Skip to content
Anasayfa » OT Cybersecurity: Threats and Protection Strategies

OT Cybersecurity: Threats and Protection Strategies

  • by

According to a news article in Helpnet Security, Operational Technologies (OT) has accelerated its cyber security efforts. SANS’s 2019 report states that the cyber risk level for Industrial Control Systems (ICS) has increased.

Since SANS’s 2017 report, many organizations have seen significant improvements in their security posture. In particular, it is observed that IT-OT convergence strategies are adopted. According to Nozomi Networks Manager Edgard Capdevielle, many companies around the world are seeking security against cyber threats. EKS cybersecurity has become a priority for many companies. Organizations are now empowered with innovative technologies that provide deeper visibility and control over OT and IT.

endüstriyel siber güvenlik

Cyber Threat Level to EKS

According to the findings included in the report, half of the survey participants describe the threat level against ICS as high. Additionally, compared to 2017, OT cybersecurity of institutions has become a priority. However, it is also observed that cyber attacks are increasing in parallel with the convergence of OT and IT and the advancement of mobile/wireless technologies. According to the basic data obtained from the report;

  • In 2017, 69% of those surveyed described threats to ICS as high and serious. However, this rate dropped to 50% in 2019.
  • 62% of the participants stated that the “human” factor is the most important risk.
  • It is determined that 61% of cyber incidents encountered by organizations have a devastating impact on OT activities.
  • Unsecured devices, state-sponsored hackers, and incidents within the organization constitute the three main threat areas. These are followed by external threats such as IT integration and supply chain/business partner-related risks.
  • It is still considered an important tactic and mechanism in ICS attacks. It also forms the first step of many ICS attacks. On the other hand, less than 25% of survey respondents are worried about phishing attacks.
OT siber güvenlik

EKS Cyber Security Profile is Maturing

After 2017, it seems that institutions are taking threats against ICS more seriously than before. It is noted that they have addressed and in this context, there has been a significant improvement in their security profile. According to the findings in the report, institutions;

  • 42% have seen an increase in their control systems security budgets in the last two years,
  • 69% perform security audits for OT/control systems and networks,
  • 60% have personnel trained in proactively investigating cyber incidents,
  • 62% have a well-defined (documented) system perimeter or boundary for OT / control systems,
  • 51% use continuous active monitoring to detect security vulnerabilities,
  • 44% use anomaly detection tools,
  • 45% of them detected an attack within 2-7 days following the cyber incident, and 53% of them moved from detecting the attack to ensuring security within 6 to 24 hours,
  • Increasing visibility into control system cyber assets and configurations is a priority for 46%,
  • For 28%, it is stated that the implementation of anomaly and intrusion detection tools in ICS networks is a priority for 2019.

IT/OT Convergence as a Norm

According to SANS’s 2019 report, many organizations have now adopted IT/OT convergence more. However, there are still steps that companies need to take in terms of aligning corporate priorities with this convergence and creating the right budget in this context. In this context, institutions that answer questions about IT/OT convergence;

  • 65% say the current level of OT/IT collaboration is moderate or better than before.
  • 54% say information security managers create a security policy around OT assets, and 42% say the IT manager assumes primary responsibility for implementing relevant controls.
  • 60% say they first consult various internal resources when detecting signs of an attack or penetration of their control system cyber assets or network.
  • 84% have implemented, are implementing, or plan to implement a strategy for OT/IT convergence
  • 30% say investing in general cybersecurity awareness programs for employees operating in IT, OT and hybrid IT/OT fields is a top priority for 2019.

Mobile and Wireless Technologies: An Invisible Threat to OT

The usage limits of ICSs are gradually expanding. Systems are becoming increasingly intertwined and interdependent. Risks and challenges related to cyber security are also increasing in parallel with these developments. However, research participants viewed threats related to mobile and wireless technologies as a relatively lower risk.

The report emphasizes that the risks that arise when some mobile applications replace engineering applications need to be taken into consideration. Additionally, as wireless communication and data transfer from sensor networks become more widespread, the attack surface expands. This situation predicts a cyber attack situation in which institutions may face potentially serious consequences. In addition, according to the data presented by the report;

  • 37% of OT control system connections are wireless (public or private cellular, satellite, or radio). However, research participants do not consider wireless communication to be in the high-risk group.
  • More than 40% of survey respondents use cloud-based services for OT / ICS system functions.
  • Mobile devices (laptops, tablets, and smartphones) that replace or support traditional desktop use or fixed systems are among the top 5 technology risk areas for OT control systems. However, participants in the study evaluate the threats that mobile devices can pose in the low-impact group.

Resource : Helpnet Security, 14.06.2019, “Organizations are advancing their efforts, investing in OT cybersecurity programs”