Rockwell Automation found:
Regulation of OT cybersecurity is getting stronger in the US and across Europe, especially for industries involved in critical infrastructure areas. Stronger regulation means industrial organizations should evaluate their current cybersecurity protections for potential vulnerabilities and add more proactive security measures to better protect their industrial operations.
Key Findings (2)
Of all the security incidents analyzed in this report, 60% of OT/ICS incidents resulted in operational disruption.
40% of OT/ICS incidents result in unauthorized access or data exposure.
SCADA systems were targeted in more than half of OT/ICS security incidents, followed by PLCS. Cisa and the US National Security Agency warned of PLC attacks in an OT cybersecurity advisory report.
The broader supply chain is also affected about 65 percent of the time. One Japanese automaker suspended operations at 28 production lines at 14 plants for at least a day. The move follows a suspected cyber attack on one of the company’s key supply chain partners, a manufacturer of plastic parts and electronic components.
Key Findings (3)
As shown in the chart below, the energy industry has the highest concentration of security attacks (39%), and is attacked more than three times as often as the next highest vertical industry. As has been reported, the potentially huge impact of an attack on infrastructure also creates greater opportunities for ransomware and hostile forces. However, power plants, substations and related infrastructure are also aging, many of which were built even 50 years ago, and the old infrastructure is clearly inadequate in terms of safety controls.
The U.S. government has recognized the increasing number of safety incidents targeting the water and wastewater sectors and has implemented emergency regulations in related departments and other critical infrastructure sectors.
Tighter reporting requirements by regulators are a global trend. Governments are forcing public and private entities to disclose security attacks, data theft, and ransom payments. One such EU regulation is the Secure Networks and Information Systems Directive.
Key Findings (4)
More than 80% of security incidents begin with threats to IT systems. This can be attributed to increasing interconnectedness; Most OT networks communicate with the outside world through IT networks. In addition, attackers are increasingly exploiting Internet-facing systems such as human machine interfaces (HMIs) and engineering workstation applications, which are prime targets.
This underscores the importance of having the right network architecture in place to support enterprise security in an era of increasing industrial connectivity. Informing employees of the potential risk of an attack increases if networks are set up incorrectly, OT networks are separated and air gap isolated, and other best practices such as ongoing security awareness training are adopted.