Increasing concern over Operational Technology cybersecurity

There is no better time than now to prioritize and streamline Operational Technology (OT) cybersecurity. In the broader Industry 4.0 strategy, an organization must seek clarity on cyber risks before establishing a roadmap to move from isolated to integrated systems, as the complexities of OT have rendered traditional IT security strategies ineffective.

Often, OT managers focus their concerns on the physical risks to equipment and manufacturing facilities. And for a good reason: equipment malfunctions, terrorist attacks and internal sabotage have the potential to harm employees, impair operations and even put the public at risk. But, even physical threats to industrial control systems now have cyber components. Standard IT components are now behind every industrial control system and equipment!

Since 2021, sophisticated and well-resourced actors such as ransomware gangs and nation-state hackers have sought to target the critical infrastructure of cities. They have found that critical infrastructure organizations are an attractive target. Ransomware gangs, for example, often target utilities, energy, oil, and gas companies.

Over the past six months, cyberattacks have increased significantly, causing major disruptions in sectors ranging from transport to healthcare. Railways, in particular, have been the target of attacks, leading to the implementation of measures designate to protect rail operators and their assets.

The timeline below summarises the most significant cyber events from July to December 2022.

The concern is growing. Including the potential for large-scale attacks following the war in Ukraine. “While we have not yet seen attacks on the scale feared, there have been documented attacks as part of the ongoing hostilities in the cyberwar promoted by Russia,” says Christopher Budd, senior threat research manager at Sophos.

Last year, Nozomi Networks’ “SANS 2022 OT/ICS Cybersecurity Report” found that 62% of 332 industry representatives from energy, chemical, critical manufacturing, nuclear, water management, etc, rated the risk to their OT environment as high or severe.

It’s no exaggeration to say that the Big Shutdown — a large-scale disaster with far-reaching and damaging implications — is near, and you need to be prepared. A proactive approach to security allows you to take a major step in protecting your organization — as well as the customers you serve — from the serious consequences that would come from a breach of your OT infrastructure.

The good news from Nozomi Networks’ research ?

• 66% of respondents say their OT security budget has increased in the last two years;
• 56%, can already detect vulnerabilities within the first 24 hours of an incident.
• The majority (69%) say they can already move from detection to containment within 6 to 24 hours.
• 87.5% have carried out a security audit of their OT systems or networks in the past year (up from 75.9% who did the same last 2021) — and a third (29%) have now implemented an ongoing assessment programme.
• The overwhelming majority (83%) monitor the security of their OT system. Of these, 41% have used a dedicated OT SOC.
• Organizations are also investing in ICS training and certification. 83% of respondents hold professional control systems certification — a significant jump from 54% in the last 12 months.

Defence efforts are gradually strengthening. Together, asset owners and vendors are advancing approaches to specific needs for OT cybersecurity.

According to Deloitte, the first step to the right OT cyber security strategy is to recognise the following cycle:

From that recognition, the next step is to establish governance — including mundane tasks like monitoring and updating systems. Especially since phishing and IT/OT integration will also be critical cybersecurity issues in 2023. Joint governance with senior IT leadership, security, engineering, and management personnel can provide the proper attention and security for OT systems.