The Biden Administration has made critical infrastructure security a key priority. This is not an area where we can afford to wait and see what happens, as operational technology (OT) attacks have been rising in number and impact over the last decade.
Part of the reason for this is that OT systems have become increasingly vulnerable to off-site attack. Though OT systems were once separated from IT systems by an air gap, these infrastructures are now nearly always interconnected. That means OT systems are now connected to the internet and can theoretically be accessed from anywhere.
Between this and the increasingly common use of IIoT devices, the threat landscape has expanded dramatically. At the same time, OT systems are increasingly at risk from spillover or collateral damage from attacks directed at interconnected corporate IT networks. Even with increased federal support, manufacturing companies and other OT industries are struggling to implement improved cybersecurity.
A new research report took a hard look at the current condition of cybersecurity in manufacturing and other OT organizations, what they’re experiencing, and what’s behind the challenges.
- Intrusions are occurring regularly, causing revenue and productivity to suffer. According to the 2022 State of OT and Cybersecurity Report, 93 percent of responding firms had at least one OT intrusion in the previous 12 months, with 78 percent experiencing more than three. Nearly half of the firms experienced an operations outage as a result of these intrusions, with 90 percent of intrusions requiring hours or longer to get service running again. In addition, one-third of companies said that OT security attacks impacted data loss, brand value, compliance and revenue. Unfortunately, these statistics aren’t that surprising given what we’re seeing overall.
- OT organizations lack centralized visibility. Only 13 percent of respondents had consolidated visibility of all OT activities, according to the report. Furthermore, only 52 percent of businesses can track all OT actions from their security operations center (SOC). Companies recognize this is a problem; 97 percent of international companies perceive OT to be a substantial or serious factor in their overall security risk. The survey suggests that a lack of centralized visibility contributes to OT security concerns and inadequate security.
- OT security ownership isn’t consistent across organizations. The survey also revealed that OT security management is primarily carried out by directors or managers, led by officials ranging from the director of plant operations to the manager of manufacturing operations. A mere 15 percent of survey respondents reported that their organization's CISO oversees OT security.
- Improvements are being made, but gaps persist. When questioned about how mature their OT security posture is, only 21 percent of firms have reached mature (level 4) security, which involves orchestration and automated management of security. Latin America and APAC reported the highest number of respondents who have attained this level of security. Over 70 percent of companies surveyed are in the middle stages (levels 2 and 3) of developing their OT security posture. Simultaneously, enterprises are encountering difficulties from deploying multiple OT security solutions. According to the report, the overwhelming majority of firms work with two to eight distinct suppliers, each providing between 100 to 10,000 OT security devices in use. This complicates understanding and effectively managing their OT security.
Best Practices for Stronger OT Security
It’s clear that while organizations are making strides toward addressing vulnerabilities in their OT systems, there’s still a lot more work to go in terms of strengthening their overall security posture. Three things that can be done to help in these efforts include:
- Deploy solutions that create a centralized view of OT activities. Enterprises should have centralized, end-to-end visibility of all OT activities to increase their security posture. The six percent of survey respondents who said they had no breaches in the previous year were more than three times as likely to have centralized visibility when compared to their peers who had been breached.
- To integrate across environments, consolidate security tools and suppliers. Organizations should integrate their OT and IT solutions across a smaller number of providers to reduce complexity and gain centralized visibility of all devices. Organizations can shrink their attack surface and improve their security posture by using integrated security solutions.
- Install network access control (NAC). Role-based NAC was more common in organizations that had avoided intrusions in the previous year. NAC ensures that only authorized users and devices can access essential assets or systems.
OT security has the attention of organizational leaders, which is a big step in the right direction. But continued intrusions, a lack of centralized visibility across OT activities and complex OT security are some of the critical challenges these organizations need to address. Consolidating solutions and vendors will help enterprises take a stronger security position, as will obtaining tools that provide NAC and greater visibility. These steps will help organizations close potential security gaps in today’s interconnected OT-IT environments.
Jim Richberg is a Fortinet Field CISO focused on the U.S. public sector. He works to bring cybersecurity solutions to industry and the public sector. He has served as National Intelligence Manager for Cyber and the senior Federal Executive focused on cyber intelligence within the $80+ billion U.S. intelligence community.