OT Cybersecurity Checkup: 300 Leaders Weigh in on Progress
Manufacturing plants and industrial environments rely heavily on operational technology (OT) to monitor and control production and processing, manage equipment and oversee logistics—all mission-critical components of an efficient, reliable operation.
When an OT cybersecurity incident occurs, the consequences can be severe:
- Production shutdowns lead to missed deadlines and potential contractual penalties
- Safety issues put workers and equipment at risk
- Costs escalate amid attempts to recover from the attack
- Revenue is lost due to halted operations
On top of this, organizations across industries are creating connections between their OT and IT systems to drive real-time visibility, cost reductions, scalability and uptime. This convergence of IT and OT connectivity means that more devices are connecting to networks, which expands the threat landscape.
To better understand the cybersecurity views, postures and approaches of today’s OT and IT teams, we worked with Omdia to survey 300 IT and OT decision-makers around the world.
How decision-makers are managing OT cybersecurity
According to the survey, 92% of organizations have experienced some type of cybersecurity incident, and nearly half of those incidents (47%) were serious breaches that had an impact on business, whether in the form of reputation damage, financial loss or something else.
To reduce the likelihood of a cybersecurity incident, and accelerate recovery if and when an event occurs, there are a few key initiatives that plant environments can pursue.
Cyber assessments
To identify vulnerabilities and reduce risk, cyber assessments are essential. They can help:
- Identify vulnerabilities and uncover weaknesses that could be exploited
- Pinpoint risks to help prioritize and allocate resources effectively
- Prevent cybersecurity incidents by addressing issues as they arise
- Improve resiliency to make organizations more resistant to attacks
To better understand how respondents handle cyber assessments, we asked them how often these evaluations are performed in OT security. Nearly all say they conduct them in some form every year:
- Monthly: 23%
- Quarterly: 31%
- Biannually: 27%
- Annually: 19%
- Never: 1%
Assessments aren’t isolated events or mere checkpoints. Instead, they are dynamic evaluations that go beyond compliance to help organizations better understand their defenses so they can adapt and fortify their responses to remain protected in an ever-shifting threat landscape.
The right partner can help you determine the proper frequency and adequate level of depth you should pursue for your cyber assessments.
Incident response plans
The aftermath of an incident lasts far beyond the breach itself. Once an event occurs, organizations don’t want to find themselves standing on uncertain ground, with doubt surrounding the steps required to properly navigate the aftermath of an OT breach.
Robust incident response plans are a strong cyberattack-mitigation tactic. They minimize the mean time to response (MTTR) and prevent operational downtime in industrial settings.
According to what decision-makers revealed in the survey about their incident response plans, there’s a need for more processes to be tailored to OT incident response. While 72% of organizations are adopting approaches to incident response that are unique to OT, almost one-third aren’t: 13% of respondents have no incident response processes in place, and 15% plan to create them in the future but haven’t started yet.
Products certified to IEC 62443
Globally recognized standards, such as IEC 62443, help organizations ensure that products and services are safer and better protected against attacks.
When asked how important it is that the products they purchase are certified against standards like IEC 62443, 49% of respondents indicate that it’s “very important,” while 37% deem it as “important.” Only 2% don’t think it’s important; the remaining 12% feel neutral about it.
Investing in products certified to IEC 62443 can improve security and compliance and reliability, with less probability of failure caused by a cybersecurity event.
OT cybersecurity is a journey, not a destination
Preventive controls are pivotal to address OT cybersecurity challenges.
For example, Network Access Control (NAC) is a key protective technology that seamlessly and effortlessly integrates monitoring and control across critical segments to safeguard users and devices.
It mitigates cybersecurity and operational risks while restricting network access, along with the potential impact of events like malware, ransomware and misconfigurations.
Cybersecurity is an ongoing journey that is built on continuous improvement. This means that organizations must regularly assess the effectiveness of their controls and make adjustments accordingly to enhance resilience.
Download the full report to explore our cybersecurity findings.
Related links:
- Moving Beyond Visibility: Providing Protection to Industrial Automation Networks
- Attacks on Mission-Critical Power Infrastructure: Why Cybersecurity Is Necessary
- Interoperability & Availability: Cybersecurity Foes or Allies?
About the Author
Zane Blomgren is Director, Industrial Cybersecurity at Belden. With over 20 years of cyber security experience, Zane has been called on to help build foundational security controls and assist after cyberattacks have begun. Zane marries his passion for security and his interest in collaborating with and learning from a wide variety of customers to apply best practices in even the most challenging of situations to create more reliable, secure systems for organizations in sectors including energy, transportation, manufacturing and many others.