protecting their industrial devices and have between 100 and 10 000 devices in operation. This complexity really challenges any security team using multiple security tools. It also creates a gap in their cyber defence and an open invitation for threats to slip through.
Best practices for protecting OT
Besides providing the latest statistics on the state of OT cybersecurity, the 2022 State of Operational Technology and Cybersecurity Report offers insights on how best to handle OT vulnerabilities and how best to strengthen an organisation’s overall security posture.
Some of the key best practices for OT organisations are:
* Employing solutions that offer centralised visibility of all OT activities: A focused, end-to-end visibility of industrial activities is paramount to organizations that require airtight security. The report reveals that the top-flight organisations that reported no intrusions in the past year – only 6% of the respondents – were more than three times as likely to have achieved centralized visibility than their counterparts who were victims of intrusions.
* Consolidating security vendors and solutions: To remove complexity and get centralised visibility of devices, organizations should integrate their OT and IT technology and partner with fewer vendors. By using integrated security solutions, security teams can reduce their organisation’s attack surface and improve their security.
* Deploying network access control (NAC) technology: Organisations that managed to avoid intrusions in the past 12 months were more than likely to have a NAC in place.