The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Cyber Security Professionals Zero-In on OT Cyber Security
The 2021 SANS OT/ICS Cybersecurity Report shows that cyber security professionals are increasingly focusing on the challenges of securing operational technology.
September 29, 2021 | Robert Bergman
This year’s SANS OT/ICS Cybersecurity Report from Nozomi Networks marks continual growth in cyber security professionals’ attention to operational technology. The 480 industrial control system (ICS) users surveyed this year represents nearly 50% more than they surveyed in 2019 and 54% hold some professional cyber security certification.
Overall, attention to industrial control system security is high. The authors concluded that the respondents recognize that security of their ICS assets is fundamental to their business, and they expressed “ensuring reliability and availability of control systems” as their number one concern.
Threat vectors
Ransomware and nation-state attacks were the top threat vectors of concern, with 54.2% and 41.1% respectively. Concerns about non-state cyberattacks such as criminal, terrorism and hacktivism were at 27.9%. Threat vectors related more directly to the ICS were at about the same level as the non-state cyberattacks. These concern threats from the following:
- Devices and things (that cannot protect themselves) added to the network – 31.3%
- Integration of IT into control system networks – 26.3%
- Risk from partnerships (hardware/software supply chain or joint ventures) – 25.3%
Attack experience
15% of the respondents had suffered a cyberattack from one of the following vectors:
- External remote services – 36.75%
- Exploit of public-facing application – 37.7%
- Internet-accessible device – 28.6%
- Spear phishing attachment – 26.5%
- Replication through removable media – 24.5%
- Engineering workstation compromise – 18%
- Data historian compromise – 14.3%
- Supply chain compromise – 14.3%
- Drive-by compromise –12.2%
- Unknown – 10.2%
- Wireless compromise – 8.2%
- Other – 6.1%
Almost half of the respondents (48%), however, did not know whether their organizations had been compromised or not.
Impact on business
Respondents were also asked to select the ICS components that they considered to be most important to their businesses and which they thought were at the greatest risk. They ranked engineering workstations as number one on both counts, which shows some discrepancy with the report that 18.4% of the actual hacks came in through the engineering workstation. The authors speculate that this could indicate that few of the respondents correlate cyber and process data to analyze system breaches.
Controllers such as programmable logic controllers (PLCs) and intelligent electronic devices, were fourth and fifth respectively in terms of their impact on the business, but they ranked 11th and 9th in terms of perception of risk. Likewise, remote assets, connections to office networks, and mobile devices ranked lower in perceived impact on business than in perceived risk.
|
ICS Component |
Impact on Business |
Perception of Risk |
| Engineering (engineering workstations, instrumentation laptops, calibration and test equipment) assets running commercial OS (Windows, Unix, Linux) |
1 |
1 |
| Server assets running commercial OS (Windows, Unix, Linux) |
2 |
2 |
| Operator assets (HMI, workstations) running commercial OS (Windows, Unix, Linux) |
3 |
3 |
| Embedded controllers or components (e.g., PLCs, IEDs) |
4 |
11 |
| Connections to the field network (SCADA) |
5 |
9 |
| Network devices (firewalls, switches, routers, gateways) |
6 |
8 |
| Control system applications |
7 |
7 |
| Remote access (VPN) |
8 |
5 |
| Connections to other internal systems (office networks) |
9 |
4 |
| Cloud-hosted OT assets |
10 |
10 |
| Mobile devices (laptops, tablets, smartphones) |
11 |
6 |
| Control system communication protocols |
12 |
12 |
|
Field devices (sensors and actuators) |
13 |
16 |
| Physical access systems |
14 |
13 |
|
Plant historian |
15 |
15 |
| OT wireless communication devices and protocols |
16 |
14 |
| Non-routable remote access (modems, VSAT, microwave) |
17 |
17 |
We have only touched on the aspects of the survey that related most directly to control systems. The survey is quite comprehensive and delves into many other areas that affect OT more broadly. Here are some of the others the authors have called out in the executive summary:
- Steady growth in ICS-focused cybersecurity positions
- An overall increase in budget allocation for ICS cybersecurity efforts
- A steady increase in the influence of regulatory regimes to drive cybersecurity investments
- Increase in cloud adoption (and use primarily for operational outcomes)
- Significant adoption of MITRE ATT&CK® framework
- Continued adoption of ICS monitoring technologies and threat-hunting methodologies
- Continued support for patch management (by most) and vulnerability assessment processes if not evenly applied
- Asset inventories continuing to challenge most organizations, with only 58.2% having a formal process (progress, but not enough progress)
For more information on the challenges of OT cyber security see OT Cyber Security Standards for Open Industry.