After results from a survey of 1,056 security professionals were released in February, showing industrial operational technology worldwide that is widely vulnerable to intrusion, we at Smart Industry got curious, so we emailed a single-question survey to our own readership that simply asked: What’s the alert level at your organization about OT security?
The results of the SI survey, at least when it comes to that one critical question, mirror those from the Ponemon Institute/Cyolo survey of security professionals in the U.S. and in Europe, the Middle East, and Africa. A large majority in the SI poll—76%—said they were “very concerned” or “somewhat concerned” about OT security in their manufacturing operations.
See also: Industrial OT widely vulnerable to intrusion, survey finds
The other 24% who responded to the Smart Industry question, which was emailed to readers on April 8, said they weren’t at all concerned about OT security or that they possessed no knowledge about their organization’s level of concern.
Gaps, little visibility into OT to know about vulnerabilities
The February Ponemon/Cyolo report identifies significant gaps in securing access to connected OT environments. It also revealed that most industrial organizations—73%—lack visibility into their OT assets, so they don't even know about their possible vulnerabilities. A bare majority—55%—of that report's respondents believed their organizations “effectively” or “very effectively” mitigated risks and security threats to the OT environment.
Moreover, only 27% of respondents said their organizations maintain accurate inventories of OT assets. Also, 69% said their organizations have either no inventories or inaccurate and outdated inventories, and the remaining 5% were unsure about the state of their asset inventories.
“Our world has become increasingly interconnected, and the findings of this report highlight the vital need for organizations to re-evaluate and enhance their strategies for ensuring secure access into OT environments,” Larry Ponemon, chairman and founder of the Michigan-based Ponemon Institute, said when the survey results were released. Ponemon’s partner in the research was Israel-based remote access management solution provider Cyolo.
See also: Maximum security? How multifactor authentication is being defeated
The report, titled “Managing Access & Risk in the Increasingly Connected Operational Technology (OT) Environment,” reveals that many industrial organizations lack the resources, expertise, and collaborative processes to effectively mitigate threats and ensure secure access to OT systems.
“Ensuring secure access to OT environments is about more than just cybersecurity,” the Feb. 21 release distributed by Cyolo said. “These environments contain highly sensitive systems and critical infrastructure responsible for keeping manufacturing lines running, water and electricity flowing, and performing other tasks vital to the smooth functioning of our communities.”
See also: Air gapping OT assets may be the only sure way to shield critical infrastructure
“We are at a crucial point in the evolution of OT security, and the need to secure access to critical systems from internal and external threats is more urgent than ever,” said Joe O'Donnell, who is executive VP of corporate development and general manager of OT at Cyolo.
“The stakes are exceptionally high,” he added, “as a breach could jeopardize not just data but also the functioning of critical infrastructure, risking the safety of workers and the environment.”
