Advancements and Challenges in ICS/OT Cybersecurity: Insights from the SANS 2024 Survey

The SANS Institute has unveiled its highly anticipated 2024 ICS/OT Cybersecurity Survey, shedding light on the evolving landscape of cybersecurity for industrial control systems (ICS) and operational technology (OT). As critical infrastructure faces increasing cyber threats, this survey highlights both notable advancements and persistent challenges in safeguarding these essential systems.

Key Findings from the SANS 2024 Survey

Improved Detection Capabilities

One of the most encouraging findings from the survey is the marked improvement in detection capabilities among organizations utilizing ICS/OT cybersecurity standards. The survey revealed that organizations employing these standards are significantly more adept at detecting cyber events. In 2019, a majority of respondents reported taking 2-7 days to detect a compromise. Fast forward to 2024, and over half of the respondents indicated that they can now detect incidents in less than 24 hours. This shift underscores the importance of robust detection mechanisms in protecting critical infrastructure.

Gaps in Preparation and Workforce

Despite these advancements, the survey also highlighted significant gaps in preparation and workforce readiness. Alarmingly, only 34% of respondents reported preparing for cyber incidents using ICS/OT-specific tools. Furthermore, 51% of organizations are protecting their systems without relevant certifications, raising concerns about their ability to effectively respond to incidents. This disparity in preparedness poses a substantial risk, particularly as the interconnectedness of systems increases.

Growing Adoption of Cloud Solutions

The survey noted a growing trend towards the adoption of cloud solutions within the ICS/OT space. Despite initial hesitations, there has been an over 15% increase in the adoption of cloud-based ICS/OT solutions, especially in non-regulated environments. This shift reflects a broader acceptance of cloud technologies, although it also raises questions about security and compliance in these new environments.

Limited AI Adoption

Artificial intelligence (AI) remains largely experimental in the realm of ICS/OT cybersecurity. The survey found that few organizations are currently applying AI to their cybersecurity strategies, primarily due to a lack of use cases and concerns regarding safety and reliability. As organizations explore the potential of AI, it will be crucial to develop practical applications that enhance security without introducing new vulnerabilities.

The Importance of Standards and Governance

The survey emphasized that organizations leveraging ICS/OT cybersecurity standards and threat intelligence are far ahead of their peers in terms of maturity and capabilities. These organizations are quicker to detect cyber events, have a comprehensive mapping of external connections to their industrial environments, and often maintain dedicated ICS/OT-specific security operation centers (SOCs). In contrast, organizations lacking such guiding principles tend to struggle with central governance for industrial cyber risk management and often lack basic capabilities, such as a dedicated incident response plan.

A Call for Enhanced Response Capabilities

Jason D. Christopher, a certified instructor at SANS and the survey’s author, noted the growing recognition of the importance of ICS/OT security. He stated, “We’re seeing more time, resources, and strategy being allocated to protect these systems. However, the gaps we’re identifying, particularly around ICS/OT-specific security operations and visibility into industrial environments, highlight that we still have a lot of work to do.” This call to action emphasizes the need for organizations to enhance their response capabilities to effectively mitigate risks.

Historical Trends and Future Outlook

The SANS Institute 2024 survey also examined historical trends over the past five years, revealing hopeful signs of improved security for industrial facilities. The increase in the use of OT-specific monitoring tools, from 33% in 2019 to 52% in 2024, highlights the growing recognition of the need for visibility in critical networks. However, the survey also pointed out that many organizations are still grappling with basic security protections, indicating that there is much work to be done.

Conclusion: Bridging the Gap

As the SANS Institute 2024 survey reveals, while there are significant advancements in ICS/OT cybersecurity, substantial gaps remain. The disparity between organizations that are well-protected and those that are not poses a major risk as interconnectedness increases. The findings come at a crucial time when the U.S. Department of Homeland Security (DHS) has warned of escalating threats to critical infrastructure.

To further explore these findings, the SANS Institute will host the SANS 2024 ICS/OT Cybersecurity Survey Webcast on October 9, 2024, featuring insights from industry leaders and actionable recommendations for enhancing ICS/OT security strategies. Registrants will receive a complimentary copy of the survey whitepaper, providing a deeper understanding of the current state of ICS/OT cybersecurity.

As organizations continue to navigate the complexities of securing critical infrastructure, the insights from the SANS 2024 survey serve as a vital resource for improving cybersecurity posture and safeguarding against emerging threats.

Anna Ribeiro
Industrial Cyber News Editor
Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization, and IoT. Read more about Anna.