Rising Incidents in OT/ICS Highlight Disturbing Pattern
Rising Incidents in OT/ICS Highlight Disturbing Pattern

Image: Blake Connally (unsplash)

State-affiliated actors are responsible for 60% of cyberattacks on the industrial sector, with internal personnel often unintentionally facilitating these attacks roughly 33% of the time, as per information from Rockwell Automation.

This data aligns with other industry findings indicating that OT/ICS (Industrial Control Systems) security breaches are on the rise. These incidents frequently target pivotal systems like energy production units.

Internal Staff Often Inadvertently Help Adversaries

Critical sectors such as energy, critical manufacturing, water treatment, and nuclear facilities represent the main targets in most documented cases, informed Mark Cristiano, the commercial director of Global Cybersecurity Services at Rockwell Automation. He further projected that more stringent standards and rules for declaring cyberattacks would emerge, granting the industry valuable data on the attack patterns and necessary defenses against them.

Over the past three years, OT/ICS incidents have outpaced the entire number reported from 1991 to 2000. The energy sector faces the brunt of these attacks, experiencing 39% of them, which is triple the amount seen in other sectors like critical manufacturing (11%) and transportation (10%).

Phishing stands out as the dominant attack method, constituting 34% of incidents. This highlights the need for strategies like segmentation, air gapping, zero trust, and security education to reduce vulnerabilities. Most OT/ICS breaches involve Supervisory Control and Data Acquisition (SCADA) systems at 53%, while Programmable Logic Controllers (PLCs) are the second primary target at 22%.

A majority (80%) of the adversaries operate from outside the targeted organizations. However, internal members inadvertently assist them in about one in three incidents.

The Necessity for Superior IT Security in Critical Infrastructure

Of the studied OT/ICS incidents, 60% caused operational disruptions, while 40% led to unauthorized access or data leakage. The ramifications of these cyberattacks spread beyond just the affected companies, impacting broader supply chains 65% of the time.

The findings suggest that fortifying IT systems’ security is vital to defend against cyberattacks on essential facilities. Over 80% of documented OT/ICS incidents originated from a compromised IT system, which can be traced back to the growing interconnectedness of IT and OT systems. As the IT network forms the communication bridge between OT networks and external networks, it serves as a primary access point for adversaries. Therefore, establishing a robust network framework is essential for bolstering an organization’s cyber defense.

A mere firewall between IT and OT zones isn’t adequate anymore. Due to the continuous interlinking of networks and devices into OT/ICS zones, most industrial setups are vulnerable to advanced threats. It is imperative for every industrial firm to establish and maintain a sophisticated OT/ICS security system to ensure safe and uninterrupted operations.

Sid Snitkin, VP of Cybersecurity Advisory Services at ARC Advisory Group, expressed concern over the surging OT and ICS security breaches. He emphasized that organizations must adopt enhanced cybersecurity measures promptly to avert potential breaches. The evolving threat landscape and potential catastrophic consequences necessitate advanced cybersecurity approaches.