Survey Shows Improvement in Cybersecurity Practices Across Industrial Control Systems (ICS) and Operational Technology (OT) but Emphasizes Need for Enhanced Response Capabilities
In an era where cyber threats loom larger than ever, the importance of robust cybersecurity practices in Industrial Control Systems (ICS) and Operational Technology (OT) cannot be overstated. The SANS Institute has recently unveiled the findings of its 2024 State of ICS/OT Cybersecurity Survey, which highlights significant advancements in securing these critical environments. However, the report also raises alarms about the persistent vulnerabilities that many organizations face, underscoring the urgent need for enhanced response capabilities.
A Step Forward in Cybersecurity Maturity
The survey, presented by Jason D. Christopher, a SANS certified instructor and the survey’s author, reveals a landscape of improvement in cybersecurity practices across ICS and OT sectors. Organizations that have adopted cybersecurity standards and integrated threat intelligence into their programs are notably ahead of their peers. These organizations demonstrate superior maturity and capabilities, allowing them to detect cyber events more swiftly and effectively.
For instance, organizations with a structured approach to ICS/OT cybersecurity are more likely to have mapped all external connections to their industrial environments and typically maintain dedicated ICS/OT-specific Security Operation Centers (SOCs). In contrast, those lacking such frameworks often struggle with basic governance and incident response capabilities, leaving their critical systems vulnerable.
Historical Trends: A Five-Year Perspective
For the first time, the 2024 State of ICS/OT Cybersecurity Survey provides insights into historical trends over the past five years. The findings reveal a positive trajectory in the security of industrial facilities. In 2019, the majority of respondents who experienced an ICS/OT cybersecurity incident took between two to seven days to detect a compromise. Fast forward to 2024, and over half of respondents reported detection capabilities of less than 24 hours—a significant leap forward for critical infrastructure asset owners and operators.
Moreover, the deployment of basic security measures, such as endpoint protection and multifactor authentication for remote access, has seen substantial increases since 2019. This upward trend reflects a growing recognition of the importance of ICS/OT security and a commitment to allocating more time, resources, and strategic planning to protect these systems.
Key Findings of the 2024 Survey
The survey’s findings paint a complex picture of the current state of ICS/OT cybersecurity. Here are some of the key takeaways:
1. Improved Detection Capabilities
The survey indicates a marked improvement in detection capabilities, with OT-specific monitoring usage rising from 33% in 2019 to 52% in 2024. This increase underscores the critical need for visibility within these networks, enabling organizations to respond more effectively to potential threats.
2. Significant Gaps in Preparation and Workforce
Despite the progress, there are alarming gaps in preparation. Only 34% of respondents utilize range environments with ICS/OT-specific tools for cyber incident preparation. Additionally, 51% of respondents protect their systems without relevant certifications, raising concerns about the readiness of security teams to recover from industrial cyber incidents.
3. Growing Adoption of Cloud Solutions
Interestingly, the adoption of cloud-based ICS/OT solutions has increased by 15%, particularly in non-regulated environments. While this trend reflects a shift towards modernizing infrastructure, it also raises questions about the security implications of cloud integration in critical systems.
4. Limited AI Adoption
Artificial Intelligence (AI) remains largely experimental within the ICS/OT landscape. Few organizations have successfully integrated AI into their cybersecurity practices, primarily due to a lack of established use cases and concerns regarding safety and reliability.
Bridging the Gap: The Need for Enhanced Response Capabilities
As Jason Christopher notes, “The gap between security leaders and the rest of the industry is growing.” While some organizations are making remarkable strides by leveraging industry standards and ICS-specific threat intelligence, many others are still grappling with the complexities of securing these critical environments. This disparity poses a significant risk, especially as interconnectedness increases across industrial sectors.
The survey findings emphasize the urgent need for organizations to enhance their incident response capabilities. Developing a dedicated incident response plan, investing in training for security teams, and implementing ICS/OT-specific security operations are crucial steps in bridging the gap between the ‘haves’ and the ‘have-nots’ in cybersecurity.
Conclusion
The 2024 State of ICS/OT Cybersecurity Survey serves as both a beacon of hope and a call to action. While it highlights significant improvements in cybersecurity practices within ICS and OT environments, it also underscores the critical vulnerabilities that remain. Organizations must prioritize enhancing their response capabilities to safeguard their critical infrastructure against the evolving landscape of cyber threats. As the industry matures, the commitment to continuous improvement in cybersecurity practices will be essential in protecting the backbone of our modern economy.
In a world where the stakes are high, the time for action is now. Organizations must not only celebrate their achievements but also recognize the work that lies ahead in securing their industrial environments.