216979018 | Narongrit Sritana | Dreamstime

In reader survey, wide majority worries about OT vulnerabilities

April 19, 2024
Informal email poll of visitors to Smart Industry mirrors a February release of results from wider research that showed concern among over 1,000 security professionals about the extreme vulnerability of industrial operational technology to intrusion.

After results from a survey of 1,056 security professionals were released in February, showing industrial operational technology worldwide that is widely vulnerable to intrusion, we at Smart Industry got curious, so we emailed a single-question survey to our own readership that simply asked: What’s the alert level at your organization about OT security?

The results of the SI survey, at least when it comes to that one critical question, mirror those from the Ponemon Institute/Cyolo survey of security professionals in the U.S. and in Europe, the Middle East, and Africa. A large majority in the SI poll—76%—said they were “very concerned” or “somewhat concerned” about OT security in their manufacturing operations.

See also: Industrial OT widely vulnerable to intrusion, survey finds

The other 24% who responded to the Smart Industry question, which was emailed to readers on April 8, said they weren’t at all concerned about OT security or that they possessed no knowledge about their organization’s level of concern.

Gaps, little visibility into OT to know about vulnerabilities

The February Ponemon/Cyolo report identifies significant gaps in securing access to connected OT environments. It also revealed that most industrial organizations—73%—lack visibility into their OT assets, so they don't even know about their possible vulnerabilities. A bare majority—55%—of that report's respondents believed their organizations “effectively” or “very effectively” mitigated risks and security threats to the OT environment.

Moreover, only 27% of respondents said their organizations maintain accurate inventories of OT assets. Also, 69% said their organizations have either no inventories or inaccurate and outdated inventories, and the remaining 5% were unsure about the state of their asset inventories.

“Our world has become increasingly interconnected, and the findings of this report highlight the vital need for organizations to re-evaluate and enhance their strategies for ensuring secure access into OT environments,” Larry Ponemon, chairman and founder of the Michigan-based Ponemon Institute, said when the survey results were released. Ponemon’s partner in the research was Israel-based remote access management solution provider Cyolo.

See also: Maximum security? How multifactor authentication is being defeated

The report, titled “Managing Access & Risk in the Increasingly Connected Operational Technology (OT) Environment,” reveals that many industrial organizations lack the resources, expertise, and collaborative processes to effectively mitigate threats and ensure secure access to OT systems.

“Ensuring secure access to OT environments is about more than just cybersecurity,” the Feb. 21 release distributed by Cyolo said. “These environments contain highly sensitive systems and critical infrastructure responsible for keeping manufacturing lines running, water and electricity flowing, and performing other tasks vital to the smooth functioning of our communities.”

See also: Air gapping OT assets may be the only sure way to shield critical infrastructure

“We are at a crucial point in the evolution of OT security, and the need to secure access to critical systems from internal and external threats is more urgent than ever,” said Joe O'Donnell, who is executive VP of corporate development and general manager of OT at Cyolo.

“The stakes are exceptionally high,” he added, “as a breach could jeopardize not just data but also the functioning of critical infrastructure, risking the safety of workers and the environment.”

About the Author

Scott Achelpohl

I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.