Operational technology (OT) is the physical foundation that enables factories, energy production and transmission facilities, transportation networks, and other services for the entire population to function. To boost operational efficiency and profitability, many OT companies have been integrating OT infrastructure and thereby indirectly connecting supervisory control and data acquisition (SCADA) systems with IT networks to manage data across a formerly air-gapped framework. But the improved agility and efficiency derived from digitally connected OT-IT networks comes with increased cybersecurity risk.
To understand the types of threats facing operational technology and how OT teams can mitigate these threats, Fortinet, a provider of comprehensive, integrated and automatic cybersecurity solutions, conducted a survey of organizations in critical industries with more than 2,500 employees. The survey was conducted among operational managers in the manufacturing, energy and utilities, healthcare, and transportation industries. The full results can be read in the Fortinet 2021 State of Operational Technology and Cybersecurity Report, which emphasizes where OT is most vulnerable, the types of cyberattacks organizations face, current security tactics at organizations, and the areas where cybersecurity protocols need improvement.
Cybersecurity challenges continue within OT organizations
Fortinet's survey for 2021 indicates that OT leaders continue to be involved in cybersecurity, but it remains a struggle, and over the past year the COVID-19 pandemic only added to the security issues leaders had to face. The momentum for OT-IT network convergence was evident before the pandemic, but the effects of pandemic-driven innovation accelerated digital transformation and increased extended connectivity.
Many organizations faced the challenge of extending the plant environment to accommodate remote work, which created the need to increase their technology budgets to support rapid solution deployment. In order to benefit where possible from the many changes brought about by the pandemic, many OT leaders looked for new ways to streamline processes and reduce future costs.
Although progress was made, there is still room for improvement. Most OT organizations are not using centralized management and automation, and their security readiness was set back several steps by the COVID-19 crisis. OT-IT network convergence, the advanced threat landscape and problems connected to the pandemic made it even more difficult for OT leaders to stay ahead of disruptive cybercriminals.
The survey's findings provide a number of important insights about the current state of OT security among organizations:
- OT organizations continued to experience intrusions - the OT leaders faced the challenge of preventing cyber criminals from accessing systems and disrupting their critical businesses. Nine out of ten organizations experienced at least one intrusion in the past year, which is almost identical to the results of the 2020 survey. According to the findings of the survey, 90% of the intrusions to organizations represented a significant problem that should concern OT leaders.
- OT leaders weren't prepared for pandemic-related changes - OT leaders had to quickly increase spending to manage the processes related to the digital connectivity of IT-OT network assets that are essential to supporting work from home, which both affected technology budgets. According to the findings of the survey, 45% of respondents increased the budgets for investment in technologies to support remote work.
- In addition, SOCs and NOCs required more staff and equipment as the pandemic accelerated digital transformation and increased the need for connectivity for secure remote access. Employees working from home, OEMs and system integrators were hampered by their inability to move from place to place, with the pandemic accelerating the need for secure remote access as technical staff could not be on-site to perform the work in-person.
- Organizations face malware and an increased incidence of insider threats and phishing - The survey showed significant growth in phishing attacks with 58% reporting this type of intrusion, up from 43% last year. The increase in phishing stems from attackers exploiting weaknesses related to the rapid changes to support remote work that clearly affected the OT organizations. As employees at OT organizations continue to work remotely, there is a need to extend zero trust to their endpoints to address the expanded attack surface.
- OT leaders continue to struggle with security measurements - OT leaders are tracking and reporting cybersecurity measurements consistently, with "cost" falling lower on the priority list than "risk assessment" and "implications to the business." Vulnerabilities (70%), and intrusions (62%) remain the top cybersecurity measurements that are tracked and reported, together with tangible risk management outcomes (57%) that have become more prevalent this year.
Rick Peters, CISO Operational Technology at Fortinet, said that "the demand for resiliency that is achieved from implementing cybersecurity best practices has gained amplified interest over the past 12 months. Despite that interest, the 2021 report indicates that OT leaders continue to struggle."
"Increased digital connectivity of OT and IT networks rolls on, yet in this year’s survey only 7% of OT leaders reported no intrusions. It's clear that many organizations face challenges when it comes to security practices and ultimately protecting their infrastructure from today's increasingly sophisticated cyber threats," he said. Thus, OT organizations need to continue to take action to consolidate a zero-trust approach for remote users and focus on cybersecurity awareness and training to defend their critical systems.