Operational technology (OT) is the cyber physical foundation that enables the world’s factories, energy production and transmission facilities, transportation networks, and utilities to function.

By Rick Peters, chief information security officer: operational technology at Fortinet

To boost operational efficiency and profitability, many OT companies have been integrating OT infrastructure and thereby indirectly connecting supervisory control and data acquisition (SCADA) systems with IT networks to manage actionable data across a formerly air-gapped framework. However, the improved agility and efficiency derived from digitally connected OT-IT networks comes with increased cybersecurity risk.

To understand the types of threats facing operational technology and how OT teams can mitigate these threats, Fortinet conducted a survey of organisations in critical industries with greater than 2,500 employees. The company surveyed plant and manufacturing operations leaders in manufacturing, energy and utilities; healthcare and transportation.

The results are compiled in the Fortinet 2021 State of Operational Technology and Cybersecurity Report. The report illuminates where OT is most vulnerable, the types of cyberattacks organisations face, current security tactics, and the areas where cybersecurity protocols need improvement.

 

Security struggles continue within OT organisations

This year’s report indicates that OT leaders continue to be involved in cybersecurity, but it remains a struggle. And over the past year, the pandemic only added to the security issues leaders had to face. The momentum for OT-IT network convergence was evident pre-pandemic, but the effects of pandemic-driven innovation accelerated digital transformation and increased extended connectivity.

Facing the challenge of extending the plant environment to accommodate remote work, many organizations had to increase their technology budgets to support rapid solution deployment. Seeking to benefit where possible from the many changes brought about by the pandemic, many OT leaders are looking for new ways to streamline processes and reduce future costs.

Although progress is being made, there is room for improvement. Most OT organizations are not leveraging orchestration and automation and their security readiness was further taxed by the COVID-19 crisis. OT-IT network convergence coupled with an ever-increasing advanced threat landscape and coping with pandemic-related issues made it even more difficult for OT leaders to stay ahead of disruptive cyber adversaries.

The Fortinet study highlights four key insights about the current state of OT security across organisations.

OT security challenges include:

  • OT organisations continue to experience intrusions – As a group, organisations represented by the OT leaders who participated in the survey faced challenges in preventing cyber criminals from accessing systems and disrupting business. Nine out of ten organisations experienced at least one intrusion in the past year, which is almost identical to the results of the 2020 survey. Arguably, the pandemic presented some unforeseen challenges, however a 90% rate of intrusion represents a significant problem that should concern OT leaders.
  • OT leaders weren’t prepared for pandemic-related changes – OT leaders had to quickly increase spending to manage the processes related to the digital connectivity of IT-OT network assets that are essential to supporting work from home. These two separate issues both affected technology budgets. SOCs and NOCs required more staff and equipment as the pandemic accelerated digital transformation and increased the need for connectivity for secure remote access. Employees working from home and OEMs and system integrators were hampered by their ability to travel. The pandemic accelerated the need for secure remote access as technical staff could not be on-site to perform work in-person.
  • Organisations faced malware and an increased incidence of insider threats and phishing – The survey showed significant growth in phishing attacks with 58% reporting this type of intrusion, up from 43% last year. The increase in phishing stems from attackers exploiting weaknesses related to the rapid changes to support remote work that emerged at the beginning of 2020. Along with balance of most global IT business, OT organizations were clearly affected. As employees continue to work remotely, it is clear that OT organisations need to extend zero trust to their endpoints to address the expanded attack surface.
  • OT leaders continue to struggle with security measurements  OT leaders are tracking and reporting cybersecurity measurements consistently with “cost” falling lower on the priority list than “risk assessment” and “implications to the business.” Vulnerabilities (70%), and intrusions (62%) remain the top cybersecurity measurements that are tracked and reported, but tangible risk management outcomes have become more prevalent this year (57%).

 

Overcoming the OT challenges 

Arguably, the demand for resiliency that is achieved from implementing cybersecurity best practices has gained amplified interest over the past 12 months. Despite that interest, the 2021 report indicates that OT leaders continue to struggle. Increased digital connectivity of OT and IT networks rolls on, yet in this year’s survey only 7% of OT leaders reported no intrusions. It’s clear that many organizations face challenges when it comes to security practices and ultimately protecting their infrastructure from today’s increasingly sophisticated cyber threats.

With that said, top-tier OT organisations are realising cybersecurity success and managing to weather the unusual situation brought on by the pandemic and the corresponding rapid innovation. Those top-tier organisations continue to make a commitment to promoting centralised visibility and taking a proactive approach to security to protect their critical systems.