365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
The security of industrial plants is often inadequate. Manually managing OT risks is no longer up to date, but many operators still do it this way. One reason for this is dissatisfaction with security products.
Known security flaws are causing concern among operators of industrial plants. Recent security incidents make it clear that it is not just financial motives that are at the forefront. Operators are planning comprehensive increases in their security budgets.
OT operators often have major security deficits and know it. The industry's fear of cyber threats is growing, according to a recent study from the USA. As many as 58 per cent of the companies surveyed with operational technology (OT) classify their security risk as high.
There are plenty of reasons for this. Just recently, a water supplier in the US state of Pennsylvania was the victim of a cyber attack. The suspected Iranian attackers hacked into the devices used to control the water pressure. These come from an Israeli manufacturer. The plant had to switch off the automated system and switch to manual control.
Shortly afterwards, it emerged that the water supplier in Pennsylvania was not the only victim of this attack wave. A brewery, an aquarium and other utilities were also included. The FBI even spoke of a larger number of operators in several US states and felt compelled to issue a warning together with CISA and other security authorities. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), among others, warn of further-reaching security problems: "It is not known whether additional cyber activities were intended or have been achieved that reach deeper into these control units or associated control networks and components. Companies should investigate and assess their systems for these possibilities."
Incidents like these do not go unnoticed by management in the manufacturing sector and raise concerns. This is why 78 per cent of the C-level executives surveyed in the above study intend to increase their cyber security budget. The average planned increase is even 29 per cent.
This also appears to be urgently needed, as only 47 per cent of respondents have an OT security solution. In contrast, most operators still manage OT risks manually. In addition, the majority do not currently have an OT or ICS security strategy. The gap between aspiration and reality is therefore obvious.
One of the most important challenges in the area of OT security identified in the study is improving transparency in terms of security. The current situation makes it very difficult to recognise potential vulnerabilities and possible threats or to identify update requirements.
Another significant problem cited by managers is the flood of warnings and alerts generated by security products. The responsible specialists are overwhelmed by this number, resulting in alert fatigue. This leads to a lack of response to dangerous threats or a delayed response. This problem also includes the lack of automatic prioritisation of alerts. This is because the alarms are not prioritised according to their impact on operations and production.
Furthermore, most organisations rely on reactive solutions instead of proactive risk management. This makes them more vulnerable to attacks. Manual methods are also far less effective than automated security approaches. However, as the survey also shows, the companies surveyed are increasingly aware that they need to utilise available automation options and implement proactive procedures to prevent problems from escalating, as this article shows.
Many of the organisations surveyed have a team that will be developing and implementing an OT strategy in the coming months, which in itself will require an increased security budget. Whilst this is an important step, these teams face significant challenges given the complexity of OT and the number of associated attack vectors.
Author: Uwe Sievers
