Nozomi Networks-Sponsored SANS Survey Finds Industrial Organizations are Going All-In to Tackle Growing Threats to OT/ICS Cyber Security

Latest SANS ICS Survey reinforces 2019 is the year for ICS Cyber Security: Organizations are advancing their efforts and making investments to rapidly deploy OT cybersecurity programs and technology

SAN FRANCISCO, June 12, 2019 — Nozomi Networks, Inc., the leader in industrial cyber security and operational visibility, today announced its contribution to the SANS 2019 State of OT/ICS Cybersecurity Report. Released today, and echoing Nozomi Networks own experiences with customers worldwide, the survey finds that ICS cyber security threats remain high and present evolving challenges. However, since the last SANS OT/ICS report released in 2017, a growing majority of organizations have significantly matured their security postures over the last two years and are adopting strategies that address OT/IT convergence.

“The findings in this latest SANS report make it clear that 2019 is the year for ICS cyber security,” said Nozomi Networks CEO Edgard Capdevielle.  “We see the urgency and growing demand every day as more and more industrial companies around the world reach out to us for help in aggressively arming themselves against cyber threats rising in number, persistence and strength. ICS cyber security is a priority and organizations are strengthening their cyber security posture with innovative OT security technologies that provide deep visibility and control across OT and IT.”

ICS Cyber Security Risk Has Improved – But Remains High

Half of this year’s respondents rate their ICS security threat as high or severe. While down significantly from 2017, it is still a daunting number that reinforces the fact that even as organizations make OT cyber security a priority, cyber attacks and data breaches continue to rise and are evolving as OT and IT converge and organizations adopt mobile and wireless capabilities.

• 50% of respondents rank ICS security threats high or severe/critical – down from 69% in 2017.
• 62% identify people (internal and external) as the greatest risk for compromise.
• 61% of all incidents had a disruptive effect on OT activities
• Unprotected devices, nation-states/hactivisits and internal accidents rank as the top three threats, followed by IT integration and external (supply chain or partner) threats.
• Less than 25% of respondents worry about phishing scams, despite continued evidence from ICS attack research that this tactic continues to be a favored mechanism to establish an initial point of compromise and entry into many industrial control systems in IT.

ICS Cyber Security Postures are Maturing

This year’s survey found most organizations are now taking ICS threats seriously and are making solid progress in maturing their security postures.

• 42% saw their control system security budget increase over the past two years (vs. 29% in 2017).
• 69% have conducted a security audit of their OT/control systems or networks in the past year.
• 60% now proactively depend on trained staff to search out events, up 23% from 2017.
• 62% have a well-defined (documented) system perimeter or boundary for their OT/control systems.
• 51% are using continuous active monitoring to detect vulnerabilities.
• 44% now use anomaly detection tools to identify trends (up 9% from 2017).
• 45% say they are now detecting compromise within 2-7 days of the incident. 53% of those say they move from detection to containment within 6 to 24 hours.
• 46% say increasing visibility into control system cyber assets and configurations is a 2019 priority.
• 28% say implementing anomaly and intrusion detection tools on ICS networks is a 2019 priority.

OT/IT Convergence is the Norm

This year’s survey found most organizations now embrace OT/IT convergence – while there’s still much to do as organizations work to align their corporate priorities and maintain their budgets.

• 65% say the current OT/IT collaboration level is moderate or better.
• 54% say the CISO/CSO establishes security policy around OT assets while, for 42%, the IT manager bears primary responsibility for implementation of the related controls.
• 60% of organizations first consult a variety of internal resources when signs of an infection or infiltration of their control system cyber assets or network are detected.
• 84% either have implemented, are implementing or plan to implement a strategy to address OT/IT convergence.
• 30% say investing in general cyber security awareness programs for employees including IT, OT and hybrid IT/OT personal is a top priority for 2019.
• 27% say bridging IT and OT initiatives is a top priority for the year.

Mobile and Wireless – the Underestimated Threat

Cyber security challenges are expanding as ICS boundaries become broader, interwoven and interdependent, exchanging information with myriad other systems and processes. Challenges in this area include mobile and wireless devices, which respondents give a low level of risk. The report points out that some mobile applications replace engineering workstation applications, and they should treat their risk at a higher level. Also, wireless communication is becoming more widely used to transfer data from sensor networks. This further increases the attack surface and opens an organization up to severe consequences if compromised.

• 37% of OT control system connections are wireless (public or private cellular, satellite or radio), yet respondents did not rate wireless communications and protocols as subject to high risk or impact.
• More than 40% of respondents are using cloud-based services for a number of OT/ICS system functions.
• One out of six respondents use cloud-based services for “control system application virtualization, including remote logic,” lending to the growing importance and dependence on cloud services.
• Mobile devices (laptops, tablets and smart phones) that replace or augment traditional desktops or fixed systems are among the top 5 technology risk areas for OT control systems, however respondents consider them to have a low level of impact (almost last).

‍

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

‍