Fortinet recently released the 2022 State of Operational Technology and Cybersecurity Report. Based on a detailed survey conducted in March 2022 of more than 500 global operational technology (OT) professionals, the report’s data highlights the current state of OT security and provides a roadmap to better secure OT organizations.
The need to improve OT security is underscored in the report, which found: 93% of OT organizations experienced an intrusion in the past year, and 78% of them experienced more than three intrusions.
Air-gapped no more
Traditionally, security was not as critical a consideration when programmable logic controllers (PLCs)—the brains of any industrial control system (ICS) or OT network—were designed. PLCs never verified the authenticity of message senders, and controller communications had zero encryption capability. Previously, there was no need for these security measures because an organization’s OT network was always air-gapped from their IT network.
Now, however, the situation is quite different. OT and IT networks have converged, and industrial processes have been digitized. The benefits from the integration of these two types of networks are great. They include enhancements in productivity, efficiency, responsiveness, and profitability. Unfortunately, this new connectivity has also brought the negative unintended consequence of making OT networks vulnerable to cyberattacks. IT/OT interconnectedness has allowed threat actors to attack the cyber-physical systems of no-longer air-gapped OT environments, resulting in many serious incidents.
After diving into the report’s data, we can mine these key information nuggets:
- Visibility down equals vulnerability up: The lack of centralized visibility of OT devices, applications, and users increases vulnerability. This lack of visibility contributes greatly to organizations’ OT security risks and having a weak security posture.
- Bottom-line issues: OT security intrusions significantly impact an organization’s productivity and its bottom line. Due to intrusions, nearly 50% of organizations surveyed suffered an operational outage that affected their productivity with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance, and brand-value impacted because of intrusions.
- Responsibility problems: Ownership of OT security is inconsistent in the surveyed organizations. Only 15% of respondents say that their CISO is responsible for OT security at their organization. We believe having non-experts in charge of OT security is asking for trouble.
- Complexity challenges: OT security is gradually improving, but security gaps still exist in many organizations. The report found that a vast majority of organizations use between two and eight different security vendors for protecting their industrial devices and have between 100 and 10,000 devices in operation. This complexity really challenges any security team using multiple security tools. It also creates a gap in their cyber defence and an open invitation for threats to slip through.
Best practices for protecting OT
Besides providing the latest statistics on the state of OT cybersecurity, the 2022 State of Operational Technology and Cybersecurity Report offers insights on how best to handle OT vulnerabilities and how best to strengthen an organization’s overall security posture. Some of the key best practices for OT organizations are:
- Employing solutions that offer centralized visibility of all OT activities: A focused, end-to-end visibility of industrial activities is paramount to organizations that require airtight security. The report reveals that the top-flight organizations that reported no intrusions in the past year—only 6% of the respondents—were more than three times as likely to have achieved centralized visibility than their counterparts who were victims of intrusions.
- Consolidating security vendors and solutions: To remove complexity and get centralized visibility of devices, organizations should integrate their OT and IT technology and partner with fewer vendors. By using integrated security solutions, security teams can reduce their organization’s attack surface and improve their security.
- Deploying network access control (NAC) technology: Organizations that managed to avoid intrusions in the past 12 months were more than likely to have a NAC in place like FortiNAC. This cutting-edge security tool ensures only authorized people can access critical systems and digital assets.
The platform approach
The 2022 report shows that there are widespread gaps in industrial systems’ security, and there are numerous areas begging for improvement. Since cybersecurity must now fully span both the IT and OT network environments to be effective, we believe that a mesh platform is essential for keeping industrial organizations secure. With the centralized visibility that a mesh platform offers, OT vulnerabilities and risks can be plugged and today’s most sophisticated threats can be repelled.
More about the survey
Survey respondents were individuals holding leadership positions responsible for OT and OT security—from managers to C-level executives. These respondents represented a range of heavy OT-user industries, including manufacturing, transportation and logistics, and healthcare. It is based on a survey of more than 500 global OT professionals conducted in March 2022