The SANS 2019 State of OT/ICS Cybersecurity Survey explores the challenges involved with designing, operating, and managing risk to industrial control systems and their assets. Security professionals from all around the world, responsible for both Enterprise IT and Operational Control networks, took part in the survey to answer an underlying question – how can we identify potential risks in time to remediate them?
As organizations grow increasingly aware of the operational risks posed by personnel and human error, not only just malicious actors, it is essential for these organizations to better leverage the links that exist between IT and operational technology (OT) to better protect their infrastructure. Cybersecurity efforts can no longer remain siloed according to specific applications or location within an organizations’ many IT and OT networks.
Regardless of the industry, a modern cybersecurity strategy requires a synergy between people, process and technology.
Over 62% of the SANS Survey respondents consider the human factor as the greatest risk to their operations in 2019, yet most security budgets for this category don’t exceed $100,000. This is a blind spot for many organizations that will become a larger focus in the next few years.
Investment into cybersecurity strategy should always begin with people. Differing roles and unclear responsibilities among staff can make things difficult, so it’s important to set specific rules and align business concerns with the current threat environment before you begin a project. A good place to start is with defined cybersecurity training. Survey respondents named this as a top business initiative for 2019, with 29% of companies stating they would be investing in more trainings for IT, OT, and hybrid IT/OT personnel.
Another important step is to create clear guidelines and a future-oriented roadmap detailing how IT and OT teams should work together—not only will they learn a lot from each other, but the connection between them might also be a crucial security point of improvement. Increased cooperation also means better oversight and accountability. The organizational security goals should also be actively updated and reassessed by stakeholders as the company progresses further into cybersecurity maturity.
Cybersecurity and operational tools are likely to be a point of convergence in this effort, as they streamline and align monitoring functions, security protocol and policy enforcement for all internal stakeholders – the people. This key point will be echoed as we explore processes and technology as well.
The process itself can sometimes be forgotten as a potential risk – only 14% of the survey’s respondents perceive it as the greatest security threat, and almost half of all companies are budgeting less than $500,000 for it in 2019. Identifying weak links in the process should be a priority, not an afterthought – and examining processes with IT-OT convergence in mind is key.
Why build IT-OT converged processes? It’s simple. When IT monitors OT, it gathers a ton of data that can be used to plan a strong cybersecurity strategy for the company, including investing in the right training and technology. It’s important to also consider external companies that can sort through this data, audit security systems and thoroughly examine processes to identify potential threats.
Although the full convergence of IT and OT might take some time, companies should start incorporating processes that support this organic and gradual evolution into their operations now. Of the companies surveyed, 84% have already adopted or are planning to adopt an IT-OT convergence strategy, which means technology providers within the cybersecurity solutions space will have their hands full in this growing market. The early bird gets the worm and isn’t stuck in lines that go around the block.
Only 22% of respondents consider technology as the greatest security risk in their operation, yet most companies that heavily invest in OT/ICS security allocate the funds to technology, with over 40% of them setting a budget of at least $1M. The disproportion probably comes from the fact that we tend to glorify IT. Don’t get me wrong, it’s important to pay attention to and invest in good technology, but not at the expense of the other pillars of security. A holistic solution is the answer.
This is exactly why executive, IT and OT cybersecurity stakeholders need to work together. Technology can examine parts of the OT network that may be invisible to both people and processes, so increasing device visibility and gathering important information helps people gain complete control over OT assets and provide cross-functional orchestration with other cybersecurity and operational tools like SIEMs and firewalls. A popular way to achieve this level of orchestration is to focus on an OT/ICS cybersecurity solution’s ability to integrate with your existing IT infrastructure. With 37% of respondents hoping to implement an OT network monitoring solution in the next 18 months, the level to which the solution is deployable and user-friendly should be strongly considered.
With technology silently running the show from backstage, and trained, competent staff providing oversight, processes can run smoothly and securely. The perfect trio to make sure your business is not only secure but optimized.
The Big Picture
Effective OT/ICS security begins with understanding the big picture. The SANS 2019 State of OT/ICS Cybersecurity Survey offers deep insight into many aspects of protecting your company from the increasingly real risk of both accidents and attacks that threaten industrial control systems every day.
Download the survey for more recommendations on enhancing your company’s strategy to protect the heart of your business.