Engineering workstation compromises were the primary attack vector in 35% of all operational technology (OT) and industrial control system breaches at companies surveyed worldwide this year, doubling from the previous year, according to research conducted by the SANS Institute and sponsored by Nozomi Networks.
While the number of respondents who said they experienced a breach in their OT/ICS systems in the past 12 months fell to 10.5% (down from 15% in 2021), a third of all respondents said they did not know if their systems. Infringed or not.
For the 2022 SANS ICS/OT survey, 332 responses were received, representing industries such as energy, chemicals, critical manufacturing, nuclear, water management and more.
Challenges facing the security of the control system
Some of the biggest challenges facing securing ICS/OT technologies and processes include Combining old and outdated OT with modern IT systems; Traditional IT security technologies that are not designed for control systems and cause disruption in OT environments; IT staff who do not understand the operational requirements of OT; And labor resources are insufficient to implement existing security programs, according to the survey.
Sectors such as business service, health and public health, and commercial facilities are the top three sectors considered by respondents to have the highest likelihood of a successful ICS compromise affecting safe and reliable operations this year.
When asked which ICS components are considered to have the greatest impact on the business if compromised, the majority of survey respondents (51%) cited engineering workstations, laptops, instrumentation, and calibration/test equipment. The majority of survey respondents (54%) also said that engineering workstations, laptops and test equipment are the system components at the greatest risk of being compromised.
Engineering workstations, which include mobile laptops used for instrument maintenance in facilities, have control system software used to program or change logic controllers and other settings or configurations of field devices, the study noted. Unlike traditional IT, ICS/OT systems monitor and manage data that makes real-time changes in the real world with physical inputs and controlled physical actions.
IT systems are a primary attack vector for OT/ICS
Although attacks on engineering workstations have doubled in the past year, they are only in third place in terms of being the primary attack vector for OT/ICS systems. The primary attack vector for OT/ICS systems includes IT, with 41% of companies reporting that IT breaches were responsible for the eventual compromise of their OT/ICS systems.
The second biggest attack vector is removable media like USB and external hard drives. To ward off this threat, 83% of respondents have formal policies in place to manage transient devices, and 76% have threat detection technology in place to manage these devices. In addition, 70% use commercial threat detection tools, 49% use homegrown solutions, and 23% have deployed ad hoc threat detection to manage this risk.
“Engineered systems, while not equipped for traditional anti-malware agents, can be protected using ICS-based network-based detection systems and industry-based network architecture methods,” according to the report. “In addition, as part of routine engineering maintenance tasks for field devices, log capture or log forwarding and standard controller configuration verification are viable ways to begin protecting these assets.”
The report indicates that ICS security is maturing. “The ICS threat intelligence market has come a long way in 12 months. More facilities are using vendor-provided threat intelligence for more immediate and actionable defenses. Unlike most respondents in 2021, respondents in 2022 no longer rely solely on a publicly available threat. Intel “, according to the report, authored by Dean Parsons. “This is a sign of increased maturity and awareness of the value of ICS vendor-specific threat intelligence, as well as budget allocation to improve proactive defense in this area.”
Industrial systems receive their own security budgets
More organizations are achieving an ICS-specific security budget, with 2022 seeing only 8% of facilities without one, according to the report. Twenty-seven percent of organizations have budgets allocated between $100,000 and $499,999, and 25% of organizations have budgets between $500,000 for $999,999.
Over the next 18 months, organizations allocate these budgets to various initiatives; Planning to increase the visibility of cyber assets and their configurations (42%) and implementing network-based anomaly detection and hacking tools (34%). There is also a focus on network-based intrusion prevention tools in control system networks (26%).
Nearly 80% of respondents said they now have roles that emphasize ICS operations, compared to 2021 when only about 50% had such specific roles. However, the organizations suggest that there is still a convergence of responsibilities even though the regions have different missions, skill sets needed and impacts during a security incident.
Almost 60% of survey respondents use passive monitoring, with a network sniffer being the primary method for detecting hardware and software vulnerabilities. The second most common method is continuous active vulnerability scanning.
The third most commonly used method is comparing configuration and control logic programs against known logic versions.
Copyright © 2022 IDG Communications, Inc.
