ICS Cybersecurity Improving, but Legacy Systems & Staffing Continue To Be Major Impediments

by | Nov 15, 2022

The 2022 SANS OT/ICS Cybersecurity Report finds that hackers are continuing to show a very strong interest in industrial control systems, but that organizations tend to be much more prepared after the high-profile incidents of 2021.

This is still not a universal trend, however, as 35% are still not able to tell if they have been compromised and 17% still aren’t monitoring OT system security. This is in spite of budget increases across the board, and a major increase in organizations that now have a discrete ICS cybersecurity budget when they did not previously devote specific funds to it.

Attackers hit some industries harder than others, passive monitoring remains common

When industries are expecting attacks and protecting particularly sensitive equipment, they tend to beef up their ICS cybersecurity to the point that they feel the actual risk of compromise is low. Critical infrastructure such as nuclear plants, dams and chemical producers all reported a relatively low feeling of risk of breach as compared to some sectors that are less frequently targeted with industrial control attacks (business services, health care and commercial manufacturing among these).

It’s heartening to know that the most potentially dangerous sectors appear to be taking ICS cybersecurity seriously, but across the board companies are still somewhat slow to take active measures. Not quite half are conducting active scanning, and a little over a third say that they wait for vendors to notify them of issues before doing anything.

Engineering elements are considered to be most at risk, followed by operator and server assets. Respondents also feel these components would cause the greatest amount of damage were they to be compromised. Passive monitoring remains the most common approach, most likely due to many organizations continuing to run older systems and equipment that does not play nice with modern IT scanning approaches.

ICS cybersecurity challenges: legacy equipment, inadequate it tools, ability to hire ICS specialists

ICS cybersecurity is more crucial than ever as ransomware gangs have shown a willingness to escalate to the sort of real-world damage that they had always shied away from before. Overall, the survey indicates that the industry recognizes the seriousness of this new threat; the bottlenecks appear to be equipment that is hard to replace, IT tools that don’t interface well with specific equipment, and the general cybersecurity hiring crunch making few specialists with ICS knowledge available.

41% of organizations say that ICS threats are a “high” priority, and 22% say they are “critical” issues. More professionals are also spending more time with ICS cybersecurity, moving away from both traditional IT and business duties to take care of industrial equipment issues. But even when organizations have a solid security plan in place, many say that general lack of staff prevents them from implementing it properly.

Business decision-makers expressed the most concern about control systems being reliable and remaining available to use. Departments are working with better budgets this year, and only 7% now lack a specific ICS cybersecurity budget (down from 21% the prior year).

Recent Posts

Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing
Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing

Employee targeted in the voice phishing attack received several different deepfake call attempts and at least one voicemail message, but did not respond as it’s exceedingly rare for anyone to communicate internally via WhatsApp, let alone for the CEO to randomly start peppering an employee with messages after business hours.

How can we help?

8 + 14 =

× How can I help you?