Nearly three quarters (74%) of OT (operational technology) organisations experienced a data breach in the last 12 months, a new study by Fortinet reveals. Â
The State of Operational Technology and Cybersecurity Report reveals that breaches negatively impacted organisations in a myriad of ways, including a reduction in safety, productivity and revenue, the compromise of business-critical data, and damaged brand reputation. Considering these, it’s clear that OT organisations that do not prioritise cybersecurity as part of their IT and OT convergence strategy risk losing all of the benefits of this strategy when they encounter an attack.
Operational technology (OT) refers to the hardware and software used to run industrial control systems (ICS), such as SCADA, that serve as the foundation of various areas of critical infrastructure. This includes industries that are essential to public safety and well-being, including power plants, manufacturing, water utilities, healthcare, transit, and more.
OT differs from traditional IT systems due to the processes and systems that must be incorporated to effectively manage production and resource development systems, including engines, valves, sensors, and even robotics, that are common to critical infrastructure environments but may be absent from traditional IT stacks.
While IT and OT have been managed separately since their inception, there has been a growing movement toward the convergence of these two systems over the past 12 – 18 months. Incorporating IT capabilities such as big data analytics and machine learning into OT systems, along with faster connectivity solutions in order to respond to security and safety events more quickly, has allowed these industries to improve productivity and efficiency, offering a competitive edge to those who combine the systems effectively.
However, it’s important for OT teams to consider how this convergence affects the cybersecurity posture of critical infrastructure, especially given the impact that downtime caused by a cyberattack can have on the economy, health, and productivity of the nation. And worse, the potential safety risks to workers and even local communities should a critical system be compromised.
The most common types of cyberattacks affecting operational technology are malware, phishing, spyware, and mobile security breaches. The survey results show that these attacks persist as a result of four key reasons:
– Lack of visibility: 78% of organisations only have partial cybersecurity visibility into operational technology. This makes it difficult for teams to detect unusual behaviour, quickly respond to potential threats, and perform threat analysis – all of which are crucial to a successful cybersecurity posture.
– Lack of personnel: As we have often seen elsewhere, due to the cybersecurity skills gap the low availability of skilled security professionals is a key concern for operations leaders considering implementing new security tools and controls in the network.
– Rapid pace of change: 64% of operations leaders note that keeping up with the pace of change is a challenge when it comes to security, and yet, at the same time, slowing digital transformation efforts for any reason can compromise their competitive edge.
– Network complexity: OT network environments are complex, with anywhere from 50 to 500 devices to monitor and secure, many of which come from different vendors. This exacerbates the challenges surrounding visibility and personnel, as each device stores different data and has different security configuration needs and requirements. Â
Improving security for OT
With these attack vectors and security challenges in mind, there are several steps operations leaders can take to improve the security posture at their organizations and minimize the risks associated with downtime in the wake of an attack.
First, 62% of organisations stated intentions to dramatically increase their cybersecurity budgets this year. Additionally, organisations are also adjusting their cybersecurity strategies, with 70% stating their intention to make the CISO responsible for OT cybersecurity in the next year—currently, just 9% of CISOs overseeing OT security.
