Compromises of engineering workstations had been the preliminary assault vector in 35% of all operational know-how (OT) and industrial management system breaches in corporations surveyed globally this yr, doubling from the earlier yr. earlier yr, based on analysis carried out by the SANS Institute and sponsored by Nozomi Networks.
Whereas the variety of respondents who stated that they had skilled a breach of their OT/ICS methods up to now 12 months fell to 10.5% (down from 15% in 2021), one-third of all respondents stated they didn’t know if their methods had been breached or not.
For the 2022 SANS ICS/OT survey, 332 responses had been obtained, representing verticals from the vitality, chemical, crucial manufacturing, nuclear, water administration, and different industries.
Challenges going through management system safety
A few of the greatest challenges confronted in securing ICS/OT applied sciences and processes embody integrating legacy and outdated OTs with trendy IT methods; conventional IT safety applied sciences that aren’t designed for management methods and trigger disruptions in OT environments; IT workers not understanding OT operational necessities; and inadequate labor sources to implement present safety plans, based on the survey.
Sectors resembling enterprise companies, healthcare and public well being, and business amenities are the highest three sectors that respondents see as most definitely to have a profitable ICS engagement that can affect secure and dependable operations this yr.
When requested which ICS parts are thought-about to have the best enterprise affect if compromised, the vast majority of respondents (51%) specified engineering workstations, instrumentation laptops, and calibration/take a look at gear. The vast majority of respondents (54%) additionally stated that engineering workstations, laptops, and take a look at gear had been the system parts most vulnerable to being compromised.
Engineering workstations, which embody cell laptops used for on-site system upkeep, have management system software program used to program or change logic controllers and different area system settings or configurations , the examine famous. In contrast to conventional IT, ICS/OT methods monitor and handle information that makes real-time adjustments in the true world with bodily inputs and managed bodily actions.
IT methods are a significant assault vector in OT/ICS
Though assaults on engineering workstations doubled up to now yr, they’re solely third by way of being the preliminary assault vector for OT/ICS methods. The main assault vector for OT/ICS methods entails IT, with 41% of corporations reporting that IT breaches had been answerable for potential compromises of their OT/ICS methods.
The second largest assault vector is detachable media, resembling USB and exterior laborious drives. To maintain this menace at bay, 83% of respondents have a proper coverage in place to handle transient gadgets and 76% have menace detection know-how in place to handle these gadgets. Moreover, 70% use business menace detection instruments, 49% use in-house options, and 23% have carried out ad-hoc menace detection to handle this danger.
“Engineered methods, whereas not outfitted for conventional antimalware brokers, might be protected via ICS-based detection methods and industry-based community structure practices,” based on the report. “As well as, as a part of ongoing engineering upkeep for area gadgets, logging or log forwarding and common controller configuration verification are possible methods to start out defending these belongings.”
The report means that ICS safety is maturing. “The ICS menace intelligence market has come a good distance in 12 months. Extra amenities are utilizing vendor-provided menace intelligence for extra fast and actionable protection measures. In contrast to most respondents in 2021, respondents by 2022 they now not rely solely on publicly out there menace intelligence,” based on the report, authored by Dean Parsons. “It is a signal of elevated maturity and consciousness of the worth of ICS vendor-specific menace intelligence, in addition to finances allocation to boost proactive protection on this space.”
Industrial methods get their very own safety budgets
Extra organizations are getting an ICS-specific safety finances, and by 2022 will see simply 8% of installations with out one, based on the report. 27% of organizations have allotted budgets between $100,000 and $499,999, and 25% of organizations have budgets between $500,000 and $999,999.
Over the subsequent 18 months, the organizations are allocating these budgets to numerous initiatives; planning for larger visibility into cyber belongings and their configurations (42%) and implementing network-based anomaly and intrusion detection instruments (34%). There may be additionally a deal with network-based intrusion prevention instruments in management system networks (26%).
Practically 80% of respondents stated they now have roles that emphasize ICS operations, in comparison with 2021 when solely about 50% had such particular roles. Nonetheless, the organizations recommend that there’s nonetheless a convergence of duties though the areas have totally different missions, expertise wanted and impacts throughout a safety incident.
Practically 60% of survey respondents use passive monitoring, with a community sniffer being the first technique for detecting vulnerabilities in {hardware} and software program. The second commonest technique is steady lively vulnerability scanning.
The third commonest technique used is to check the configuration and management logic applications with identified logical variations.
Copyright © 2022 IDG Communications, Inc.
– Engineering workstation attacks on industrial control systems double: Report
